Technical
Foundation Model
A large AI model trained on broad data that serves as the base for many downstream applications and tools.
A foundation model is a large-scale AI model (typically a large language model or multimodal model) trained on massive datasets that can be adapted for a wide variety of tasks. Examples include GPT-4, Claude, Gemini, and Llama. Foundation models are significant because:
- Most enterprise AI tools are built on top of a small number of foundation models
- A vulnerability or change in a foundation model affects every tool built on it
- Foundation model vendors (OpenAI, Anthropic, Google, Meta) have significant influence over the AI ecosystem
- Regulatory treatment of foundation models differs from application-layer tools
For security teams, understanding which foundation model powers an AI tool is critical for risk assessment — it determines data handling practices, capability scope, and supply chain risk.
Why it matters
If your organization uses 50 AI tools and 40 of them run on GPT-4, you don't have 50 independent risk assessments — you have significant concentration risk on a single foundation model provider.