AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible for AI Security: Protect Models, APIs & Data Pipelines (2026 Guide)

By Luca Berton · Published 2024-01-01 · Category: troubleshooting

Complete guide to AI security automation with Ansible. Protect LLM API endpoints, secure model artifacts, harden ML training pipelines, implement prompt.

AI security is now a platform category. Gartner lists AI security platforms among its 2026 strategic technology trends as AI gets embedded across enterprise operations. Ansible automates the security hardening of AI infrastructure — from protecting LLM endpoints to securing model artifacts to enforcing governance policies.

AI Security Attack Surface

┌──────────────────────────────────────────┐
│              Attack Vectors              │
├──────────┬───────────┬───────────────────┤
│ Model    │ Data      │ Infrastructure    │
│ Attacks  │ Attacks   │ Attacks           │
├──────────┼───────────┼───────────────────┤
│ Prompt   │ Training  │ API endpoint      │
│ injection│ data      │ exposure          │
│          │ poisoning │                   │
│ Model    │ Data      │ Container         │
│ theft    │ exfil via │ escape            │
│          │ outputs   │                   │
│ Jailbreak│ PII in    │ GPU driver        │
│          │ prompts   │ vulnerabilities   │
└──────────┴───────────┴───────────────────┘

See also: AI DevOps Ansible Community on Skool

Secure LLM API Endpoints

- name: Secure LLM inference endpoints
  hosts: inference_servers
  become: true
  tasks:
    - name: Deploy API gateway with rate limiting
      community.docker.docker_container:
        name: ai-api-gateway
        image: envoyproxy/envoy:v1.31-latest
        state: started
        ports:
          - "443:8443"
        volumes:
          - /etc/envoy:/etc/envoy:ro
          - /etc/ssl/ai:/etc/ssl/ai:ro

    - name: Configure rate limiting for LLM endpoints
      ansible.builtin.copy:
        content: |
          static_resources:
            listeners:
              - name: llm_listener
                address:
                  socket_address: { address: 0.0.0.0, port_value: 8443 }
                filter_chains:
                  - filters:
                      - name: envoy.filters.network.http_connection_manager
                        typed_config:
                          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                          route_config:
                            virtual_hosts:
                              - name: llm_api
                                domains: ["*"]
                                routes:
                                  - match: { prefix: "/v1/chat/completions" }
                                    route: { cluster: vllm_backend }
                                rate_limits:
                                  - actions:
                                      - request_headers:
                                          header_name: "Authorization"
                                          descriptor_key: "api_key"
                                    stage: 0
                          http_filters:
                            - name: envoy.filters.http.ratelimit
                              typed_config:
                                domain: llm_api
                                rate_limit_service:
                                  grpc_service:
                                    envoy_grpc:
                                      cluster_name: rate_limit_service
        dest: /etc/envoy/envoy.yaml
      notify: restart envoy

    - name: Configure firewall for inference ports
      ansible.posix.firewalld:
        port: "{{ item }}/tcp"
        permanent: true
        state: enabled
        zone: internal
      loop:
        - "8000"    # vLLM internal only
        - "8001"    # Triton gRPC internal only
      # Only API gateway port 443 exposed externally

Secure Model Artifacts

- name: Protect model files and weights
  hosts: model_servers
  become: true
  tasks:
    - name: Set model directory permissions
      ansible.builtin.file:
        path: /models
        state: directory
        owner: ai-service
        group: ai-service
        mode: '0750'
        recurse: true

    - name: Create encrypted model storage
      community.crypto.luks_device:
        device: /dev/sdb
        state: opened
        name: model_crypt
        keyfile: /etc/keys/model-encryption.key
      no_log: true

    - name: Mount encrypted model storage
      ansible.posix.mount:
        path: /models/secured
        src: /dev/mapper/model_crypt
        fstype: ext4
        state: mounted

    - name: Deploy model integrity verification
      ansible.builtin.cron:
        name: "Verify model checksums"
        minute: "0"
        hour: "*/4"
        job: >
          sha256sum -c /models/checksums.sha256 ||
          curl -X POST {{ vault_alert_webhook }}
          -d '{"text":"⚠️ Model integrity check failed on {{ inventory_hostname }}"}'
        user: ai-service

See also: Ansible for AI Infrastructure: Deploy LLMs, GPUs & ML Pipelines (2026 Guide)

Audit AI API Key Usage

- name: Manage AI service API keys
  hosts: ai_servers
  become: true
  tasks:
    - name: Deploy API key rotation script
      ansible.builtin.template:
        src: rotate-ai-keys.sh.j2
        dest: /opt/ai-security/rotate-keys.sh
        mode: '0700'
      no_log: true

    - name: Schedule API key rotation
      ansible.builtin.cron:
        name: "Rotate AI API keys"
        minute: "0"
        hour: "3"
        weekday: "0"    # Weekly on Sunday
        job: /opt/ai-security/rotate-keys.sh
        user: ai-service

    - name: Deploy API key audit logging
      ansible.builtin.copy:
        content: |
          # Log all API key usage
          log_format ai_access '$remote_addr - $http_x_api_key_hash [$time_local] '
                               '"$request" $status $body_bytes_sent '
                               '"tokens_in:$http_x_token_count_in" "tokens_out:$http_x_token_count_out"';
          access_log /var/log/ai/api-access.log ai_access;
        dest: /etc/nginx/conf.d/ai-logging.conf
      notify: reload nginx

