InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Stage 1: Risk Identification – What could go wrong?
Risk Identification focuses on proactively uncovering potential issues before an AI model causes harm. The primary challenge at this stage is identifying all relevant risks and vulnerabilities, including data quality issues, security weaknesses, ethical concerns, and unintended biases embedded in training data or model logic. Organizations must also understand how the model could fail or be misused across different contexts. Key tasks include systematically identifying risks, mapping vulnerabilities across the AI lifecycle, and recognizing bias and fairness concerns early so they can be addressed before deployment.
Stage 2: Risk Assessment – How severe is the risk?
Risk Assessment evaluates the significance of identified risks by analyzing their likelihood and potential impact on the organization, users, and regulatory obligations. A key challenge here is accurately measuring risk severity while also assessing whether the model performs as intended under real-world conditions. Organizations must balance technical performance metrics with business, legal, and ethical implications. Key tasks include scoring and prioritizing risks, evaluating model performance, and determining which risks require immediate mitigation versus ongoing monitoring.
Stage 3: Risk Mitigation – How do we reduce the risk?
Risk Mitigation aims to reduce exposure by implementing controls and corrective actions that address prioritized risks. The main challenge is designing safeguards that effectively reduce risk without degrading model performance or business value. This stage often requires technical and organizational coordination. Key tasks include implementing safeguards, mitigating bias, adjusting or retraining models, enhancing explainability, and testing controls to confirm that mitigation measures supports responsible and reliable AI operation.
Stage 4: Risk Monitoring – Are new risks emerging?
Risk Monitoring ensures that AI models remain safe, reliable, and compliant after deployment. A key challenge is continuously monitoring model performance in dynamic environments where data, usage patterns, and threats evolve over time. Organizations must detect model drift, emerging risks, and anomalies before they escalate. Key tasks include ongoing oversight, continuous performance monitoring, detecting and reporting anomalies, and updating risk controls to reflect new insights or changing conditions.
Stage 5: Risk Governance – Is risk management effective?
Risk Governance provides the oversight and accountability needed to ensure AI risk management remains effective and compliant. The main challenges at this stage are establishing clear accountability and ensuring alignment with regulatory requirements, internal policies, and ethical standards. Governance connects technical controls with organizational decision-making. Key tasks include enforcing policies and standards, reviewing and auditing AI risk management practices, maintaining documentation, and ensuring accountability across stakeholders.
Closing Perspective
A well-structured AI Model Risk Management framework transforms AI risk from an abstract concern into a managed, auditable, and defensible process. By systematically identifying, assessing, mitigating, monitoring, and governing AI risks, organizations can reduce regulatory, financial, and reputational exposure—while enabling trustworthy, scalable, and responsible AI adoption.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
1. Defining AI boundaries clarifies purpose and limits Clear AI boundaries answer the most basic question: what is this AI meant to do—and what is it not meant to do? By explicitly defining purpose, scope, and constraints, organizations prevent unintended use, scope creep, and over-reliance on the system. Boundaries ensure the AI is applied only within approved business and user contexts, reducing the risk of misuse or decision-making outside its design assumptions.
2. Boundaries anchor AI to real-world business context AI does not operate in a vacuum. Understanding where an AI system is used—by which business function, user group, or operational environment—connects technical capability to real-world impact. Contextual boundaries help identify downstream effects, regulatory exposure, and operational dependencies that may not be obvious during development but become critical after deployment.
3. Accountability establishes clear ownership Accountability answers the question: who owns this AI system? Without a clearly accountable owner, AI risks fall into organizational gaps. Assigning an accountable individual or function ensures there is someone responsible for approvals, risk acceptance, and corrective action when issues arise. This mirrors mature governance practices seen in security, privacy, and compliance programs.
4. Ownership enables informed risk decisions When accountability is explicit, risk discussions become practical rather than theoretical. The accountable owner is best positioned to balance safety, bias, privacy, security, and business risks against business value. This enables informed decisions about whether risks are acceptable, need mitigation, or require stopping deployment altogether.
5. Responsibilities translate risk into safeguards Defined responsibilities ensure that identified risks lead to concrete action. This includes implementing safeguards and controls, establishing monitoring and evidence collection, and defining escalation paths for incidents. Responsibilities ensure that risk management does not end at design time but continues throughout the AI lifecycle.
6. Post–go-live responsibilities protect long-term trust AI risks evolve after deployment due to model drift, data changes, or new usage patterns. Clearly defined responsibilities ensure continuous monitoring, incident response, and timely escalation. This “after go-live” ownership is critical to maintaining trust with users, regulators, and stakeholders as real-world behavior diverges from initial assumptions.
7. Governance enables confident AI readiness decisions When boundaries, accountability, and responsibilities are well defined, organizations can make credible AI readiness decisions—ready, conditionally ready, or not ready. These decisions are based on evidence, controls, and ownership rather than optimism or pressure to deploy.
Opinion (with AI Governance and ISO/IEC 42001):
In my view, boundaries, accountability, and responsibilities are the difference between using AI and governing AI. This is precisely where a formal AI Governance function becomes critical. Governance ensures these elements are not ad hoc or project-specific, but consistently defined, enforced, and reviewed across the organization. Without governance, AI risk remains abstract and unmanaged; with it, risk becomes measurable, owned, and actionable.
Acquiring ISO/IEC 42001 certification strengthens this governance model by institutionalizing accountability, decision rights, and lifecycle controls for AI systems. ISO 42001 requires organizations to clearly define AI purpose and boundaries, assign accountable owners, manage risks such as bias, security, and privacy, and demonstrate ongoing monitoring and incident handling. In effect, it operationalizes responsible AI rather than leaving it as a policy statement.
Together, strong AI governance and ISO 42001 shift AI risk management from technical optimism to disciplined decision-making. Leaders gain the confidence to approve, constrain, or halt AI systems based on evidence, controls, and real-world impact—rather than hype, urgency, or unchecked innovation.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
Bruce Schneier highlights a significant development: advanced AI models are now better at automatically finding and exploiting vulnerabilities on real networks, not just assisting humans in security tasks.
In a notable evaluation, the Claude Sonnet 4.5 model successfully completed multi-stage attacks across dozens of hosts using standard, open-source tools — without the specialized toolkits previous AI needed.
In one simulation, the model autonomously identified and exploited a public Common Vulnerabilities and Exposures (CVE) instance — similar to how the infamous Equifax breach worked — and exfiltrated all simulated personal data.
What makes this more concerning is that the model wrote exploit code instantly instead of needing to search for or iterate on information. This shows AI’s increasing autonomous capability.
The implication, Schneier explains, is that barriers to autonomous cyberattack workflows are falling quickly, meaning even moderately resourced attackers can use AI to automate exploitation processes.
Because these AIs can operate without custom cyber toolkits and quickly recognize known vulnerabilities, traditional defenses that rely on the slow cycle of patching and response are less effective.
Schneier underscores that this evolution reflects broader trends in cybersecurity: not only can AI help defenders find and patch issues faster, but it also lowers the cost and skill required for attackers to execute complex attacks.
The rapid progression of these AI capabilities suggests a future where automatic exploitation isn’t just theoretical — it’s becoming practical and potentially widespread.
While Schneier does not explore defensive strategies in depth in this brief post, the message is unmistakable: core security fundamentals—such as timely patching and disciplined vulnerability management—are more critical than ever. I’m confident we’ll see a far more detailed and structured analysis of these implications in a future book.
This development should prompt organizations to rethink traditional workflows and controls, and to invest in strategies that assume attackers may have machine-speed capabilities.
💭 My Opinion
The fact that AI models like Claude Sonnet 4.5 can autonomously identify and exploit vulnerabilities using only common open-source tools marks a pivotal shift in the cybersecurity landscape. What was once a human-driven process requiring deep expertise is now slipping into automated workflows that amplify both speed and scale of attacks. This doesn’t mean all cyberattacks will be AI-driven tomorrow, but it dramatically lowers the barrier to entry for sophisticated attacks.
From a defensive standpoint, it underscores that reactive patch-and-pray security is no longer sufficient. Organizations need to adopt proactive, continuous security practices — including automated scanning, AI-enhanced threat modeling, and Zero Trust architectures — to stay ahead of attackers who may soon operate at machine timescales. This also reinforces the importance of security fundamentals like timely patching and vulnerability management as the first line of defense in a world where AI accelerates both offense and defense.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
AI Security and AI Governance are often discussed as separate disciplines, but the industry is realizing they are inseparable. Over the past year, conversations have revolved around AI governance—whether AI should be used and under what principles—and AI security—how AI systems are protected from threats. This separation is no longer sustainable as AI adoption accelerates.
The core reality is simple: governance without security is ineffective, and security without governance is incomplete. If an organization cannot secure its AI systems, it has no real control over them. Likewise, securing systems without clear governance leaves unanswered questions about legality, ethics, and accountability.
