Dieser Artikel ist derzeit auf Englisch verfügbar.
AI for Cyber Security Teams in Australia: Governance, Risk and What ACSC Expects
Security teams are both AI users and AI governors — defending against AI-enabled threats while deploying AI tools themselves. The ACSC's guidance, Essential Eight alignment, and practical governance obligations explained.
Key Takeaways
Security teams face a dual obligation: governing the organisations AI use and defending against AI-enabled threats — adversaries using AI to automate and personalise attacks at scale.
The Australian Cyber Security Centre has published guidance on AI security risks including adversarial attacks on AI models, training data poisoning, model theft, and AI-generated social engineering. Security teams must assess these threats specifically.
The Essential Eight Maturity Model does not yet include AI-specific controls, but application control, patching and MFA requirements apply directly to AI tools and their supporting infrastructure.
AI-generated phishing, voice cloning for executive impersonation, and deepfake-enabled business email compromise are documented active threats in Australian enterprise environments. Generic phishing awareness training is no longer sufficient.
Security reviews of AI tools should cover: data handling and storage; model training practices and whether inputs train the model; incident response capability and notification timelines; supply chain risk; and data sovereignty compliance for Australian personal information.
For APRA-regulated entities, CPS 230 in force from July 2025 requires AI systems supporting critical operations to have documented service provider management and resilience controls, including cloud-hosted AI APIs used as material services.
"Nur zu Informationszwecken. Dieser Artikel stellt keine rechtliche, regulatorische, finanzielle oder professionelle Beratung dar. Konsultieren Sie einen qualifizierten Spezialisten für spezifische Beratung."
Security teams as both users and governors of AI
Security teams occupy a unique position: major users of AI — deploying AI-powered SIEM, anomaly detection, threat intelligence, and AI-assisted incident response — while simultaneously expected to govern the organisations AI use more broadly, assessing AI tools purchased by other teams and responding to AI-related incidents.
ACSC guidance on AI security risks
The Australian Cyber Security Centre has published guidance identifying key AI security risk categories: adversarial attacks on AI models; training data poisoning; model theft; and prompt injection attacks on large language models. For security operations teams managing AI systems, these are operational risk considerations requiring active controls, not theoretical concerns.
AI-generated threats are a second category. AI-generated spear-phishing, voice cloning for impersonation attacks, and deepfake video in business email compromise are documented active threats in Australian enterprise environments. Security awareness programs must address AI-generated content specifically.
Essential Eight and AI systems
The ESSential Eight does not yet have AI-specific controls, but existing controls apply directly:
Application control: AI tools should be subject to application control policies. Unauthorised AI tools should not run on corporate systems — requiring an approved AI tool list and controls on shadow AI use.
Patching: AI tools, APIs and model hosting infrastructure are software requiring patching. Include AI systems in vulnerability management and patching cycles.
Multi-factor authentication: Access to AI tools and their management interfaces should require MFA, particularly for systems with access to sensitive data.
Security review of procured AI tools
When reviewing AI tools proposed by other business units, assess: data handling — where does data go, how long is it retained, who can access it; model training — are inputs used to train the model; incident response — what is the vendors notification timeline; supply chain — what third-party components does the AI rely on; and data sovereignty — where is data processed and does this comply with Australian requirements for sensitive data categories.
For APRA-regulated entities, AI tools supporting critical operations are likely material service providers under CPS 230 (in force July 2025), triggering formal service provider management requirements.
AI in your own security operations
AI tools deployed within security operations — AI-assisted SIEM, automated threat detection, AI-powered playbooks — should be subject to the organisations AI governance framework: registered in the AI system register, risk-assessed, and equipped with human oversight mechanisms for consequential outputs. An AI system triggering automated account suspension needs a human review pathway to manage false positives that cause operational disruption.