Harden ML Training Pipelines

- name: Secure ML training environment
  hosts: training_nodes
  become: true
  tasks:
    - name: Isolate training network
      ansible.builtin.iptables:
        chain: OUTPUT
        destination: "0.0.0.0/0"
        jump: DROP
        comment: "Block training nodes from internet — prevent data exfiltration"
      # Allow only specific endpoints
    - name: Allow model registry access
      ansible.builtin.iptables:
        chain: OUTPUT
        destination: "{{ model_registry_ip }}"
        jump: ACCEPT
        comment: "Allow access to internal model registry"

    - name: Deploy training data access controls
      ansible.builtin.copy:
        content: |
          # Training data access policy
          /data/training/** r ai-training,
          /data/training/** w ai-training,
          /data/production/** deny,
          /models/output/** w ai-training,
        dest: /etc/apparmor.d/ai-training
      notify: reload apparmor

    - name: Configure audit logging for model access
      ansible.builtin.lineinfile:
        path: /etc/audit/rules.d/ai-security.rules
        line: "{{ item }}"
        create: true
      loop:
        - "-w /models/ -p rwxa -k model_access"
        - "-w /data/training/ -p rwxa -k training_data_access"
        - "-w /opt/ai/ -p x -k ai_execution"
      notify: restart auditd

See also: Ansible for Agentic AI: Automate Multi-Agent Systems Infrastructure (2026 Guide)

Prompt Injection Defense

- name: Deploy prompt injection defenses
  hosts: ai_gateway
  become: true
  tasks:
    - name: Deploy input sanitization proxy
      community.docker.docker_container:
        name: ai-input-filter
        image: "{{ ai_security_proxy_image }}"
        state: started
        restart_policy: unless-stopped
        ports:
          - "8080:8080"
        env:
          BACKEND_URL: "http://vllm:8000"
          MAX_INPUT_TOKENS: "4096"
          BLOCK_PATTERNS: "/etc/filter/block-patterns.yaml"
          LOG_LEVEL: "info"
        volumes:
          - /etc/ai-filter:/etc/filter:ro

    - name: Deploy prompt filtering rules
      ansible.builtin.copy:
        content: |
          # Prompt injection defense patterns
          block_patterns:
            - pattern: "ignore previous instructions"
              action: block
              log: true
            - pattern: "system prompt"
              action: flag
              log: true
            - pattern: "\\bexec\\b.*\\bshell\\b"
              action: block
              log: true

          token_limits:
            max_input: 4096
            max_output: 8192
            max_per_minute: 100

          content_policy:
            block_pii_in_output: true
            redact_patterns:
              - "\\b\\d{3}-\\d{2}-\\d{4}\\b"     # SSN
              - "\\b\\d{16}\\b"                    # Credit card
              - "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"  # Email
        dest: /etc/ai-filter/block-patterns.yaml
      notify: restart ai-input-filter

AI Governance and Compliance

- name: Enforce AI governance policies
  hosts: ai_servers
  become: true
  tasks:
    - name: Deploy model usage logging
      ansible.builtin.template:
        src: ai-governance.conf.j2
        dest: /etc/ai/governance.conf
      vars:
        policies:
          log_all_inferences: true
          require_model_card: true
          max_retention_days: 90
          allowed_models:
            - "meta-llama/Llama-3.1-*"
            - "mistralai/Mixtral-*"
          blocked_models:
            - "*uncensored*"
            - "*unfiltered*"
          require_human_review:
            - financial_decisions
            - medical_recommendations
            - legal_advice

    - name: Schedule compliance scan
      ansible.builtin.cron:
        name: "AI compliance audit"
        minute: "0"
        hour: "6"
        job: >
          /opt/ai-security/compliance-scan.sh |
          mail -s "AI Compliance Report {{ ansible_date_time.date }}" {{ compliance_email }}
        user: ai-security

FAQ

What are the main AI security threats in 2026?

The primary threats are prompt injection attacks, model theft, training data poisoning, PII leakage through model outputs, unsecured API endpoints, and container escape from GPU workloads. Ansible automates defenses against all of these.

How does Ansible protect LLM endpoints?

Ansible deploys API gateways with rate limiting, configures firewall rules to restrict inference port access, manages API key rotation, enables audit logging, and deploys input sanitization proxies that filter prompt injection attempts.

Can Ansible enforce AI governance policies?

Yes. Ansible deploys governance configurations that control which models are allowed, log all inferences, enforce retention policies, require model cards for deployed models, and schedule compliance audits. All policies are version-controlled in Git.

How do I prevent model theft with Ansible?

Encrypt model storage with LUKS, set strict file permissions, isolate model networks from internet access, enable audit logging on model directories, and verify model integrity with scheduled checksum verification.

Conclusion

AI security in 2026 is not optional — it's a prerequisite for production AI deployment. Ansible provides the automation to secure every layer: API endpoints, model artifacts, training pipelines, and governance policies. Version-controlled security playbooks ensure consistent, auditable AI security posture across your entire infrastructure.

Category: troubleshooting

Browse all Ansible tutorials · AnsiblePilot Home