This divide exists largely because governance and security evolved in different organizational domains. Governance typically sits with legal, risk, and compliance teams, focusing on fairness, transparency, and ethical use. Security, on the other hand, is owned by technical teams and SOCs, concentrating on attacks such as prompt injection, model manipulation, and data leakage.
When these functions operate in silos, organizations unintentionally create “Shadow AI” risks. Governance teams may publish policies that lack technical enforcement, while security teams may harden systems without understanding whether the AI itself is compliant or trustworthy.
The governance gap appears when policies exist only on paper. Without security controls to enforce them, rules become optional guidance rather than operational reality, leaving organizations exposed to regulatory and reputational risk.
The security gap emerges when protection is applied without context. Systems may be technically secure, yet still rely on biased, non-compliant, or poorly governed models, creating hidden risks that security tooling alone cannot detect.
To move forward, AI risk must be treated as a unified discipline. A combined “Governance-Security” mindset requires shared inventories of models and data pipelines, continuous monitoring of both technical vulnerabilities and ethical drift, and automated enforcement that connects policy directly to controls.
Organizations already adopting this integrated approach are gaining a competitive advantage. Their objective goes beyond compliance checklists; they are building AI systems that are trustworthy, resilient by design, and compliant by default—earning confidence from regulators, customers, and partners alike.
My opinion: AI governance and AI security should no longer be separate conversations or teams. Treating them as one integrated function is not just best practice—it is inevitable. Organizations that fail to unify these disciplines will struggle with unmanaged risk, while those that align them early will define the standard for trustworthy and resilient AI.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
The “Layers of AI” model helps explain how artificial intelligence evolves from simple rule-based logic into autonomous, goal-driven systems. Each layer builds on the capabilities of the one beneath it, adding complexity, adaptability, and decision-making power. Understanding these layers is essential for grasping not just how AI works technically, but also where risks, governance needs, and human oversight must be applied as systems move closer to autonomy.
Classical AI: The Rule-Based Foundation
Classical AI represents the earliest form of artificial intelligence, relying on explicit rules, logic, and symbolic representations of knowledge. Systems such as expert systems and logic-based reasoning engines operate deterministically, meaning they behave exactly as programmed. While limited in flexibility, Classical AI laid the groundwork for structured reasoning, decision trees, and formal problem-solving that still influence modern systems.
Machine Learning: Learning from Data
Machine Learning marked a shift from hard-coded rules to systems that learn patterns from data. Techniques such as supervised, unsupervised, and reinforcement learning allow models to improve performance over time without explicit reprogramming. Tasks like classification, regression, and prediction became scalable, enabling AI to adapt to real-world variability rather than relying solely on predefined logic.
Neural Networks: Mimicking the Brain
Neural Networks introduced architectures inspired by the human brain, using interconnected layers of artificial neurons. Concepts such as perceptrons, activation functions, cost functions, and backpropagation allow these systems to learn complex representations. This layer enables non-linear problem solving and forms the structural backbone for more advanced AI capabilities.
Deep Learning: Scaling Intelligence
Deep Learning extends neural networks by stacking many hidden layers, allowing models to extract increasingly abstract features from raw data. Architectures such as CNNs, RNNs, LSTMs, transformers, and autoencoders power breakthroughs in vision, speech, language, and pattern recognition. This layer made AI practical at scale, especially with large datasets and high-performance computing.
Generative AI: Creating New Content
Generative AI focuses on producing new data rather than simply analyzing existing information. Large Language Models (LLMs), diffusion models, VAEs, and multimodal systems can generate text, images, audio, video, and code. This layer introduces creativity, probabilistic reasoning, and uncertainty, but also raises concerns around hallucinations, bias, intellectual property, and trustworthiness.
Agentic AI: Acting with Purpose
Agentic AI adds decision-making and goal-oriented behavior on top of generative models. These systems can plan tasks, retain memory, use tools, and take actions autonomously across environments. Rather than responding to a single prompt, agentic systems operate continuously, making them powerful—but also significantly more complex to govern, audit, and control.
Autonomous Execution: AI Without Constant Human Input
At the highest layer, AI systems can execute tasks independently with minimal human intervention. Autonomous execution combines planning, tool use, feedback loops, and adaptive behavior to operate in real-world conditions. This layer blurs the line between software and decision-maker, raising critical questions about accountability, safety, alignment, and ethical boundaries.
My Opinion: From Foundations to Autonomy
The layered model of AI is useful because it makes one thing clear: autonomy is not a single leap—it is an accumulation of capabilities. Each layer introduces new power and new risk. While organizations are eager to adopt agentic and autonomous AI, many still lack maturity in governing the foundational layers beneath them. In my view, responsible AI adoption must follow the same layered discipline—strong foundations, clear controls at each level, and escalating governance as systems gain autonomy. Skipping layers in governance while accelerating layers in capability is where most AI risk emerges.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
1. Growing AI Risks in Cybersecurity Artificial intelligence has rapidly become a central factor in cybersecurity, acting as both a powerful defense and a serious threat vector. Attackers have quickly adopted AI tools to amplify their capabilities, and many executives now consider AI-related cyber risks among their top organizational concerns.
2. AI’s Dual Role While AI helps defenders detect threats faster, it also enables cybercriminals to automate attacks at scale. This rapid adoption by attackers is reshaping the overall cyber threat landscape going into 2026.
3. Deepfakes and Impersonation Techniques One of the most alarming developments is the use of deepfakes and voice cloning. These tools create highly convincing impersonations of executives or trusted individuals, fooling employees and even automated systems.
4. Enhanced Phishing and Messaging AI has made phishing attacks more sophisticated. Instead of generic scam messages, attackers use generative AI to craft highly personalized and convincing messages that leverage data collected from public sources.
5. Automated Reconnaissance AI now automates what used to be manual reconnaissance. Malicious scripts scout corporate websites and social profiles to build detailed target lists much faster than human attackers ever could.
6. Adaptive Malware AI-driven malware is emerging that can modify its code and behavior in real time to evade detection. Unlike traditional threats, this adaptive malware learns from failed attempts and evolves to be more effective.
7. Shadow AI and Data Exposure “Shadow AI” refers to employees using third-party AI tools without permission. These tools can inadvertently capture sensitive information, which might be stored, shared, or even reused by AI providers, posing significant data leakage risks.
8. Long-Term Access and Silent Attacks Modern AI-enabled attacks often aim for persistence—maintaining covert access for weeks or months to gather credentials and monitor systems before striking, rather than causing immediate disruption.
9. Evolving Defense Needs Traditional security systems are increasingly inadequate against these dynamic, AI-driven threats. Organizations must embrace adaptive defenses, real-time monitoring, and identity-centric controls to keep pace.
10. Human Awareness Remains Critical Technology alone won’t stop these threats. A strong “human firewall” — knowledgeable employees and ongoing awareness training — is crucial to recognize and prevent emerging AI-enabled attacks.
My Opinion
AI’s influence on the cyber threat landscape is both inevitable and transformative. On one hand, AI empowers defenders with unprecedented speed and analytical depth. On the other, it’s lowering the barrier to entry for attackers, enabling highly automated, convincing attacks that traditional defenses struggle to catch. This duality makes cybersecurity a fundamentally different game than it was even a few years ago.
Organizations can’t afford to treat AI simply as a defensive tool or a checkbox in their security stack. They must build AI-aware risk management strategies, integrate continuous monitoring and identity-centric defenses, and invest in employee education. Most importantly, cybersecurity leaders need to assume that attackers will adopt AI faster than defenders — so resilience and adaptive defense are not optional, they’re mandatory.
The key takeaway? Cybersecurity in 2026 and beyond won’t just be about technology. It will be a strategic balance between innovation, human awareness, and proactive risk governance.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
Predictive AI is the most mature and widely adopted form of AI. It analyzes historical data to identify patterns and forecast what is likely to happen next. Organizations use it to anticipate customer demand, detect fraud, identify anomalies, and support risk-based decisions. The goal isn’t automation for its own sake, but faster and more accurate decision-making, with humans still in control of final actions.
2️⃣ Generative AI – Create
Generative AI goes beyond prediction and focuses on creation. It generates text, code, images, designs, and insights based on prompts. Rather than replacing people, it amplifies human productivity, helping teams draft content, write software, analyze information, and communicate faster. Its core value lies in increasing output velocity while keeping humans responsible for judgment and accountability.
3️⃣ AI Agents – Assist
AI Agents add execution to intelligence. These systems are connected to enterprise tools, applications, and internal data sources. Instead of only suggesting actions, they can perform tasks—such as retrieving data, updating systems, responding to requests, or coordinating workflows. AI Agents expand human capacity by handling repetitive or multi-step tasks, delivering knowledge access and task leverage at scale.
4️⃣ Agentic AI – Act
Agentic AI represents the frontier of AI adoption. It orchestrates multiple agents to run workflows end-to-end with minimal human intervention. These systems can plan, delegate, verify, and complete complex processes across tools and teams. At this stage, AI evolves from a tool into a digital team member, enabling true process transformation, not just efficiency gains.
