CISOs and Information Security
AI is reshaping both sides of the security equation — attack capability and defence capability scale in parallel. The CISO's mandate now includes governing AI systems they don't own.
For: Chief Information Security Officers, security architects, security operations
For CISOs, AI presents three converging challenges. First, AI capabilities are reshaping the threat landscape — phishing, social engineering, and vulnerability discovery are all being augmented by AI. Second, frontier AI systems are dual-use: the same capability that enables defence enables attack (Anthropic's Project Glasswing exists precisely because of this). Third, the security implications of AI adoption inside the enterprise — Microsoft Agent 365, ChatGPT Enterprise, Claude, custom agents — create attack surfaces that traditional controls don't cover. The Five Eyes agentic AI guidance (1 May 2026) and ASIC's 8 May 2026 cyber resilience letter are the most directly applicable references for this work.
What this role is accountable for
The substantive AI governance responsibilities that fall to this role under current Australian and global expectations.
- 1AI-specific threat modelling — prompt injection, indirect injection, data exfiltration via AI outputs
- 2Agentic AI security — controls for autonomous systems operating across enterprise applications
- 3AI vendor security assessment, including frontier model providers
- 4Data classification and DLP integration with AI tools (Microsoft Purview, equivalent platforms)
- 5AI incident response — detection, containment, and forensics for AI-related security events
- 6Workforce AI security awareness — shadow AI, data leakage, social engineering
- 7Engagement with national security guidance (ASD ACSC, CISA, NCSC) on AI-specific threats
Most relevant intelligence
Curated coverage selected for this role — frameworks, regulatory developments, and operational guidance you can act on.
Microsoft 365 Copilot Safe Enterprise Use
EchoLeak, EDP, Purview controls, and the AI attack surface of Copilot.
Agentic AI Governance for Enterprise
Security controls for autonomous AI operating across enterprise systems.
Shadow AI: Governance Guide
Detection, prevention, and policy for unauthorised AI use.
ChatGPT Enterprise and Claude: Safe Business Use
Security architecture of the major enterprise AI platforms.
Choosing AI Tools for Your Organisation
Comparative security analysis of the four major enterprise AI platforms.
Big Tech AI 2026: Governance Implications
CAISI pre-deployment evaluation, Project Glasswing, and the dual-use frontier AI landscape.
Frameworks that apply
The regulatory frameworks, standards, and guidance documents most relevant to this role.
Joint guidance from ASD ACSC, CISA, NSA, CCCS, NZ NCSC, UK NCSC.
Security and incident management for AI systems.
Frontier AI changing the cyber risk landscape — board implications.
Application security framework for LLM-integrated systems.
Next steps
Cyber + AI Resources
Threat modelling templates, AI security policies, incident response procedures.
ContinueSector Coverage
Security-specific guidance for financial services, healthcare, public sector, and 13 other sectors.
ContinueRegulatory Intelligence
Ongoing coverage of Five Eyes guidance, ASIC cyber expectations, and global AI security policy.
Continue