New Delhi: Check Point has released the ‘AI Factory Security Architecture Blueprint.’ It is a comprehensive, vendor-tested reference architecture for securing private AI infrastructure from the hardware layer to the application layer.
It leverages Check Point’s firewall and AI security technologies and builds on NVIDIA BlueField data-processing capabilities. The blueprint delivers security-by-design across every layer of the AI factory and data center.
Speaking about the development, Nataly Kremer, Chief Product Officer of Check Point, said, “AI infrastructure has become one of the most valuable and vulnerable assets in the enterprise. The AI Factory Security Blueprint is how we help organisations protect those investments—not as an afterthought, but from the ground up, through every layer of the stack.”
According to the company, the Check Point AI Factory Security Blueprint delivers layered protection at four levels:
Perimeter Layer: Check Point Maestro Hyperscale Firewall provides Zero Trust Network Access (ZTNA), virtual security group segmentation, and scalable policy enforcement at the entry point to the AI fabric, handling north-south traffic from external users, internet sites, and enterprise networks
Application and LLM Layer: Check Point AI Agent Security defends inference APIs and LLM endpoints against prompt injection, data exfiltration, adversarial queries, and API abuse, protection that traditional web application firewalls are not equipped to provide. Check Point AI Agent Security is integrated into Check Point Firewalls across cloud, virtual, and appliance form factors, Check Point WAF, and Check Point AI Factory Firewall.
AI Infrastructure Layer: In a tightly integrated collaboration with NVIDIA, Check Point embeds its firewall and threat prevention directly into NVIDIA BlueField data processing units (DPUs) via the NVIDIA DOCA software platform, delivering hardware-accelerated, inline security at the infrastructure level. This provides high-performance AI prompt defense and inspection of ingress and egress traffic without consuming CPU/GPU cycles, protecting NVIDIA compute servers, segmenting tenants, and enabling runtime threat detection through DOCA Argus on BlueField.
Workload and Container Layer: Check Point’s integration with 3rd-party microsegmentation solutions enables micro-segmentation and east-west traffic control within Kubernetes clusters, preventing lateral movement between inference namespaces and isolating compromised containers before they can propagate.
The blueprint is aligned with CISA’s principle that AI must be Secure by Design. This means security is embedded in the blueprint from its inception, rather than layered on top of systems already in production.
