What Good AI Security Looks Like: The Path to a Strong Foundation

Em Blog Good Ai Security Main Image
Key Takeaways
  • Traditional cybersecurity often fails to cover the gaps that exist when we deploy AI tools
  • While cybersecurity is never one size fits all, there are six actions CISOs can take to bolster AI security: take an AI asset inventory, layer prompt and input defense, classify data, use least-privilege and human review, use a verified, signed AI supply chain, and maintain cross-functional governance.

More than 1.2 billion people have started using artificial intelligence (AI) tools in less than three years, a faster adoption curve than the Internet, PCs, or even smartphones.1

AI blew past the first three stages of the five-stage emerging technology lifecycle while teams were still debating policies and forming governance committees. It’s now used widely for core workflows, communications, customer-facing support, coding, agentic AI decision-making, and a lot more.

According to a recent Deloitte report, State of AI in the Enterprise, 58% of companies report using physical AI in some capacity, with the percentage of those using physical AI in any capacity expected to reach 80% within two years.2

So, we wondered, are CISOs confident in their organization’s AI security strategy?

Why Traditional Cybersecurity is Not Enough

A big challenge is that traditional cybersecurity often fails to cover the gaps that exist when we deploy AI tools.

Fortunately, the security community is coming together on what mature AI security looks like. That picture is being drawn from the NIST AI Risk Management Framework,2 the OWASP GenAI Data Security Guide,3 IBM’s AI agent security guidance,4 and the operational experience of enterprises that have survived AI security incidents.

The Path to Successful AI Security

While cybersecurity is never one size fits all, there are six actions all CISOs can take to bolster their company’s AI and everything that it touches.

  • Complete an AI asset inventory. Maintain an up-to-date register of every model, agent, API integration, and dependency. Great tools include automated AI security posture management, and level that up by assigning a business owner and documenting and AI bill of materials for every system in production. Greenlight final implementation after security and privacy reviews every time.
  • Replace a naive approach of relying on system prompts as a primary safety control with layered prompt and input defense. Apply a multi-stage enforcement pipeline that includes input normalization and sanitization, policy-as-code pre-checks, role-separated prompt orchestration, retrieval authorization gates, and output filters on every model response. Embed red teaming should into CI/CD pipelines. The NIST AI Risk Management Framework positions adversarial testing as a continuous function throughout an AI system’s operational life.5
  • Apply data classification and leakage prevention to AI traffic to close the gap that generic DLP tools may miss. That helps detect and redact proprietary and personal data in prompts before any outputs, define which data categories may interact with which AI systems, and audit logging of all AI interactions (with confidential data stripped from the logs themselves to avoid creating a secondary compliance exposure).
  • Standardize security for agentic deployments with least-privilege agents and human review. IBM directs teams to treat AI agents as untrusted third parties with the same controls you apply to external contractors.6 That means: short-lived, just-in-time credentials scoped to the minimum access required for the task at hand, defined risk thresholds that require human approval before consequential actions execute, network segmentation that prevents lateral movement, and a preference for reversible actions with explicit gates on anything that cannot be undone.
  • Close the provenance gap with a verified, signed AI supply chain. That includes cryptographic signing of training datasets, SLSA attestations in CI/CD pipelines, model registries with version control and integrity hashes, and retrieval pipelines that treat external content as untrusted until validated. Your team should also assess every third-party model provider via a vendor security questionnaire that covers data handling, incident response, and access controls.
  • Maintain cross-functional AI governance with clear ownership. Name an AI risk function and team that spans security, legal, compliance, technology, and risk management. That group should generate a board-level AI risk report, an AI-specific incident response playbook and quarterly risk register reviews, plus perform mandatory re-evaluations before any model update or new integration goes live.

Moving From Risk to Readiness

Securing AI is an ongoing and evolving discipline. CISOs who include these actions in their process will reduce their organization’s risk exposure and create the conditions for AI adoption to scale safely across their organizations.

  • What is the biggest AI security risk for businesses?
    Lack of visibility is a major AI security risk. Employees are already using public AI tools, agents, and APIs without oversight, creating “shadow AI” risks that can expose sensitive data and create compliance headaches. Once companies understand where and how AI is being used, they can put together guardrails around it with stronger governance, layered prompt defenses, AI-aware protection, least-privilege access controls, verified AI supply chains, and clear cross-functional ownership.
  • Why does AI governance matter to teams beyond IT?
    AI decisions don’t only affect technology teams. They can affect customer trust, legal exposure, compliance, intellectual property, hiring, and even brand reputation. That’s why companies are finding AI governance works best when security, legal, HR, compliance, and business leaders all have a seat at the table in decision-making and implementation.
  • What new IT roles are emerging around AI security?
    Because AI has introduced a new layer of technical and governance responsibilities.
    teams are adding roles such as AI security architect, AI governance lead, AI risk manager, and prompt security engineer to help manage new operational and security challenges. Companies without large internal teams are also turning to managed service providers and security partners for AI monitoring, governance, and policy support.
FAQs
Q: Why do breaches happen if all security tools are working properly?
A: Tools are often scoped individually. Each one does their job in a vacuum, but the comprehensive security outcome is so dispersed across all of them that no one has clear ownership. Gaps happen as incidents move along tools from detection to decision and enforcement. When there are delays or loose handoffs, attackers find plenty of opportunities.
Q: How can teams identify their hidden risks?
A: Cross-system workflows need to be assessed carefully. Confirming that individual tools are effective is critical, but you need to understand the entire incident lifecycle—especially as multiple teams become involved. You have a potential issue when you can’t find a clear answer to the question of, “Who confirms when this is totally resolved?”
Q: How can organizations reduce risk without overhauling the entire security stack?
A: Clearly defined ownership around securing critical workflows is essential. One person should be accountable for closure. Staff members also need a defined idea of what “done” actually means. Consistent real-world testing—rather than just relying on dashboards—can help ensure teams are staying on top of new risks and creating effective plans to address them.

  1. Microsoft, AI Economy Institute, Global AI Diffusion Q1 2026 Trends and Insights, May 2026
  2. Deloitte, State of AI in the Enterprise, The untapped edge, Jan 2026
  3. National Institute of Standards and Technology, AI Risk Management Framework
  4. OWASP, GenAI Data Security: Risks and Mitigations 2026, Mar 17, 2026
  5. IBM, A guide to agentic AI security, Feb 10, 2026
  6. National Institute of Standards and Technology, AI Risk Management Framework
  7. IBM, A guide to agentic AI security, Feb 10, 2026