The Shared Language Needed to Secure and Govern AI Systems

https://www.infosecurity-magazine.com/opinions/shared-language-needed-to-secure/

Publish Date: 2026-06-15 05:00:00

Source Domain: www.infosecurity-magazine.com

Summary of Article
The article emphasizes the necessity for cybersecurity professionals, accustomed to deterministic systems, to adapt their skills to the probabilistic and data-driven nature of AI systems. Unlike traditional software, AI systems are inseparable from their data streams, and therefore face new risks like data poisoning, model drift, and non-determinism. Traditional approaches and frameworks like ATT&CK are insufficient for AI, necessitating the development of new frameworks such as MITRE ATLAS. The article underscores the importance of establishing a common language and repeatable methods for assessing, governing, and securing AI systems. This move involves expanding traditional playbooks to include training data management, model governance, and continuous post-deployment monitoring. To facilitate this shift, certifications such as ISACA’s AAISM, NIST AI RMF, and ISO/IEC 42001 are highlighted as essential resources. The article also highlights the critical role of data privacy, supplementary certifications, and statistical understanding in ensuring AI systems are both effective and compliant.

Key Points:

AI introduces new risk types that differ from traditional threats.
Security measures need to expand beyond applications to cover training data, model governance, and post-deployment monitoring.
Certifications like AAISM, NIST AI RMF, and ISO/IEC 42001 are essential for creating a structured approach to AI security.
Data governance and privacy are critical components in the AI lifecycle.
Understanding statistics and data is essential to provide transparency and manage AI system risks effectively.