A method and system of protecting an artificial intelligence (AI) application are provided. Parameters of the AI application are identified. An assessment of a vulnerability of the AI application is performed, including: applying a combination of protection measures comprising two or more protection measures against at least two different attacks and at least one dataset, and determining whether the combination of protection measures is successful in defending the AI application. A target configuration of an AI model to protect the AI application is determined based on the assessed vulnerability of the AI application. An AI enhanced algorithm is determined to adjust the AI model to include a combination of most computationally efficient defenses based on the target configuration. The adjusted AI model is used to protect the AI application.