AI and Cyber Risk: The CISO's Governance Framework for AI Security

AI as threat amplifier

AI dramatically lowers the cost and increases the sophistication of cyberattacks in ways that affect every organisation's threat model. Spear phishing using AI-generated personalised content is now indistinguishable from legitimate communications to most recipients and can be generated at scale without the manual research that previously limited sophisticated social engineering attacks. AI voice cloning enables telephone-based fraud that can impersonate specific executives with high fidelity. AI-assisted vulnerability research accelerates the identification of exploitable weaknesses in software. And AI malware can adapt its behaviour to evade detection by signature-based security tools.

The CISO governance implication: the threat model for every organisation has materially changed, and controls calibrated to the pre-AI threat landscape are likely inadequate. Security awareness training must address AI-enhanced social engineering. Technical controls must include AI-aware threat detection. And incident response plans must account for AI-assisted attacks that operate at speeds and with sophistication that makes human-speed response inadequate.

AI as attack surface: securing AI systems

AI systems themselves are new attack surfaces that traditional security frameworks were not designed to assess. Prompt injection attacks — where malicious instructions embedded in data processed by an AI system manipulate the AI's behaviour — have been demonstrated against major enterprise AI deployments. An AI system that summarises emails, if prompted through a malicious email to exfiltrate sensitive information, becomes a data loss channel. An AI customer service agent, if manipulated through adversarial prompts in customer communications, may provide unauthorised discounts, reveal confidential information, or take actions outside its intended scope. The security controls for AI systems must address these attack vectors — input validation, output monitoring, and privilege limitation for AI actions are AI-specific security requirements that supplement conventional application security controls.