Synthetic intelligence (AI) holds super promise for bettering cyber protection and making the lives of safety practitioners simpler. It might assist groups reduce via alert fatigue, spot patterns sooner, and convey a degree of scale that human analysts alone cannot match. However realizing that potential depends upon securing the programs that make it potential.
Each group experimenting with AI in safety operations is, knowingly or not, increasing its assault floor. With out clear governance, robust id controls, and visibility into how AI makes its choices, even well-intentioned deployments can create danger sooner than they scale back it. To really profit from AI, defenders must strategy securing it with the identical rigor they apply to every other crucial system. Meaning establishing belief within the information it learns from, accountability for the actions it takes, and oversight for the outcomes it produces. When secured appropriately, AI can amplify human functionality as a substitute of changing it to assist practitioners work smarter, reply sooner, and defend extra successfully.
Establishing Belief for Agentic AI Programs
As organizations start to combine AI into defensive workflows, id safety turns into the muse for belief. Each mannequin, script, or autonomous agent working in a manufacturing surroundings now represents a brand new id — one able to accessing information, issuing instructions, and influencing defensive outcomes. If these identities aren’t correctly ruled, the instruments meant to strengthen safety can quietly turn out to be sources of danger.
The emergence of Agentic AI programs make this particularly essential. These programs do not simply analyze; they might act with out human intervention. They triage alerts, enrich context, or set off response playbooks underneath delegated authority from human operators. Every motion is, in impact, a transaction of belief. That belief have to be sure to id, authenticated via coverage, and auditable finish to finish.
The identical ideas that safe individuals and providers should now apply to AI brokers:
- Scoped credentials and least privilege to make sure each mannequin or agent can entry solely the info and features required for its process.
- Robust authentication and key rotation to stop impersonation or credential leakage.
- Exercise provenance and audit logging so each AI-initiated motion may be traced, validated, and reversed if crucial.
- Segmentation and isolation to stop cross-agent entry, making certain that one compromised course of can not affect others.
In observe, this implies treating each agentic AI system as a first-class id inside your IAM framework. Every ought to have an outlined proprietor, lifecycle coverage, and monitoring scope similar to any person or service account. Defensive groups ought to repeatedly confirm what these brokers can do, not simply what they had been meant to do, as a result of functionality usually drifts sooner than design. With id established as the muse, defenders can then flip their consideration to securing the broader system.
Securing AI: Finest Practices for Success
Securing AI begins with defending the programs that make it potential — the fashions, information pipelines, and integrations now woven into on a regular basis safety operations. Simply as
we safe networks and endpoints, AI programs have to be handled as mission-critical infrastructure that requires layered and steady protection.
The SANS Secure AI Blueprint outlines a Defend AI monitor that gives a transparent start line. Constructed on the SANS Critical AI Security Guidelines, the blueprint defines six management domains that translate immediately into observe:
- Entry Controls: Apply least privilege and robust authentication to each mannequin, dataset, and API. Log and evaluation entry repeatedly to stop unauthorized use.
- Information Controls: Validate, sanitize, and classify all information used for coaching, augmentation, or inference. Safe storage and lineage monitoring scale back the chance of mannequin poisoning or information leakage.
- Deployment Methods: Harden AI pipelines and environments with sandboxing, CI/CD gating, and red-teaming earlier than launch. Deal with deployment as a managed, auditable occasion, not an experiment.
- Inference Safety: Defend fashions from immediate injection and misuse by implementing enter/output validation, guardrails, and escalation paths for high-impact actions.
- Monitoring: Constantly observe mannequin habits and output for drift, anomalies, and indicators of compromise. Efficient telemetry permits defenders to detect manipulation earlier than it spreads.
- Mannequin Safety: Model, signal, and integrity-check fashions all through their lifecycle to make sure authenticity and forestall unauthorized swaps or retraining.
These controls align immediately NIST’s AI Threat Management Framework and the OWASP Top 10 for LLMs, which highlights the commonest and consequential vulnerabilities in AI programs — from immediate injection and insecure plugin integrations to mannequin poisoning and information publicity. Making use of mitigations from these frameworks inside these six domains helps translate steerage into operational protection. As soon as these foundations are in place, groups can concentrate on utilizing AI responsibly by figuring out when to belief automation and when to maintain people within the loop.
Balancing Augmentation and Automation
AI programs are able to aiding human practitioners like an intern that by no means sleeps. Nevertheless, it’s crucial for safety groups to distinguish what to automate from what to reinforce. Some duties profit from full automation, particularly these which might be repeatable, measurable, and low-risk if an error happens. Nevertheless, others demand direct human oversight as a result of context, instinct, or ethics matter greater than pace.
Risk enrichment, log parsing, and alert deduplication are prime candidates for automation. These are data-heavy, pattern-driven processes the place consistency outperforms creativity. In contrast, incident scoping, attribution, and response choices depend on context that AI can not totally grasp. Right here, AI ought to help by surfacing indicators, suggesting subsequent steps, or summarizing findings whereas practitioners retain determination authority.
Discovering that steadiness requires maturity in course of design. Safety groups ought to categorize workflows by their tolerance for error and the price of automation failure. Wherever the chance of false positives or missed nuance is excessive, preserve people within the loop. Wherever precision may be objectively measured, let AI speed up the work.
Be a part of us at SANS Surge 2026!
I will dive deeper into this matter throughout my keynote at SANS Surge 2026 (Feb. 23-28, 2026), the place we’ll discover how safety groups can guarantee AI programs are protected to rely on. In case your group is transferring quick on AI adoption, this occasion will show you how to transfer extra securely. Be a part of us to attach with friends, be taught from specialists, and see what safe AI in observe actually seems to be like.
Register for SANS Surge 2026 here.
Observe: This text was contributed by Frank Kim, SANS Institute Fellow.
