AI for Cyber Security Teams in Australia: Governance, Risk and What ACSC Expects

Security teams as both users and governors of AI

Security teams occupy a unique position: major users of AI — deploying AI-powered SIEM, anomaly detection, threat intelligence, and AI-assisted incident response — while simultaneously expected to govern the organisations AI use more broadly, assessing AI tools purchased by other teams and responding to AI-related incidents.

ACSC guidance on AI security risks

The Australian Cyber Security Centre has published guidance identifying key AI security risk categories: adversarial attacks on AI models; training data poisoning; model theft; and prompt injection attacks on large language models. For security operations teams managing AI systems, these are operational risk considerations requiring active controls, not theoretical concerns.

AI-generated threats are a second category. AI-generated spear-phishing, voice cloning for impersonation attacks, and deepfake video in business email compromise are documented active threats in Australian enterprise environments. Security awareness programs must address AI-generated content specifically.

Essential Eight and AI systems

The ESSential Eight does not yet have AI-specific controls, but existing controls apply directly:

Application control: AI tools should be subject to application control policies. Unauthorised AI tools should not run on corporate systems — requiring an approved AI tool list and controls on shadow AI use.

Patching: AI tools, APIs and model hosting infrastructure are software requiring patching. Include AI systems in vulnerability management and patching cycles.

Multi-factor authentication: Access to AI tools and their management interfaces should require MFA, particularly for systems with access to sensitive data.

Security review of procured AI tools

When reviewing AI tools proposed by other business units, assess: data handling — where does data go, how long is it retained, who can access it; model training — are inputs used to train the model; incident response — what is the vendors notification timeline; supply chain — what third-party components does the AI rely on; and data sovereignty — where is data processed and does this comply with Australian requirements for sensitive data categories.

For APRA-regulated entities, AI tools supporting critical operations are likely material service providers under CPS 230 (in force July 2025), triggering formal service provider management requirements.

AI in your own security operations

AI tools deployed within security operations — AI-assisted SIEM, automated threat detection, AI-powered playbooks — should be subject to the organisations AI governance framework: registered in the AI system register, risk-assessed, and equipped with human oversight mechanisms for consequential outputs. An AI system triggering automated account suspension needs a human review pathway to manage false positives that cause operational disruption.