Network segmentation, MCP, and how to make AI trustworthy

Like parents on the playground, IT pros handling AI have a crucial decision to make: Is it time to remove this little one from the sandbox?

In the case of IT, this means AI models that are not yet trusted to access different parts of the network, which may hold sensitive data, so they’re isolated in a secure testing environment.

Leveraging AI without putting the company in a vulnerable position means putting guardrails into place. That’s why it’s necessary to have a sandbox for network and staging development, Ledger’s CTO Charles Guillemet told IT Brew. Running a security evaluation before deployment is always a good idea for professionals who want to leverage AI to its fullest extent.

“AI [tools] are not deterministic, and there are different studies that prove that AI could do the opposite of what you [wanted] under certain circumstances, so definitely you can’t really trust an AI,” Guillemet said. “If you implement an AI, give it access to sensitive data, but also to the internet and so on…you would expect the AI to keep this data confidential. There is no way to ensure this and to enforce this, so you need to create the conditions that will prevent the AI [from doing] that.”

The segmenting of it all. Strict segmentation could be the solution for those who want to keep AI interacting with a specific part of the network, Jim Dolce, CEO of Lookout, told IT Brew.

Guillemet said that companies should examine its data classifications and segment the network accordingly in order to keep AI away from data sets that are marked as more sensitive. IT professionals, he added, should implement guardrails so AI can’t access data that “you really don’t want to be leaked.”

Robert Barton, distinguished engineer at Cisco and field CTO for its AI software platform group, said strict segmentation is something his team has “been preaching for years.”

The issue with network segmentation, Barton said, is that AI tools demand agility and flexibility from companies, and placing them in a sandbox could limit their capabilities.

“We’ve got this tug-of-war that’s happening right now where the traditional thinking is [to] segment everything, sandbox everything, and then you have really tight policy controls,” Barton said. “But then these AI models might be sitting in the cloud…And you need them for certain tasks. Hard to do that if everything’s sandboxed.”

Talkin’ MCP and A2A. With the industry integrating the latest AI technologies into the enterprise’s tech stack, including agentic AI, protocols used to build agentic systems may pose a significant security risk.

Model Context Protocol (MCP), and other protocols like agent to agent (A2A) might be key for agentic systems, but Barton cautions “they’re not really built with security in mind at all.”

However, IT pros building with AI must embrace those protocols if they want to build groundbreaking products. “It’s almost like saying that I’m not going to use the internet because it might be insecure,” Barton said. “And companies were taking that stand in the 90s, and they’re out of business or they fell way behind.”

Guillemet suggested that professionals be vigilant with MCP, even with a segmented network, since the protocol is “already like a server that is running on your machine.”