AI Security in 2026: Key Themes from the AI Secure Intelligence Summit and What They Mean for Practitioners
The AI Secure Intelligence Summit 2026, hosted by InfosecTrain, brought together practitioners, researchers, and governance specialists to examine the rapidly evolving intersection of artificial intelligence and cybersecurity. For professionals holding CISSP, CCSP, or AAISM credentials, the summit’s themes are directly relevant to practice — AI is no longer a future consideration but an active component of both the threat landscape and the defensive toolkit.
This post distils the key themes from the summit and connects them to the frameworks, standards, and practical considerations that security professionals in Australia and globally must navigate.
Theme 1: AI as Both Tool and Target
The most important conceptual shift in AI security is recognising that AI operates in two distinct roles simultaneously: as a security tool (threat detection, anomaly analysis, automated response) and as a target (adversarial attacks, model theft, data poisoning). Most organisations have begun investing in AI-powered security tooling without implementing parallel governance for AI system security.
OWASP’s LLM Top 10 (2024 edition) catalogues the primary attack vectors against large language model applications: prompt injection, insecure output handling, training data poisoning, model denial of service, and supply chain vulnerabilities. Security teams that have deployed AI-driven tools — whether UEBA platforms, threat intelligence systems, or AI-assisted SOC capabilities — need to evaluate their exposure to each of these vectors.
Theme 2: Adversarial Machine Learning Is Moving Into Production Environments
Adversarial ML attacks — techniques that manipulate AI model inputs or training data to produce incorrect outputs — are transitioning from academic research to production threat vectors. Key attack categories include:
- Evasion attacks: Crafting inputs that cause a security model (e.g., malware classifier, fraud detection) to misclassify malicious activity as benign.
- Data poisoning: Corrupting training data to introduce systematic model biases that favour the attacker.
- Membership inference: Extracting information about training data by querying model confidence scores — a significant privacy and data protection risk for models trained on sensitive datasets.
- Model extraction: Reconstructing a proprietary model through API queries, enabling attackers to develop evasion techniques offline.
NIST’s AI RMF 1.0 and its forthcoming Adversarial Machine Learning guidelines provide the foundational framework for assessing and mitigating these risks. ISACA’s AAISM certification body of knowledge covers adversarial ML risk assessment as a core competency — a sign that these skills are now expected at the governance and audit level.
Theme 3: AI Governance Is a Security Control
Summit speakers consistently emphasised that AI governance — the policies, accountability structures, and oversight mechanisms that govern AI system behaviour — is itself a security control. Organisations without formal AI governance are not merely compliance non-compliant; they are operationally exposed.
An AI system without documented accountability creates a situation where security incidents cannot be properly attributed, investigated, or remediated. ISO/IEC 42001:2023 addresses this directly: Clause 5 (Leadership) and Clause 8 (Operation) together require that AI systems operate within defined accountability boundaries and that incident response plans exist for AI system failures.
For Australian organisations, the government’s Safe and Responsible AI consultation process is moving toward a risk-based regulatory framework that will require documented AI governance for high-risk AI applications. Security professionals who understand both the technical and governance dimensions of AI risk will be significantly more valuable in this environment.
Theme 4: The Human Layer Remains the Primary Attack Surface
Despite the growing focus on AI-specific attack vectors, summit discussions repeatedly returned to the human layer as the primary attack surface. AI-generated phishing, deepfake voice and video social engineering, and AI-assisted reconnaissance are dramatically increasing the quality and scale of human-targeted attacks. The 2024 DBIR found that the median time to click a phishing link was under 60 seconds — a figure that has been dramatically compressed by AI-generated, personalised content.
Security awareness programmes built around generic phishing simulations are increasingly insufficient against this threat. Effective awareness training in 2026 must incorporate AI-generated content examples, deepfake detection guidance, and decision-making frameworks for verifying identity in digital channels.
Practical Implications for CISSP and CCSP Practitioners
For practitioners holding CISSP or CCSP credentials, AI security themes connect directly to existing CBK domains:
- CISSP Domain 1 (Security and Risk Management): AI risk assessment methodology, AI-specific threat modelling.
- CISSP Domain 3 (Security Architecture and Engineering): AI system security architecture, adversarial robustness controls.
- CCSP Domain 4 (Cloud Application Security): Securing AI APIs, prompt injection defences, LLM application security.
- CCSP Domain 6 (Legal, Risk, and Compliance): AI regulatory landscape, ISO 42001 alignment, data protection implications of AI training data.
CISSP Made Easy 