A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats

Julio Yair Rivera; Ángel D. Pinto Mangones; Nelson A. Pérez García; Mónica Karel Huerta; César Viloria Núñez; Frank Ibarra Hernández; Juan Torres Tovio; Horderlin Robles Vega; Jorge Enrique De la Rosa Pareja

doi:10.1109/CLEI67442.2025.11420318

A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats

Julio Yair Rivera
, Ángel D. Pinto Mangones
, Nelson A. Pérez García
, Mónica Karel Huerta
, César Viloria Núñez
, Frank Ibarra Hernández
, Juan Torres Tovio
, Horderlin Robles Vega
, Jorge Enrique De la Rosa Pareja

Sede Cuenca

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Large-Language-Model (LLM) functionality is rapidly becoming a cornerstone of Telemedicine-as-a-Service (PGaaS) platforms. Recent Q1 studies demonstrate that even minuscule training-set or parameter perturbations can introduce persistent back-doors, while inference pipelines leak protected health information (PHI) if left unguarded. Building on the NIST AI Risk Management Framework (AI RMF), this paper proposes and implements a zero-trust, multi-cloud security architecture that couples (i) knowledge-graph–driven data-integrity validation, (ii) containerised fine-tuning isolation, (iii) AI-RMF–centred governance and continuous risk registers, (iv) a privacy-preserving response-sanitisation gateway enhanced with one-time-password (OTP) and KYC identity binding, and (v) remote-attestation-backed zero-knowledge-proof (ZKP) integrity challenges for model weights at runtime. An extensive multi-cloud evaluation shows that the framework detects 94.6 % of tainted samples before ingestion and blocks 91.3 % of unsafe outputs, with a median latency overhead of 66 ms—well below clinical tele-consultation thresholds.

Original language	English
Title of host publication	Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798331594534
DOIs	https://doi.org/10.1109/CLEI67442.2025.11420318
State	Published - 2025
Event	51st Latin American Computer Conference, CLEI 2025 - Valparaiso, Chile Duration: 27 Oct 2025 → 31 Oct 2025

Publication series

Name	Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025

Conference

Conference	51st Latin American Computer Conference, CLEI 2025
Country/Territory	Chile
City	Valparaiso
Period	27/10/25 → 31/10/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

AI Risk Management Framework
Cloud Security
Data/Weight Poisoning
KYC
Large Language Models
OTP
OWASP LLM Top-10
PGaaS
Privacy Preservation
Telemedicine
Zero Trust
ZKP

Access to Document

10.1109/CLEI67442.2025.11420318

Cite this

Yair Rivera, J., Pinto Mangones, Á. D., Pérez García, N. A., Huerta, M. K., Viloria Núñez, C., Ibarra Hernández, F., Torres Tovio, J., Robles Vega, H., & De la Rosa Pareja, J. E. (2025). A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats. In Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025 (Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CLEI67442.2025.11420318

Yair Rivera, Julio ; Pinto Mangones, Ángel D. ; Pérez García, Nelson A. et al. / A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service : Mitigating Poisoning, Leakage and Unsafe-Output Threats. Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025. Institute of Electrical and Electronics Engineers Inc., 2025. (Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025).

@inproceedings{f6b4a2a0bb2c431b8e3ac8d288e0c82b,

title = "A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats",

abstract = "Large-Language-Model (LLM) functionality is rapidly becoming a cornerstone of Telemedicine-as-a-Service (PGaaS) platforms. Recent Q1 studies demonstrate that even minuscule training-set or parameter perturbations can introduce persistent back-doors, while inference pipelines leak protected health information (PHI) if left unguarded. Building on the NIST AI Risk Management Framework (AI RMF), this paper proposes and implements a zero-trust, multi-cloud security architecture that couples (i) knowledge-graph–driven data-integrity validation, (ii) containerised fine-tuning isolation, (iii) AI-RMF–centred governance and continuous risk registers, (iv) a privacy-preserving response-sanitisation gateway enhanced with one-time-password (OTP) and KYC identity binding, and (v) remote-attestation-backed zero-knowledge-proof (ZKP) integrity challenges for model weights at runtime. An extensive multi-cloud evaluation shows that the framework detects 94.6 \% of tainted samples before ingestion and blocks 91.3 \% of unsafe outputs, with a median latency overhead of 66 ms—well below clinical tele-consultation thresholds.",

keywords = "AI Risk Management Framework, Cloud Security, Data/Weight Poisoning, KYC, Large Language Models, OTP, OWASP LLM Top-10, PGaaS, Privacy Preservation, Telemedicine, Zero Trust, ZKP",

author = "\{Yair Rivera\}, Julio and \{Pinto Mangones\}, \{{\'A}ngel D.\} and \{P{\'e}rez Garc{\'i}a\}, \{Nelson A.\} and Huerta, \{M{\'o}nica Karel\} and \{Viloria N{\'u}{\~n}ez\}, C{\'e}sar and \{Ibarra Hern{\'a}ndez\}, Frank and \{Torres Tovio\}, Juan and \{Robles Vega\}, Horderlin and \{De la Rosa Pareja\}, \{Jorge Enrique\}",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 51st Latin American Computer Conference, CLEI 2025 ; Conference date: 27-10-2025 Through 31-10-2025",

