この記事は現在英語でのみご利用いただけます。
AI and Cyber Risk: The CISO's Governance Framework for AI Security
AI creates new cybersecurity attack surfaces, enables more sophisticated attacks, and introduces AI-specific vulnerabilities like model poisoning and adversarial inputs. The integrated AI security and governance framework for CISOs.
Key Takeaways
AI creates three distinct cybersecurity governance challenges: AI as a threat amplifier (AI-enabled attacks), AI as an attack surface (securing AI systems themselves), and AI as a defensive tool (AI-powered security tools and their governance).
AI-specific attack vectors that CISOs must assess: prompt injection (manipulating AI outputs through crafted inputs), model poisoning (corrupting AI training data or models), adversarial examples (inputs designed to cause AI misclassification), and data extraction (recovering training data from AI models).
CPS 234 (APRA's information security standard), NIST Cybersecurity Framework, and ISO 27001 all apply to AI systems — AI systems are information assets and must be within the scope of the organisation's information security management system.
AI supply chain security is a specific CISO concern — AI models and training pipelines inherited from third parties may contain embedded vulnerabilities, backdoors, or malicious functionality that traditional security testing does not detect.
GenAI in the security operations centre: AI-powered security tools (SIEM AI, threat intelligence AI, incident response AI) require the same governance as other enterprise AI — their outputs must be supervised, their limitations understood, and their decision-making accountable.
"情報提供のみを目的としています。この記事は法律、規制、財務または専門的なアドバイスを構成するものではありません。具体的なアドバイスについては、資格を持つ専門家にご相談ください。"
AI as threat amplifier
AI dramatically lowers the cost and increases the sophistication of cyberattacks in ways that affect every organisation's threat model. Spear phishing using AI-generated personalised content is now indistinguishable from legitimate communications to most recipients and can be generated at scale without the manual research that previously limited sophisticated social engineering attacks. AI voice cloning enables telephone-based fraud that can impersonate specific executives with high fidelity. AI-assisted vulnerability research accelerates the identification of exploitable weaknesses in software. And AI malware can adapt its behaviour to evade detection by signature-based security tools.
The CISO governance implication: the threat model for every organisation has materially changed, and controls calibrated to the pre-AI threat landscape are likely inadequate. Security awareness training must address AI-enhanced social engineering. Technical controls must include AI-aware threat detection. And incident response plans must account for AI-assisted attacks that operate at speeds and with sophistication that makes human-speed response inadequate.
AI as attack surface: securing AI systems
AI systems themselves are new attack surfaces that traditional security frameworks were not designed to assess. Prompt injection attacks — where malicious instructions embedded in data processed by an AI system manipulate the AI's behaviour — have been demonstrated against major enterprise AI deployments. An AI system that summarises emails, if prompted through a malicious email to exfiltrate sensitive information, becomes a data loss channel. An AI customer service agent, if manipulated through adversarial prompts in customer communications, may provide unauthorised discounts, reveal confidential information, or take actions outside its intended scope. The security controls for AI systems must address these attack vectors — input validation, output monitoring, and privilege limitation for AI actions are AI-specific security requirements that supplement conventional application security controls.