AI Data Centres Are Being Built at Speed. Security Is Not Keeping Up.

A new report finds that the same assumptions baked into traditional data centres are being carried straight into AI facilities, where the stakes are much higher and the blast radius is far wider.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial overhead shot of a developer workstation at dusk, glowing IDE on a dark monitor with abstract plugin tiles floating above the keyboard,
Share

Key points

  • Security firm Lava Labs published a report in 2025 identifying ten ranked security risks specific to AI data centres, which it calls the "Forge" list.
  • AI data centres handle workloads from many unrelated companies at once, meaning a single breach can spill across customers who have nothing to do with each other.
  • The five highest-ranked risks operate below the operating system level, making them extremely hard to detect and capable of taking down an entire cluster of machines.
  • GPU processors, the specialist chips that power AI, are often sourced from whatever suppliers are available, which can introduce hardware with weaker security built in from the start.
  • Lava Labs concludes that builders are treating AI facilities like upgraded traditional data centres, which they are not.

A data centre is, at its simplest, a building full of computers that store and process information on behalf of other organisations. For decades the model was stable: known customers, predictable workloads, servers that mostly worked independently of each other.

AI broke that model.

AI workloads need enormous computing power delivered all at once. That requires a different kind of facility, one where thousands of specialist processors, called GPUs (graphics processing units, the chips originally designed for video games and now repurposed for AI calculations), work together as a single coordinated machine. The customers sharing that machine may be completely unrelated businesses, their data and code running side by side.

Security firm Lava Labs spent time examining what that shift actually means for security, and the findings are uncomfortable reading for anyone building or buying capacity in these facilities.

Could one customer's data end up exposed to another customer's staff?

Yes, that is precisely the risk Lava Labs flags most prominently. When unrelated companies share the same physical hardware and that hardware gets reassigned between them, the walls between those customers need to be airtight. In practice, Lava Labs found, they frequently are not.

The firm ranked ten risks in order of severity, labelling them Forge 01 through Forge 10. The top five are the ones that should keep facility operators awake at night. They operate below the operating system, meaning below the layer most security tools even look at. Firmware, which is the low-level software permanently installed on a piece of hardware, can be tampered with in ways that leave no obvious trace. The high-speed internal networks connecting GPU clusters, products such as InfiniBand and NVLink, often carry data without encryption and with little monitoring. A criminal who gets a foothold there can move sideways across an entire facility.

The failure mode here is straightforward. Builders are copying the design playbook from traditional data centres because it is the playbook they know. The Lava Labs report states directly that systems originally built for trusted operators are now running high-value workloads from strangers.

For ordinary people, the consequence is indirect but real. If your bank, your hospital, or your favourite retailer is running AI services inside one of these facilities, a breach at the infrastructure level could reach their data without anyone breaking into their own systems at all.

If you are a customer of any organisation that uses cloud-based AI services, the practical step is the same one that always applies: watch for unexpected communications claiming to be from companies you use, and report anything that looks wrong.

One thing the post-mortem will say, when this eventually happens at scale, is that nobody thought the old data centre rulebook needed rewriting.

© 2026 Threat Vectr