year = "2025",

doi = "10.1109/CLEI67442.2025.11420318",

language = "English",

series = "Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025",

address = "United States",

}

Yair Rivera, J, Pinto Mangones, ÁD, Pérez García, NA, Huerta, MK, Viloria Núñez, C, Ibarra Hernández, F, Torres Tovio, J, Robles Vega, H & De la Rosa Pareja, JE 2025, A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats. in Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025. Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025, Institute of Electrical and Electronics Engineers Inc., 51st Latin American Computer Conference, CLEI 2025, Valparaiso, Chile, 27/10/25. https://doi.org/10.1109/CLEI67442.2025.11420318

A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats. / Yair Rivera, Julio; Pinto Mangones, Ángel D.; Pérez García, Nelson A. et al.
Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025. Institute of Electrical and Electronics Engineers Inc., 2025. (Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service

T2 - 51st Latin American Computer Conference, CLEI 2025

AU - Yair Rivera, Julio

AU - Pinto Mangones, Ángel D.

AU - Pérez García, Nelson A.

AU - Huerta, Mónica Karel

AU - Viloria Núñez, César

AU - Ibarra Hernández, Frank

AU - Torres Tovio, Juan

AU - Robles Vega, Horderlin

AU - De la Rosa Pareja, Jorge Enrique

PY - 2025

Y1 - 2025

N2 - Large-Language-Model (LLM) functionality is rapidly becoming a cornerstone of Telemedicine-as-a-Service (PGaaS) platforms. Recent Q1 studies demonstrate that even minuscule training-set or parameter perturbations can introduce persistent back-doors, while inference pipelines leak protected health information (PHI) if left unguarded. Building on the NIST AI Risk Management Framework (AI RMF), this paper proposes and implements a zero-trust, multi-cloud security architecture that couples (i) knowledge-graph–driven data-integrity validation, (ii) containerised fine-tuning isolation, (iii) AI-RMF–centred governance and continuous risk registers, (iv) a privacy-preserving response-sanitisation gateway enhanced with one-time-password (OTP) and KYC identity binding, and (v) remote-attestation-backed zero-knowledge-proof (ZKP) integrity challenges for model weights at runtime. An extensive multi-cloud evaluation shows that the framework detects 94.6 % of tainted samples before ingestion and blocks 91.3 % of unsafe outputs, with a median latency overhead of 66 ms—well below clinical tele-consultation thresholds.

AB - Large-Language-Model (LLM) functionality is rapidly becoming a cornerstone of Telemedicine-as-a-Service (PGaaS) platforms. Recent Q1 studies demonstrate that even minuscule training-set or parameter perturbations can introduce persistent back-doors, while inference pipelines leak protected health information (PHI) if left unguarded. Building on the NIST AI Risk Management Framework (AI RMF), this paper proposes and implements a zero-trust, multi-cloud security architecture that couples (i) knowledge-graph–driven data-integrity validation, (ii) containerised fine-tuning isolation, (iii) AI-RMF–centred governance and continuous risk registers, (iv) a privacy-preserving response-sanitisation gateway enhanced with one-time-password (OTP) and KYC identity binding, and (v) remote-attestation-backed zero-knowledge-proof (ZKP) integrity challenges for model weights at runtime. An extensive multi-cloud evaluation shows that the framework detects 94.6 % of tainted samples before ingestion and blocks 91.3 % of unsafe outputs, with a median latency overhead of 66 ms—well below clinical tele-consultation thresholds.

KW - AI Risk Management Framework

KW - Cloud Security

KW - Data/Weight Poisoning

KW - KYC

KW - Large Language Models

KW - OTP

KW - OWASP LLM Top-10

KW - PGaaS

KW - Privacy Preservation

KW - Telemedicine

KW - Zero Trust

KW - ZKP

UR - https://www.scopus.com/pages/publications/105037107131

U2 - 10.1109/CLEI67442.2025.11420318

DO - 10.1109/CLEI67442.2025.11420318

M3 - Conference contribution

AN - SCOPUS:105037107131

T3 - Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025

BT - Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 27 October 2025 through 31 October 2025

ER -

Yair Rivera J, Pinto Mangones ÁD, Pérez García NA, Huerta MK, Viloria Núñez C, Ibarra Hernández F et al. A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats. In Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025. Institute of Electrical and Electronics Engineers Inc. 2025. (Proceedings - 2025 51st Latin American Computer Conference, CLEI 2025). doi: 10.1109/CLEI67442.2025.11420318

A Zero-Trust, AI-RMF–Governed Architecture for LLM-Enabled Telemedicine-as-a-Service: Mitigating Poisoning, Leakage and Unsafe-Output Threats

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Cite this