The convergence of AI and cloud computing in critical cyber-physical systems introduces cross-layer attack risks, yet existing security and governance frameworks lack lifecycle-wide coordination. This work proposes a unified security architecture spanning data, models, and runtime environments, introducing a novel threat taxonomy grounded in attacker capability tiers. By integrating standards including NIST AI RMF, MITRE ATLAS, OWASP AI Exchange, CSA MAESTRO, and NERC CIP, the framework enables automated, coordinated defense mechanisms. Demonstrated in the Grid-Guard case study for power transmission, the architecture is the first to simultaneously satisfy AI governance, adversarial robustness, agent safety, and industrial compliance requirements within a single cloud-native platform, successfully mitigating multi-layered physical-financial manipulation attacks.

The convergence of Artificial Intelligence (AI) inference pipelines with cloud infrastructure creates a dual attack surface where cloud security standards and AI governance frameworks intersect without unified enforcement mechanisms. AI governance, cloud security, and industrial control system standards intersect without unified enforcement, leaving hybrid deployments exposed to cross-layer attacks that threaten safety-critical operations. This paper makes three primary contributions: (i) we synthesize these frameworks into a lifecycle-staged threat taxonomy structured around explicit attacker capability tiers, (ii) we propose a Unified Reference Architecture spanning a Secure Data Factory, a hardened model supply chain, and a runtime governance layer, (iii) we present a case study through Grid-Guard, a hybrid Transmission System Operator scenario in which coordinated defenses drawn from NIST AI RMF, MITRE ATLAS, OWASP AI Exchange and GenAI, CSA MAESTRO, and NERC CIP defeat a multi-tier physical-financial manipulation campaign without human intervention. Controls are mapped against all five frameworks and current NERC CIP standards to demonstrate that a single cloud-native architecture can simultaneously satisfy AI governance, adversarial robustness, agentic safety, and industrial regulatory compliance obligations.