Simple decision framework
Need faster decisions? → Predictive AI
Need more output? → Generative AI
Need task execution and assistance? → AI Agents
Need end-to-end transformation? → Agentic AI
Below is a clean, standards-aligned mapping of the four AI types (Predict → Create → Assist → Act) to ISO/IEC 42001, NIST AI RMF, and the EU AI Act. This is written so you can directly reuse it in AI governance decks, risk registers, or client assessments.
AI Types Mapped to ISO 42001, NIST AI RMF & EU AI Act
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
AI is often perceived as something mysterious or magical, but in reality it is a layered technology stack built incrementally over decades. Each layer depends on the maturity and stability of the layers beneath it, which is why skipping foundations leads to fragile outcomes.
The diagram illustrates why many AI strategies fail: organizations rush to adopt the top layers without understanding or strengthening the base. When results disappoint, tools are blamed instead of the missing foundations that enable them.
At the base is Classical AI, which relies on rules, logic, and expert systems. This layer established early decision boundaries, reasoning models, and governance concepts that still underpin modern AI systems.
Above that sits Machine Learning, where explicit rules are replaced with statistical prediction. Techniques such as classification, regression, and reinforcement learning focus on optimization and pattern discovery rather than true understanding.
Neural Networks introduce representation learning, allowing systems to learn internal features automatically. Through backpropagation, hidden layers, and activation functions, patterns begin to emerge at scale rather than being manually engineered.
Deep Learning builds on neural networks by stacking specialized architectures such as transformers, CNNs, RNNs, and autoencoders. This is the layer where data volume, compute, and scale dramatically increase capability.
Generative AI marks a shift from analysis to creation. Models can now generate text, images, audio, and multimodal outputs, enabling powerful new use cases—but these systems remain largely passive and reactive.
Agentic AI is where confusion often arises. This layer introduces memory, planning, tool use, and autonomous execution, allowing systems to take actions rather than simply produce outputs.
Importantly, Agentic AI is not a replacement for the lower layers. It is an orchestration layer that coordinates capabilities built below it, amplifying both strengths and weaknesses in data, models, and processes.
Weak data leads to unreliable agents, broken workflows result in chaotic autonomy, and a lack of governance introduces silent risk. The diagram is most valuable when read as a warning: AI maturity is built bottom-up, and autonomy without foundation multiplies failure just as easily as success.
This post and diagram does a great job of illustrating a critical concept in AI that’s often overlooked: foundations matter more than flashy capabilities. Many organizations focus on deploying “smart agents” or advanced models without first ensuring the underlying data infrastructure, governance, and compliance frameworks are solid. The pyramid/infographic format makes this immediately clear—visually showing that AI capabilities rest on multiple layers of systems, policies, and risk management.
My opinion: It’s a strong, board- and executive-friendly way to communicate that resilient AI isn’t just about algorithms—it’s about building a robust, secure, and governed foundation first. For practitioners, this reinforces the need for strategy before tactics, and for decision-makers, it emphasizes risk-aware investment in AI.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
1. AI Has Become Core Infrastructure AI is no longer experimental — it’s now deeply integrated into business decisions and societal functions. With this shift, governance can’t stay theoretical; it must be operational and enforceable. The article argues that combining the NIST AI Risk Management Framework (AI RMF) with ISO/IEC 42001 makes this operationalization practical and auditable.
2. Principles Alone Don’t Govern The NIST AI RMF starts with the Govern function, stressing accountability, transparency, and trustworthy AI. But policies by themselves — statements of intent — don’t ensure responsible execution. ISO 42001 provides the management-system structure that anchors these governance principles into repeatable business processes.
3. Mapping Risk in Context Understanding the context and purpose of an AI system is where risk truly begins. The NIST RMF’s Map function asks organizations to document who uses a system, how it might be misused, and potential impacts. ISO 42001 operationalizes this through explicit impact assessments and scope definitions that force organizations to answer difficult questions early.
4. Measuring Trust Beyond Accuracy Traditional AI metrics like accuracy or speed fail to capture trustworthiness. The NIST RMF expands measurement to include fairness, explainability, privacy, and resilience. ISO 42001 ensures these broader measures aren’t aspirational — they require documented testing, verification, and ongoing evaluation.
5. Managing the Full Lifecycle The Manage function addresses what many frameworks ignore: what happens after AI deployment. ISO 42001 formalizes post-deployment monitoring, incident reporting and recovery, decommissioning, change management, and continuous improvement — framing AI systems as ongoing risk assets rather than one-off projects.
6. Third-Party & Supply Chain Risk Modern AI systems often rely on external data, models, or services. Both frameworks treat third-party and supplier risks explicitly — a critical improvement, since risks extend beyond what an organization builds in-house. This reflects growing industry recognition of supply chain and ecosystem risk in AI.
7. Human Oversight as a System Rather than treating human review as a checkbox, the article emphasizes formalizing human roles and responsibilities. It calls for defined escalation and override processes, competency-based training, and interdisciplinary decision teams — making oversight deliberate, not incidental.
8. Strategic Value of NIST-ISO Alignment The real value isn’t just technical alignment — it’s strategic: helping boards, executives, and regulators speak a common language about risk, accountability, and controls. This positions organizations to be both compliant with emerging regulations and competitive in markets where trust matters.
9. Trust Over Speed The article closes with a cultural message: in the next phase of AI adoption, trust will outperform speed. Organizations that operationalize responsibility (through structured frameworks like NIST AI RMF and ISO 42001) will lead, while those that chase innovation without governance risk reputational harm.
10. Practical Implications for Leaders For AI leaders, the takeaway is clear: you need both risk-management logic and a management system to ensure accountability, measurement, and continuous improvement. Cryptic policies aren’t enough; frameworks must translate into auditable, executive-reportable actions.
Opinion
This article provides a thoughtful and practical bridge between high-level risk principles and real-world governance. NIST’s AI RMF on its own captures what needs to be considered (governance, context, measurement, and management) — a critical starting point for responsible AI risk management. (NIST)
But in many organizations today, abstract frameworks don’t translate into disciplined execution — that gap is exactly where ISO/IEC 42001 can add value by prescribing systematic processes, roles, and continuous improvement cycles. Together, the NIST AI RMF and ISO 42001 form a stronger operational baseline for responsible, auditable AI governance.
In practice, however, the challenge will be in integration — aligning governance systems already in place (e.g., ISO 27001, internal risk programs) with these newer AI standards without creating redundancy or compliance fatigue. The real test of success will be whether organizations can bake these practices into everyday decision-making, not just compliance checklists.
At DISC InfoSec, we help organizations navigate this landscape by aligning AI risk management, governance, security, and compliance into a single, practical roadmap. Whether you are experimenting with AI or deploying it at scale, we help you choose and operationalize the right frameworks to reduce risk and build trust. Learn more at DISC InfoSec.
No Breach. No Alerts. Still Stolen: The Model Extraction Problem
1. A company can lose its most valuable AI intellectual property without suffering a traditional security breach. No malware, no compromised credentials, no incident tickets—just normal-looking API traffic. Everything appears healthy on dashboards, yet the core asset is quietly walking out the door.
2. This threat is known as model extraction. It happens when an attacker repeatedly queries an AI model through legitimate interfaces—APIs, chatbots, or inference endpoints—and learns from the responses. Over time, they can reconstruct or closely approximate the proprietary model’s behavior without ever stealing weights or source code.
3. A useful analogy is a black-box expert. If I can repeatedly ask an expert questions and carefully observe their answers, patterns start to emerge—how they reason, where they hesitate, and how they respond to edge cases. Over time, I can train someone else to answer the same questions in nearly the same way, without ever seeing the expert’s notes or thought process.
4. Attackers pursue model extraction for several reasons. They may want to clone the model outright, steal high-value capabilities, distill it into a cheaper version using your model as a “teacher,” or infer sensitive traits about the training data. None of these require breaking in—only sustained access.
5. This is why AI theft doesn’t look like hacking. Your model can be copied simply by being used. The very openness that enables adoption and revenue also creates a high-bandwidth oracle for adversaries who know how to exploit it.
6. The consequences are fundamentally business risks. Competitive advantage evaporates as others avoid your training costs. Attackers discover and weaponize edge cases. Malicious clones can damage your brand, and your IP strategy collapses because the model’s behavior has effectively been given away.
7. The aftermath is especially dangerous because it’s invisible. There’s no breach report or emergency call—just a competitor releasing something “surprisingly similar” months later. By the time leadership notices, the damage is already done.
8. At scale, querying equals learning. With enough inputs and outputs, an attacker can build a surrogate model that is “good enough” to compete, abuse users, or undermine trust. This is IP theft disguised as legitimate usage.
9. Defending against this doesn’t require magic, but it does require intent. Organizations need visibility by treating model queries as security telemetry, friction by rate-limiting based on risk rather than cost alone, and proof by watermarking outputs so stolen behavior can be attributed when clones appear.
My opinion: Model extraction is one of the most underappreciated risks in AI today because it sits at the intersection of security, IP, and business strategy. If your AI roadmap focuses only on performance, cost, and availability—while ignoring how easily behavior can be copied—you don’t really have an AI strategy. Training models is expensive; extracting behavior through APIs is cheap. And in most markets, “good enough” beats “perfect.”
Yann LeCun — a pioneer of deep learning and Meta’s Chief AI Scientist — has left the company after shaping its AI strategy and influencing billions in investment. His departure is not a routine leadership change; it signals a deeper shift in how he believes AI must evolve.
LeCun is one of the founders of modern neural networks, a Turing Award recipient, and a core figure behind today’s deep learning breakthroughs. His work once appeared to be a dead end, yet it ultimately transformed the entire AI landscape.
Now, he is stepping away not to retire or join another corporate giant, but to create a startup focused on a direction Meta does not support. This choice underscores a bold statement: the current path of scaling Large Language Models (LLMs) may not lead to true artificial intelligence.
He argues that LLMs, despite their success, are fundamentally limited. They excel at predicting text but lack real understanding of the world. They cannot reason about physical reality, causality, or genuine intent behind events.
According to LeCun, today’s LLMs possess intelligence comparable to an animal — some say a cat — but even the cat has an advantage: it learns through real-world interaction rather than statistical guesswork.
His proposed alternative is what he calls World Models. These systems will learn like humans and animals do — by observing environments, experimenting, predicting outcomes, and refining internal representations of how the world works.
This approach challenges the current AI industry narrative that bigger models and more data alone will produce smarter, safer AI. Instead, LeCun suggests that a completely different foundation is required to achieve true machine intelligence.
Yet Meta continues investing enormous resources into scaling LLMs — the very AI paradigm he believes is nearing its limits. His departure raises an uncomfortable question about whether hype is leading strategic decisions more than science.
If he is correct, companies pushing ever-larger LLMs could face a major reckoning when progress plateaus and expectations fail to materialize.
My Opinion
LLMs are far from dead — they are already transforming industries and productivity. But LeCun highlights a real concern: scaling alone cannot produce human-level reasoning. The future likely requires a combination of both approaches — advanced language systems paired with world-aware learning. Instead of a dead end, this may be an inflection point where the AI field transitions toward deeper intelligence grounded in understanding, not just prediction.
Whether AI might surpass human intelligence in the next few years, based on recent trends and expert views — followed by my opinion:
Some recent analyses suggest that advances in AI capabilities may be moving fast enough that aspects of human‑level performance could be reached within a few years. One trend measurement — focusing on how quickly AI translation quality is improving compared to humans — shows steady progress and extrapolates that machine performance could equal human translators by the end of this decade if current trends continue. This has led to speculative headlines proposing that the technological singularity — the point where AI surpasses human intelligence in a broad sense — might occur within just a few years.
However, this type of projection is highly debated and depends heavily on how “intelligence” is defined and measured. Many experts emphasize that current AI systems, while powerful in narrow domains, are not yet near comprehensive general intelligence, and timelines vary widely. Surveys of AI researchers and more measured forecasts still often place true artificial general intelligence (AGI) — a prerequisite for singularity in many theories — much later, often around the 2030s or beyond.
There are also significant technical and conceptual challenges that make short‑term singularity predictions uncertain. Models today excel at specific tasks and show impressive abilities, but they lack the broad autonomy, self‑improvement capabilities, and general reasoning that many definitions of human‑level intelligence assume. Progress is real and rapid, yet experts differ sharply in timelines — some suggest near‑term breakthroughs, while others see more gradual advancement over decades.
My Opinion
I think it’s unlikely that AI will fully surpass human intelligence across all domains in the next few years. We are witnessing astonishing progress in certain areas — language, pattern recognition, generation, and task automation — but those achievements are still narrow compared to the full breadth of human cognition, creativity, and common‑sense reasoning. Broad, autonomous intelligence that consistently outperforms humans across contexts remains a formidable research challenge.
That said, AI will continue transforming industries and augmenting human capabilities, and we will likely see systems that feel very powerful in specialized tasks well before true singularity — perhaps by the late 2020s or early 2030s. The exact timeline will depend on breakthroughs we can’t yet predict, and it’s essential to prepare ethically and socially for the impacts even if singularity itself remains distant.
— What ISO 42001 Is and Its Purpose ISO 42001 is a new international standard for AI governance and management systems designed to help organizations systematically manage AI-related risks and regulatory requirements. Rather than acting as a simple checklist, it sets up an ongoing framework for defining obligations, understanding how AI systems are used, and establishing controls that fit an organization’s specific risk profile. This structure resembles other ISO management system standards (such as ISO 27001) but focuses on AI’s unique challenges.
— ISO 42001’s Role in Structured Governance At its core, ISO 42001 helps organizations build consistent AI governance practices. It encourages comprehensive documentation, clear roles and responsibilities, and formalized oversight—essentials for accountable AI development and deployment. This structured approach aligns with the EU AI Act’s broader principles, which emphasize accountability, transparency, and risk-based management of AI systems.
— Documentation and Risk Management Synergies Both ISO 42001 and the EU AI Act call for thorough risk assessments, lifecycle documentation, and ongoing monitoring of AI systems. Implementing ISO 42001 can make it easier to maintain records of design choices, testing results, performance evaluations, and risk controls, which supports regulatory reviews and audits. This not only creates a stronger compliance posture but also prepares organizations to respond with evidence if regulators request proof of due diligence.
— Complementary Ethical and Operational Practices ISO 42001 embeds ethical principles—such as fairness, non-discrimination, and human oversight—into the organizational governance culture. These values closely match the normative goals of the EU AI Act, which seeks to prevent harm and bias from AI systems. By internalizing these principles at the management level, organizations can more coherently translate ethical obligations into operational policies and practices that regulators expect.
— Not a Legal Substitute for Compliance Obligations Importantly, ISO 42001 is not a legal guarantee of EU AI Act compliance on its own. The standard remains voluntary and, as of now, is not formally harmonized under the AI Act, meaning certification does not automatically confer “presumption of conformity.” The Act includes highly specific requirements—such as risk class registration, mandated reporting timelines, and prohibitions on certain AI uses—that ISO 42001’s management-system focus does not directly satisfy. ISO 42001 provides the infrastructure for strong governance, but organizations must still execute legal compliance activities in parallel to meet the letter of the law.
— Practical Benefits Beyond Compliance Even though it isn’t a standalone compliance passport, adopting ISO 42001 offers many practical benefits. It can streamline internal AI governance, improve audit readiness, support integration with other ISO standards (like security and quality), and enhance stakeholder confidence in AI practices. Organizations that embed ISO 42001 can reduce risk of missteps, build stronger evidence trails, and align cross-functional teams for both ethical practice and regulatory readiness.
My Opinion ISO 42001 is a valuable foundation for AI governance and a strong enabler of EU AI Act compliance—but it should be treated as the starting point, not the finish line. It helps organizations build structured processes, risk awareness, and ethical controls that align with regulatory expectations. However, because the EU AI Act’s requirements are detailed and legally enforceable, organizations must still map ISO-level controls to specific Act obligations, maintain live evidence, and fulfill procedural legal demands beyond what ISO 42001 specifies. In practice, using ISO 42001 as a governance backbone plus tailored compliance activities is the most pragmatic and defensible approach.
garak (Generative AI Red-teaming & Assessment Kit) is an open-source tool aimed specifically at testing Large Language Models and dialog systems for AI-specific vulnerabilities: prompt injection, jailbreaks, data leakage, hallucinations, toxicity, etc.
It supports many LLM sources: Hugging Face models, OpenAI APIs, AWS Bedrock, local ggml models, etc.
Typical usage is via command line, making it relatively easy to incorporate into a Linux/pen-test workflow.
For someone interested in “governance,” garak helps identify when an AI system violates safety, privacy or compliance expectations before deployment.
BlackIce — Containerized Toolkit for AI Red-Teaming & Security Testing
BlackIce is described as a standardized, containerized red-teaming toolkit for both LLMs and classical ML models. The idea is to lower the barrier to entry for AI security testing by packaging many tools into a reproducible Docker image.
It bundles a curated set of open-source tools (as of late 2025) for “Responsible AI and Security testing,” accessible via a unified CLI interface — akin to how Kali bundles network-security tools.
For governance purposes: BlackIce simplifies running comprehensive AI audits, red-teaming, and vulnerability assessments in a consistent, repeatable environment — useful for teams wanting to standardize AI governance practices.
LibVulnWatch — Supply-Chain & Library Risk Assessment for AI Projects
While not specific to LLM runtime security, LibVulnWatch focuses on evaluating open-source AI libraries (ML frameworks, inference engines, agent-orchestration tools) for security, licensing, supply-chain, maintenance and compliance risks.
It produces governance-aligned scores across multiple domains, helping organizations choose safer dependencies and keep track of underlying library health over time.
For an enterprise building or deploying AI: this kind of tool helps verify that your AI stack — not just the model — meets governance, audit, and risk standards.
Giskard offers LLM vulnerability scanning and red-teaming capabilities (prompt injection, data leakage, unsafe behavior, bias, etc.) via both an open-source library and an enterprise “Hub” for production-grade systems.
It supports “black-box” testing: you don’t need internal access to the model — as long as you have an API or interface, you can run tests.
For AI governance, Giskard helps in evaluating compliance with safety, privacy, and fairness standards before and after deployment.
🔧 What This Means for Kali Linux / Pen-Test-Oriented Workflows
The emergence of tools like garak, BlackIce, and Giskard shows that AI governance and security testing are becoming just as “testable” as traditional network or system security. For people familiar with Kali’s penetration-testing ecosystem — this is a familiar, powerful shift.
Because they are Linux/CLI-friendly and containerizable (especially BlackIce), they can integrate neatly into security-audit pipelines, continuous-integration workflows, or red-team labs — making them practical beyond research or toy use.
Using a supply-chain-risk tool like LibVulnWatch alongside model-level scanners gives a more holistic governance posture: not just “Is this LLM safe?” but “Is the whole AI stack (dependencies, libraries, models) reliable and auditable?”
⚠️ A Few Important Caveats (What They Don’t Guarantee)
Tools like garak and Giskard attempt to find common issues (jailbreaks, prompt injection, data leakage, harmful outputs), but cannot guarantee absolute safety or compliance — because many risks (e.g. bias, regulatory compliance, ethics, “unknown unknowns”) depend heavily on context (data, environment, usage).
Governance is more than security: It includes legal compliance, privacy, fairness, ethics, documentation, human oversight — many of which go beyond automated testing.
AI-governance frameworks are still evolving; even red-teaming tools may lag behind novel threat types (e.g. multi-modality, chain-of-tool-calls, dynamic agentic behaviors).
🎯 My Take / Recommendation (If You Want to Build an AI-Governance Stack Now)
If I were you and building or auditing an AI system today, I’d combine these tools:
Start with garak or Giskard to scan model behavior for injection, toxicity, privacy leaks, etc.
Use BlackIce (in a container) for more comprehensive red-teaming including chaining tests, multi-tool or multi-agent flows, and reproducible audits.
Run LibVulnWatch on your library dependencies to catch supply-chain or licensing risks.
Complement that with manual reviews, documentation, human-in-the-loop audits and compliance checks (since automated tools only catch a subset of governance concerns).
🧠 AI Governance & Security Lab Stack (2024–2025)
Kali doesn’t yet ship AI governance tools by default — but:
✅ Almost all of these run on Linux
✅ Many are CLI-based or Dockerized
✅ They integrate cleanly with red-team labs
✅ You can easily build a custom Kali “AI Governance profile”
My recommendation: Create:
A Docker compose stack for garak + Giskard + promptfoo
A CI pipeline for prompt & agent testing
A governance evidence pack (logs + scores + reports)
Map each tool to ISO 42001 / NIST AI RMF controls
below is a compact, actionable mapping that connects the ~10 tools we discussed to ISO/IEC 42001 clauses (high-level AI management system requirements) and to the NIST AI RMF Core functions (GOVERN / MAP / MEASURE / MANAGE). I cite primary sources for the standards and each tool so you can follow up quickly.
Notes on how to read the table • ISO 42001 — I map to the standard’s high-level clauses (Context (4), Leadership (5), Planning (6), Support (7), Operation (8), Performance evaluation (9), Improvement (10)). These are the right level for mapping tools into an AI Management System. Cloud Security Alliance+1 • NIST AI RMF — I use the Core functions: GOVERN / MAP / MEASURE / MANAGE (the AI RMF core and its intended outcomes). Tools often map to multiple functions. NIST Publications • Each row: tool → primary ISO clauses it supports → primary NIST functions it helps with → short justification + source links.
NIST AI RMF: MEASURE (testing, metrics, evaluation), MAP (identify system behavior & risks), MANAGE (remediation actions). NIST Publications+1
Why: Giskard automates model testing (bias, hallucination, security checks) and produces evidence/metrics used in audits and continuous evaluation. GitHub
2) promptfoo (prompt & RAG test suite / CI integration)
ISO 42001: 7 Support (documented procedures, competence), 8 Operation (validation before deployment), 9 Performance evaluation (continuous testing). Cloud Security Alliance
Why: promptfoo provides automated prompt tests, integrates into CI (pre-deployment gating) and produces test artifacts for governance traceability. GitHub+1
Why: LlamaFirewall is explicitly designed as a last-line runtime guardrail for agentic systems — enforcing policies and detecting task-drift/prompt injection at runtime. arXiv
ISO 42001: 8 Operation (adversarial testing), 9 Performance evaluation (benchmarks & stress tests), 10 Improvement (feed results back to controls). Cloud Security Alliance
NIST AI RMF: MEASURE (adversarial performance metrics), MAP (expose attack surface), MANAGE (prioritize fixes based on attack impact). NIST Publications+2arXiv+2
Why: These tools expand coverage of red-team tests (free-form and evolutionary adversarial prompts), surfacing edge failures and jailbreaks that standard tests miss. arXiv+1
7) Meta SecAlign (safer model / model-level defenses)
ISO 42001: 8 Operation (safe model selection/deployment), 6 Planning (risk-aware model selection), 7 Support (model documentation). Cloud Security Alliance+1
NIST AI RMF: MAP (model risk characteristics), MANAGE (apply safer model choices / mitigations), MEASURE (evaluate defensive effectiveness). NIST Publications+1
Why: A “safer” model built to resist manipulation maps directly to operational and planning controls where the organization chooses lower-risk building blocks. arXiv
8) HarmBench (benchmarks for safety & robustness testing)
ISO 42001: 9 Performance evaluation (standardized benchmarks), 8 Operation (validation against benchmarks), 10 Improvement (continuous improvement from results). Cloud Security Alliance
NIST AI RMF: MEASURE (standardized metrics & benchmarks), MAP (compare risk exposure across models), MANAGE (feed measurement results into mitigation plans). NIST Publications
Why: Benchmarks are the canonical way to measure and compare model trustworthiness and to demonstrate compliance in audits. arXiv
ISO 42001: 5 Leadership & 7 Support (policy, competence, awareness — guidance & training resources). Cloud Security Alliance
NIST AI RMF: GOVERN (policy & stakeholder guidance), MAP (inventory of recommended tools & practices). NIST Publications
Why: Curated resources help leadership define policy, identify tools, and set organizational expectations — foundational for any AI management system. Cyberzoni.com
Quick recommendations for operationalizing the mapping
Create a minimal mapping table inside your ISMS (ISO 42001) that records: tool name → ISO clause(s) it supports → NIST function(s) it maps to → artifact(s) produced (reports, SBOMs, test results). This yields audit-ready evidence. (ISO42001 + NIST suggestions above).
Automate evidence collection: integrate promptfoo / Giskard into CI so that each deployment produces test artifacts (for ISO 42001 clause 9).
Supply-chain checks: run LibVulnWatch and AI-Infra-Guard periodically to populate SBOMs and vulnerability dashboards (helpful for ISO 7 & 6).
Runtime protections: embed LlamaFirewall or runtime monitors for agentic systems to satisfy operational guardrail requirements.
Adversarial coverage: schedule periodic automated red-teaming using AutoRed / RainbowPlus / HarmBench to measure resilience and feed results into continual improvement (ISO clause 10).
At DISC InfoSec, our AI Governance services go beyond traditional security. We help organizations ensure legal compliance, privacy, fairness, ethics, proper documentation, and human oversight — addressing the full spectrum of responsible AI practices, many of which cannot be achieved through automated testing alone.
The article reports on a new “safety report card” assessing how well leading AI companies are doing at protecting humanity from the risks posed by powerful artificial-intelligence systems. The report was issued by Future of Life Institute (FLI), a nonprofit that studies existential threats and promotes safe development of emerging technologies.
This “AI Safety Index” grades companies based on 35 indicators across six domains — including existential safety, risk assessment, information sharing, governance, safety frameworks, and current harms.
In the latest (Winter 2025) edition of the index, no company scored higher than a “C+.” The top-scoring companies were Anthropic and OpenAI, followed by Google DeepMind.
Other firms, including xAI, Meta, and a few Chinese AI companies, scored D or worse.
A key finding is that all evaluated companies scored poorly on “existential safety” — which covers whether they have credible strategies, internal monitoring, and controls to prevent catastrophic misuse or loss of control as AI becomes more powerful.
Even though companies like OpenAI and Google DeepMind say they’re committed to safety — citing internal research, safeguards, testing with external experts, and safety frameworks — the report argues that public information and evidence remain insufficient to demonstrate real readiness for worst-case scenarios.
For firms such as xAI and Meta, the report highlights a near-total lack of evidence about concrete safety investments beyond minimal risk-management frameworks. Some companies didn’t respond to requests for comment.
The authors of the index — a panel of eight independent AI experts including academics and heads of AI-related organizations — emphasize that we’re facing an industry that remains largely unregulated in the U.S. They warn this “race to the bottom” dynamic discourages companies from prioritizing safety when profitability and market leadership are at stake.
The report suggests that binding safety standards — not voluntary commitments — may be necessary to ensure companies take meaningful action before more powerful AI systems become a reality.
The broader context: as AI systems play larger roles in society, their misuse becomes more plausible — from facilitating cyberattacks, enabling harmful automation, to even posing existential threats if misaligned superintelligent AI were ever developed.
In short: according to the index, the AI industry still has a long way to go before it can be considered truly “safe for humanity,” even among its most prominent players.
My Opinion
I find the results of this report deeply concerning — but not surprising. The fact that even the top-ranked firms only get a “C+” strongly suggests that current AI safety efforts are more symbolic than sufficient. It seems like companies are investing in safety only at a surface level (e.g., statements, frameworks), but there’s little evidence they are preparing in a robust, transparent, and enforceable way for the profound risks AI could pose — especially when it comes to existential threats or catastrophic misuse.
The notion that an industry with such powerful long-term implications remains essentially unregulated feels reckless. Voluntary commitments and internal policies can easily be overridden by competitive pressure or short-term financial incentives. Without external oversight and binding standards, there’s no guarantee safety will win out over speed or profits.
That said, the fact that the FLI even produces this index — and that two firms get a “C+” — shows some awareness and effort towards safety. It’s better than nothing. But awareness must translate into real action: rigorous third-party audits, transparent safety testing, formal safety requirements, and — potentially — regulation.
In the end, I believe society should treat AI much like we treat high-stakes technologies such as nuclear power: with caution, transparency, and enforceable safety norms. It’s not enough to say “we care about safety”; firms must prove they can manage the long-term consequences, and governments and civil society need to hold them accountable.
ISO 42001 (published December 2023) is the first international standard dedicated to how organizations should govern and manage AI systems — whether they build AI, use it, or deploy it in services.
It lays out what the authors call an Artificial Intelligence Management System (AIMS) — a structured governance and management framework that helps companies reduce AI-related risks, build trust, and ensure responsible AI use.
Who can use it — and is it mandatory
Any organization — profit or non-profit, large or small, in any industry — that develops or uses AI can implement ISO 42001.
For now, ISO 42001 is not legally required. No country currently mandates it.
But adopting it proactively can make future compliance with emerging AI laws and regulations easier.
What ISO 42001 requires / how it works
The standard uses a “high-level structure” similar to other well-known frameworks (like ISO 27001), covering organizational context, leadership, planning, support, operations, performance evaluation, and continual improvement.
Organizations need to: define their AI-policy and scope; identify stakeholders and expectations; perform risk and impact assessments (on company level, user level, and societal level); implement controls to mitigate risks; maintain documentation and records; monitor, audit, and review the AI system regularly; and continuously improve.
As part of these requirements, there are 38 example controls (in the standard’s Annex A) that organizations can use to reduce various AI-related risks.
Why it matters
Because AI is powerful but also risky (wrong outputs, bias, privacy leaks, system failures, etc.), having a formal governance framework helps companies be more responsible and transparent when deploying AI.
For organizations that want to build trust with customers, regulators, or partners — or anticipate future AI-related regulations — ISO 42001 can serve as a credible, standardized foundation for AI governance.
My opinion
I think ISO 42001 is a valuable and timely step toward bringing some order and accountability into the rapidly evolving world of AI. Because AI is so flexible and can be used in many different contexts — some of them high-stakes — having a standard framework helps organizations think proactively about risk, ethics, transparency, and responsibility rather than scrambling reactively.
That said — because it’s new and not yet mandatory — its real-world impact depends heavily on how widely it’s adopted. For it to become meaningful beyond “nice to have,” regulators, governments, or large enterprises should encourage or require it (or similar frameworks). Until then, it will likely be adopted mostly by forward-thinking companies or those dealing with high-impact AI systems.
🔎 My view: ISO 42001 is a meaningful first step — but (for now) best seen as a foundation, not a silver bullet
I believe ISO 42001 represents a valuable starting point for bringing structure, accountability, and risk awareness to AI development and deployment. Its emphasis on governance, impact assessment, documentation, and continuous oversight is much needed in a world where AI adoption often runs faster than regulation or best practices.
That said — given its newness, generality, and the typical resource demands — I see it as necessary but not sufficient. It should be viewed as the base layer: useful for building internal discipline, preparing for regulatory demands, and signaling commitment. But to address real-world ethical, social, and technical challenges, organizations likely need additional safeguards — e.g. context-specific controls, ongoing audits, stakeholder engagement, domain-specific reviews, and perhaps even bespoke governance frameworks tailored to the type of AI system and its use cases.
In short: ISO 42001 is a strong first step — but real responsible AI requires going beyond standards to culture, context, and continuous vigilance.
✅ Real-world adopters of ISO 42001
IBM (Granite models)
IBM became “the first major open-source AI model developer to earn ISO 42001 certification,” for its “Granite” family of open-source language models.
The certification covers the management system for development, deployment, and maintenance of Granite — meaning IBM formalized policies, governance, data practices, documentation, and risk controls under AIMS (AI Management System).
According to IBM, the certification provides external assurance of transparency, security, and governance — helping enterprises confidently adopt Granite in sensitive contexts (e.g. regulated industries).
Infosys
Infosys — a global IT services and consulting company — announced in May 2024 that it had received ISO 42001:2023 certification for its AI Management System.
Their certified “AIMS framework” is part of a broader set of offerings (the “Topaz Responsible AI Suite”), which supports clients in building and deploying AI responsibly, with structured risk mitigations and accountability.
This demonstrates that even big consulting companies, not just pure-AI labs, see value in adopting ISO 42001 to manage AI at scale within enterprise services.
JAGGAER (Source-to-Pay / procurement software)
JAGGAER — a global player in procurement / “source-to-pay” software — announced that it achieved ISO 42001 certification for its AI Management System in June 2025.
For JAGGAER, the certification reflects a commitment to ethical, transparent, secure deployment of AI within its procurement platform.
This shows how ISO 42001 can be used not only by AI labs or consultancy firms, but by business-software companies integrating AI into domain-specific applications.
🧠 My take — promising first signals, but still early days
These early adopters make a strong case that ISO 42001 can work in practice across very different kinds of organizations — not just AI-native labs, but enterprises, service providers, even consulting firms. The variety and speed of adoption (multiple firms in 2024–2025) demonstrate real momentum.
At the same time — adoption appears selective, and for many companies, the process may involve minimal compliance effort rather than deep, ongoing governance. Because the standard and the ecosystem (auditors, best-practice references, peer case studies) are both still nascent, there’s a real risk that ISO 42001 becomes more of a “badge” than a strong guardrail.
In short: I see current adoptions as proof-of-concepts — promising early examples showing how ISO 42001 could become an industry baseline. But for it to truly deliver on safe, ethical, responsible AI at scale, we’ll need: more widespread adoption across sectors; shared transparency about governance practices; public reporting on outcomes; and maybe supplementary audits or domain-specific guidelines (especially for high-risk AI uses).
Most organizations think they’re ready for AI governance — until ISO/IEC 42001 shines a light on the gaps. With 47 new AI-specific controls, this standard is quickly becoming the global expectation for responsible and compliant AI deployment. To help teams get ahead, we built a free ISO 42001 Compliance Checklist that gives you a readiness score in under 10 minutes, plus a downloadable gap report you can share internally. It’s a fast way to validate where you stand today and what you’ll need to align with upcoming regulatory and customer requirements. If improving AI trust, risk posture, and audit readiness is on your roadmap, this tool will save your team hours.
1. Sam Altman — CEO of OpenAI, the company behind ChatGPT — recently issued a sobering warning: he expects “some really bad stuff to happen” as AI technology becomes more powerful.
2. His concern isn’t abstract. He pointed to real‑world examples: advanced tools such as Sora 2 — OpenAI’s own AI video tool — have already enabled the creation of deepfakes. Some of these deepfakes, misusing public‑figure likenesses (including Altman’s own), went viral on social media.
3. According to Altman, these are only early warning signs. He argues that as AI becomes more accessible and widespread, humans and society will need to “co‑evolve” alongside the technology — building not just tech, but the social norms, guardrails, and safety frameworks that can handle it.
4. The risks are multiple: deepfakes could erode public trust in media, fuel misinformation, enable fraud or identity‑related crimes, and disrupt how we consume and interpret information online. The technology’s speed and reach make the hazards more acute.
5. Altman cautioned against overreliance on AI‑based systems for decision-making. He warned that if many users start trusting AI outputs — whether for news, advice, or content — we might reach “societal‑scale” consequences: unpredictable shifts in public opinion, democracy, trust, and collective behavior.
6. Still, despite these grave warnings, Altman dismissed calls for heavy regulatory restrictions on AI’s development and release. Instead, he supports “thorough safety testing,” especially for the most powerful models — arguing that regulation may have unintended consequences or slow beneficial progress.
7. Critics note a contradiction: the same company that warns of catastrophic risks is actively releasing powerful tools like Sora 2 to the public. That raises concerns about whether early release — even in the name of “co‑evolution” — irresponsibly accelerates exposure to harm before adequate safeguards are in place.
8. The bigger picture: what happens now will likely shape how society, law, and norms adapt to AI. If deepfake tools and AI‑driven content become commonplace, we may face a future where “seeing is believing” no longer holds true — and navigating truth vs manipulation becomes far harder.
9. In short: Altman’s warning serves partly as a wake‑up call. He’s not just flagging technical risk — he’s asking society to seriously confront how we consume, trust, and regulate AI‑powered content. At the same time, his company continues to drive that content forward. It’s a tension between innovation and caution — with potentially huge societal implications.
🔎 My Opinion
I think Altman’s public warning is important and overdue — it’s rare to see an industry leader acknowledge the dangers of their own creations so candidly. This sort of transparency helps start vital conversations about ethics, regulation, and social readiness.
That said, I’m concerned that releasing powerful AI capabilities broadly, while simultaneously warning they might cause severe harm, feels contradictory. If companies push ahead with widespread deployment before robust guardrails are tested and widely adopted, we risk exposing society to misinformation, identity fraud, erosion of trust, and social disruption.
Given how fast AI adoption is accelerating — and how high the stakes are — I believe a stronger emphasis on AI governance, transparency, regulation, and public awareness is essential. Innovation should continue, but not at the expense of public safety, trust, and societal stability.
The European Union’s Artificial Intelligence Act represents the world’s first comprehensive regulatory framework for artificial intelligence. As organizations worldwide prepare for compliance, one of the most critical first steps is understanding exactly where your AI system falls within the EU’s risk-based classification structure.
At DeuraInfoSec, we’ve developed a streamlined EU AI Act Risk Calculator to help organizations quickly assess their compliance obligations.🔻 But beyond the tool itself, understanding the framework is essential for any organization deploying AI systems that touch EU markets or citizens.
The EU AI Act takes a pragmatic, risk-based approach to regulation. Rather than treating all AI systems equally, it categorizes them into four distinct risk levels, each with different compliance requirements:
1. Unacceptable Risk (Prohibited Systems)
These AI systems pose such fundamental threats to human rights and safety that they are completely banned in the EU. This category includes:
Social scoring by public authorities that evaluates or classifies people based on behavior, socioeconomic status, or personal characteristics
Real-time remote biometric identification in publicly accessible spaces (with narrow exceptions for law enforcement in specific serious crimes)
Systems that manipulate human behavior to circumvent free will and cause harm
Systems that exploit vulnerabilities of specific groups due to age, disability, or socioeconomic circumstances
If your AI system falls into this category, deployment in the EU is simply not an option. Alternative approaches must be found.
2. High-Risk AI Systems
High-risk systems are those that could significantly impact health, safety, fundamental rights, or access to essential services. The EU AI Act identifies high-risk AI in two ways:
Safety Components: AI systems used as safety components in products covered by existing EU safety legislation (medical devices, aviation, automotive, etc.)
Specific Use Cases: AI systems used in eight critical domains:
Biometric identification and categorization
Critical infrastructure management
Education and vocational training
Employment, worker management, and self-employment access
Access to essential private and public services
Law enforcement
Migration, asylum, and border control management
Administration of justice and democratic processes
High-risk AI systems face the most stringent compliance requirements, including conformity assessments, risk management systems, data governance, technical documentation, transparency measures, human oversight, and ongoing monitoring.
3. Limited Risk (Transparency Obligations)
Limited-risk AI systems must meet specific transparency requirements to ensure users know they’re interacting with AI:
Chatbots and conversational AI must clearly inform users they’re communicating with a machine
Emotion recognition systems require disclosure to users
Biometric categorization systems must inform individuals
Deepfakes and synthetic content must be labeled as AI-generated
While these requirements are less burdensome than high-risk obligations, they’re still legally binding and require thoughtful implementation.
4. Minimal Risk
The vast majority of AI systems fall into this category: spam filters, AI-enabled video games, inventory management systems, and recommendation engines. These systems face no specific obligations under the EU AI Act, though voluntary codes of conduct are encouraged, and other regulations like GDPR still apply.
Why Classification Matters Now
Many organizations are adopting a “wait and see” approach to EU AI Act compliance, assuming they have time before enforcement begins. This is a costly mistake for several reasons:
Timeline is Shorter Than You Think: While full enforcement doesn’t begin until 2026, high-risk AI systems will need to begin compliance work immediately to meet conformity assessment requirements. Building robust AI governance frameworks takes time.
Competitive Advantage: Early movers who achieve compliance will have significant advantages in EU markets. Organizations that can demonstrate EU AI Act compliance will win contracts, partnerships, and customer trust.
Foundation for Global Compliance: The EU AI Act is setting the standard that other jurisdictions are likely to follow. Building compliance infrastructure now prepares you for a global regulatory landscape.
Risk Mitigation: Even if your AI system isn’t currently deployed in the EU, supply chain exposure, data processing locations, or future market expansion could bring you into scope.
Using the Risk Calculator Effectively
Our EU AI Act Risk Calculator is designed to give you a rapid initial assessment, but it’s important to understand what it can and cannot do.
What It Does:
Provides a preliminary risk classification based on key regulatory criteria
Identifies your primary compliance obligations
Helps you understand the scope of work ahead
Serves as a conversation starter for more detailed compliance planning
What It Doesn’t Replace:
Detailed legal analysis of your specific use case
Comprehensive gap assessments against all requirements
Technical conformity assessments
Ongoing compliance monitoring
Think of the calculator as your starting point, not your destination. If your system classifies as high-risk or even limited-risk, the next step should be a comprehensive compliance assessment.
Common Classification Challenges
In our work helping organizations navigate EU AI Act compliance, we’ve encountered several common classification challenges:
Boundary Cases: Some systems straddle multiple categories. A chatbot used in customer service might seem like limited risk, but if it makes decisions about loan approvals or insurance claims, it becomes high-risk.
Component vs. System: An AI component embedded in a larger system may inherit the risk classification of that system. Understanding these relationships is critical.
Intended Purpose vs. Actual Use: The EU AI Act evaluates AI systems based on their intended purpose, but organizations must also consider reasonably foreseeable misuse.
Evolution Over Time: AI systems evolve. A minimal-risk system today might become high-risk tomorrow if its use case changes or new features are added.
The Path Forward
Whether your AI system is high-risk or minimal-risk, the EU AI Act represents a fundamental shift in how organizations must think about AI governance. The most successful organizations will be those who view compliance not as a checkbox exercise but as an opportunity to build more trustworthy, robust, and valuable AI systems.
At DeuraInfoSec, we specialize in helping organizations navigate this complexity. Our approach combines deep technical expertise with practical implementation experience. As both practitioners (implementing ISO 42001 for our own AI systems at ShareVault) and consultants (helping organizations across industries achieve compliance), we understand both the regulatory requirements and the operational realities of compliance.
Take Action Today
Start with our free EU AI Act Risk Calculator to understand your baseline risk classification. Then, regardless of your risk level, consider these next steps:
Conduct a comprehensive AI inventory across your organization
Perform detailed risk assessments for each AI system
Develop AI governance frameworks aligned with ISO 42001
Implement technical and organizational measures appropriate to your risk level
Establish ongoing monitoring and documentation processes
The EU AI Act isn’t just another compliance burden. It’s an opportunity to build AI systems that are more transparent, more reliable, and more aligned with fundamental human values. Organizations that embrace this challenge will be better positioned for success in an increasingly regulated AI landscape.
Ready to assess your AI system’s risk level? Try our free EU AI Act Risk Calculator now.
Need expert guidance on compliance? Contact DeuraInfoSec.com today for a comprehensive assessment.
DeuraInfoSec specializes in AI governance, ISO 42001 implementation, and EU AI Act compliance for B2B SaaS and financial services organizations. We’re not just consultants—we’re practitioners who have implemented these frameworks in production environments.
Artificial intelligence is rapidly advancing, prompting countries and industries worldwide to introduce new rules, norms, and governance frameworks. ISO/IEC 42001 represents a major milestone in this global movement by formalizing responsible AI management. It does so through an Artificial Intelligence Management System (AIMS) that guides organizations in overseeing AI systems safely and transparently throughout their lifecycle.
Achieving certification under ISO/IEC 42001 demonstrates that an organization manages its AI—from strategy and design to deployment and retirement—with accountability and continuous improvement. The standard aligns with related ISO guidelines covering terminology, impact assessment, and certification body requirements, creating a unified and reliable approach to AI governance.
The certification journey begins with defining the scope of the organization’s AI activities. This includes identifying AI systems, use cases, data flows, and related business processes—especially those that rely on external AI models or third-party services. Clarity in scope enables more effective governance and risk assessment across the AI portfolio.
A robust risk management system is central to compliance. Organizations must identify, evaluate, and mitigate risks that arise throughout the AI lifecycle. This is supported by strong data governance practices, ensuring that training, validation, and testing datasets are relevant, representative, and as accurate as possible. These foundations enable AI systems to perform reliably and ethically.
Technical documentation and record-keeping also play critical roles. Organizations must maintain detailed materials that demonstrate compliance and allow regulators or auditors to evaluate the system. They must also log lifecycle events—such as updates, model changes, and system interactions—to preserve traceability and accountability over time.
Beyond documentation, organizations must ensure that AI systems are used responsibly in the real world. This includes providing clear instructions to downstream users, maintaining meaningful human oversight, and ensuring appropriate accuracy, robustness, and cybersecurity. These operational safeguards anchor the organization’s quality management system and support consistent, repeatable compliance.
Ultimately, ISO/IEC 42001 delivers major benefits by strengthening trust, improving regulatory readiness, and embedding operational discipline into AI governance. It equips organizations with a structured, audit-ready framework that aligns with emerging global regulations and moves AI risk management into an ongoing, sustainable practice rather than a one-time effort.
My opinion: ISO/IEC 42001 is arriving at exactly the right moment. As AI systems become embedded in critical business functions, organizations need more than ad-hoc policies—they need a disciplined management system that integrates risk, governance, and accountability. This standard provides a practical blueprint and gives vCISOs, compliance leaders, and innovators a common language to build trustworthy AI programs. Those who adopt it early will not only reduce risk but also gain a significant competitive and credibility advantage in an increasingly regulated AI ecosystem.
We help companies 👇safely use AI without risking fines, leaks, or reputational damage
Protect your AI systems — make compliance predictable. Expert ISO-42001 readiness for small & mid-size orgs. Get a AI Risk vCISO-grade program without the full-time cost. Think of AI risk like a fire alarm—our register tracks risks, scores impact, and ensures mitigations are in place before disaster strikes.
ISO 42001 assessment → Gap analysis 👇 → Prioritized remediation → See your risks immediately with a clear path from gaps to remediation. 👇
Evaluate your organization’s compliance with mandatory AIMS clauses through our 5-Level Maturity Model – Limited-Time Offer — Available Only Till the End of This Month!
Get your Compliance & Risk Assessment today and uncover hidden gaps, maturity insights, and improvement opportunities that strengthen your organization’s AI Governance and Security Posture.
✅ Identify compliance gaps ✅ Receive actionable recommendations ✅ Boost your readiness and credibility
A practical, business‑first service to help your organization adopt AI confidently while staying compliant with ISO/IEC 42001, NIST AI RMF, and emerging global AI regulations.
What You Get
1. AI Risk & Readiness Assessment (Fast — 7 Days)
Identify all AI use cases + shadow AI
Score risks across privacy, security, bias, hallucinations, data leakage, and explainability
Heatmap of top exposures
Executive‑level summary
2. AI Governance Starter Kit
AI Use Policy (employee‑friendly)
AI Acceptable Use Guidelines
Data handling & prompt‑safety rules
Model documentation templates
AI risk register + controls checklist
3. Compliance Mapping
ISO/IEC 42001 gap snapshot
NIST AI RMF core functions alignment
EU AI Act impact assessment (light)
Prioritized remediation roadmap
4. Quick‑Win Controls (Implemented for You)
Shadow AI blocking / monitoring guidance
Data‑protection controls for AI tools
Risk‑based prompt and model review process
Safe deployment workflow
5. Executive Briefing (30 Minutes)
A simple, visual walkthrough of:
Your current AI maturity
Your top risks
What to fix next (and what can wait)
Why Clients Choose This
Fast: Results in days, not months
Simple: No jargon — practical actions only
Compliant: Pre‑mapped to global AI governance frameworks
Low‑effort: We do the heavy lifting
Pricing (Flat, Transparent)
AI Governance Readiness Package — $2,500
Includes assessment, roadmap, policies, and full executive briefing.
Optional Add‑Ons
Implementation Support (monthly) — $1,500/mo
ISO 42001 Readiness Package — $4,500
Perfect For
Teams experimenting with generative AI
Organizations unsure about compliance obligations
Firms worried about data leakage or hallucination risks
Companies preparing for ISO/IEC 42001, or EU AI Act
Next Step
Book the AI Risk Snapshot Call below (free, 15 minutes). We’ll review your current AI usage and show you exactly what you will get.
Use AI with confidence — without slowing innovation.
1. Introduction & discovery In mid-September 2025, Anthropic’s Threat Intelligence team detected an advanced cyber espionage operation carried out by a Chinese state-sponsored group named “GTG-1002”. Anthropic Brand Portal The operation represented a major shift: it heavily integrated AI systems throughout the attack lifecycle—from reconnaissance to data exfiltration—with much less human intervention than typical attacks.
2. Scope and targets The campaign targeted approximately 30 entities, including major technology companies, government agencies, financial institutions and chemical manufacturers across multiple countries. A subset of these intrusions were confirmed successful. The speed and scale were notable: the attacker used AI to process many tasks simultaneously—tasks that would normally require large human teams.
3. Attack framework and architecture The attacker built a framework that used the AI model Claude and the Model Context Protocol (MCP) to orchestrate multiple autonomous agents. Claude was configured to handle discrete technical tasks (vulnerability scanning, credential harvesting, lateral movement) while the orchestration logic managed the campaign’s overall state and transitions.
4. Autonomy of AI vs human role In this campaign, AI executed 80–90% of the tactical operations independently, while human operators focused on strategy, oversight and critical decision-gates. Humans intervened mainly at campaign initialization, approving escalation from reconnaissance to exploitation, and reviewing final exfiltration. This level of autonomy marks a clear departure from earlier attacks where humans were still heavily in the loop.
5. Attack lifecycle phases & AI involvement The attack progressed through six distinct phases: (1) campaign initialization & target selection, (2) reconnaissance and attack surface mapping, (3) vulnerability discovery and validation, (4) credential harvesting and lateral movement, (5) data collection and intelligence extraction, and (6) documentation and hand-off. At each phase, Claude or its sub-agents performed most of the work with minimal human direction. For example, in reconnaissance the AI mapped entire networks across multiple targets independently.
6. Technical sophistication & accessibility Interestingly, the campaign relied not on cutting-edge bespoke malware but on widely available, open-source penetration testing tools integrated via automated frameworks. The main innovation wasn’t novel exploits, but orchestration of commodity tools with AI generating and executing attack logic. This means the barrier to entry for similar attacks could drop significantly.
7. Response by Anthropic Once identified, Anthropic banned the compromised accounts, notified affected organisations and worked with authorities and industry partners. They enhanced their defensive capabilities—improving cyber-focused classifiers, prototyping early-detection systems for autonomous threats, and integrating this threat pattern into their broader safety and security controls.
8. Implications for cybersecurity This campaign demonstrates a major inflection point: threat actors can now deploy AI systems to carry out large-scale cyber espionage with minimal human involvement. Defence teams must assume this new reality and evolve: using AI for defence (SOC automation, vulnerability scanning, incident response), and investing in safeguards for AI models to prevent adversarial misuse.
First AI-Orchestrated Campaign – This is the first publicly reported cyber-espionage campaign largely executed by AI, showing threat actors are rapidly evolving.
High Autonomy – AI handled 80–90% of the attack lifecycle, reducing reliance on human operators and increasing operational speed.
Multi-Sector Targeting – Attackers targeted tech firms, government agencies, financial institutions, and chemical manufacturers across multiple countries.
Phased AI Execution – AI managed reconnaissance, vulnerability scanning, credential harvesting, lateral movement, data exfiltration, and documentation autonomously.
Use of Commodity Tools – Attackers didn’t rely on custom malware; they orchestrated open-source and widely available tools with AI intelligence.
Speed & Scale Advantage – AI enables simultaneous operations across multiple targets, far faster than traditional human-led attacks.
Human Oversight Limited – Humans intervened only at strategy checkpoints, illustrating the potential for near-autonomous offensive operations.
Early Detection Challenges – Traditional signature-based detection struggles against AI-driven attacks due to dynamic behavior and novel patterns.
Rapid Response Required – Prompt identification, account bans, and notifications were crucial in mitigating impact.
Shift in Cybersecurity Paradigm – AI-powered attacks represent a significant escalation in sophistication, requiring AI-enabled defenses and proactive threat modeling.
Implications for vCISO Services
AI-Aware Risk Assessments – vCISOs must evaluate AI-specific threats in enterprise risk registers and threat models.
