I will showcase the value of a systems approach to AI Security. Unlike current methods that focus on protecting machine learning models in isolation, the systems approach examines end-to-end properties and focuses on threats and defenses from that perspective. This approach secures real world computer systems from powerful adversaries and my thesis is that its principles can be adapted to protect AI systems. As evidence, I will discuss my group's work in discovering realistic threats on modern AI systems. I will also discuss work on improving the infrastructure supporting AI systems with a particular focus on authorization protocols that allow AI systems to access external resources.