Cyberattack breakout time has dropped from 582 minutes in 2019 to just 29 minutes today, forcing organizations to rethink their security posture entirely. AI is a double-edged sword: attackers use it to craft sophisticated phishing and malware, while defenders rely on it for threat detection and automated response. Shadow AI — employees using unsanctioned AI tools — is a growing risk, with sensitive documents and proprietary data being inadvertently exposed through public LLMs. Recommended frameworks include NIST CSF 2.0, NIST AI RMF, NIST 800-161, and OWASP Top 10 for LLMs. A zero-trust model covering people, machines, and AI agents is essential, alongside a culture of shared responsibility and employee enablement rather than blanket bans on AI tools.
Table of contents
The d ouble- e dged AI s wordRisk in the shadowsFramework-driven security‘Zero trust’ and the identity challengeCulture, speed and the way forwardSort: