Rethinking AI security architectures beyond Earth

If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that must stay secure while communicating through long, delay-prone links. A new study explores how AI could automate security for space systems and whether the best approach is to centralize control or spread it out.

Space security enters a new era

Commercial satellite constellations are changing how the space industry works. Dozens of companies now run networks for broadband, imaging, and navigation. As these systems grow, keeping them secure becomes a technical and operational challenge. Each satellite depends on constant communication with the ground, and every one of those links adds another potential risk.

AI is emerging as a way to manage those risks automatically. It can detect anomalies, spot malicious activity, and recommend countermeasures based on telemetry data. The question is where that intelligence should live. Should AI be trained and run on the ground, or should satellites handle some of the work themselves?

The architecture question: where should AI live?

The researchers outline three architectures: centralized, distributed, and federated. In a centralized model, the heavy lifting happens on Earth. Satellites send telemetry data to a large AI system, which analyzes it and sends back security updates. Training is fast because powerful ground-based resources are available, but the response to threats is slower due to long transmission times.

In a distributed model, satellites still rely on the ground for training but perform inference locally. This setup reduces delay when responding to a threat, though smaller onboard systems can limit model accuracy.

Federated learning goes a step further. Satellites train and infer on their own data without sending it to Earth. They share only model updates with other satellites and ground stations. This keeps latency low and improves privacy, but synchronizing models across a large constellation can be difficult.

Space AI architectures: (a) centralized, (b) distributed, (c) federated

Centralization makes a comeback

According to co-author Noam Schmitt, there is a visible shift back toward centralization in commercial satellite operations. “The trend towards centralized architectures, where operations are ground-based, is noticeable in various areas,” he explained. “From a commercial perspective, AWS has launched AWS Ground Station, which centralizes data and management of satellites on their data centers. This includes direct integration with their AI platform Amazon SageMaker and their Digital Twin functionality. This strategy also seems to be replicated with their Kuiper constellation.”

Schmitt added that other providers are following a similar path. “Microsoft’s Azure Orbital, now part of SLI, and Google Cloud’s partnership with SpaceX show that major players are aligning around central control. From a hardware perspective, there is currently no major player using onboard AI in satellites. NASA is testing onboard AI for observation satellites, but large-scale deployment remains far away.”

He noted that better bandwidth between satellites and the ground, along with fewer hardware limitations on Earth, are key factors driving this shift.

Performance trade-offs every CISO will recognize

The team tested centralized and federated setups using simulations that measured accuracy and latency. Centralized learning reached target accuracy about thirteen times faster than the largest federated configuration. Yet the centralized model had higher inference latency, which grew as more satellites were added. Federated setups kept latency stable even as the network expanded.

In other words, centralized systems are faster to train but slower to react. Federated designs take longer to train but handle live detection more quickly.

The reality of security incidents

Robert Byrne, Field Strategist at One Identity, told Help Net Security that architecture choices must also be viewed through the lens of recovery and resilience. “In the event of a major cybersecurity incident, it must be assumed that all components of the satellite infrastructure have been compromised. This includes the Ground, Space, and User segments, each of which will require recovery procedures,” he said.

Byrne pointed out that while space-based architectures vary in resilience, recovery often depends on shared fundamentals. “Most systems across all segments will need to be restored from secure backups,” he said. “One architectural enhancement to help reduce recovery time is the implementation of distributed Inter-Satellite Links. These links enable faster propagation of recovery updates between satellites, minimizing latency and accelerating system-wide restoration.”

He added that threats such as DDoS attacks, signal jamming, and eavesdropping continue to grow, often influenced by geopolitical tensions. But in his view, the most vulnerable component remains people. “Social engineering and phishing attacks continue to be the most cost-effective and successful methods for compromising control systems, particularly within Satellite Control Centers,” Byrne said. He suggested that applying zero trust identity frameworks and emerging decentralized identity solutions could reduce the risk of human-driven compromise.

What could come next in AI-driven defense

The authors plan to expand their work beyond performance testing. They want to explore how different architectures handle threats such as tenant isolation and data confidentiality. They also mention digital twins and split learning as promising additions. Digital twins could simulate the constellation and test countermeasures before deployment, while split learning could reduce data transfer by splitting inference between satellites and ground stations.

Hybrid approaches may also emerge. In those systems, satellites could handle immediate detection, and the ground could manage training and long-term analysis. That mix could offer better scalability and faster incident response without overloading the satellites’ computing resources.

Lessons that reach far beyond space

Although the research centers on space, the same design questions apply to many other areas. Distributed manufacturing systems, connected cars, and energy grids all depend on reliable communication and fast detection. The way these satellite networks handle data and security could influence how AI-driven defense evolves across industries.

Centralized control simplifies oversight but can slow down reaction time. Decentralized systems demand more coordination but offer faster responses and better resilience. The best solution depends on context.