More signal, less noise.
2026-04-07 AI Security and Credentials

The AI security checklist, part 2: is your cyber security policy ready for the robots?

Right, let’s be honest. If you’re reading this, chances are your organisation is knee-deep in AI tools. Teams are experimenting, ‘AI champions’ are popping up everywhere, and the sheer pace of adoption feels less like a strategic rollout and more like a stampede. You’ve probably got folks using anything from ChatGPT for summarising reports to Copilot for coding, or even some niche AI-powered analytics platform that came with a free trial and now holds half your customer data. And if you’re in IT or security, you’re probably looking at your existing cyber security policy, a document carefully crafted over years to cover everything from phishing to patch management, and wondering: is this thing even remotely ready for the robots?

I’ve been in those rooms. The ones where someone asks, “So, what’s our policy on AI?” and the answer is a lot of shrugging and nervous glances. The truth is, AI isn’t ‘just another tool’. It introduces entirely new vectors of risk, and if your cyber security policy hasn’t been specifically updated to address them, you’ve got an AI blind spot big enough to drive a data breach through. And believe me, it’s not a matter of if, but when, that blind spot gets exploited.

The ‘ai blind spot’ in existing policies: why your current framework isn’t enough

Some might argue that a robust existing cyber security policy is broad enough to cover AI. “It’s just software, isn’t it?” they’ll say. “Our data handling policies apply.” And while that sentiment is admirable, it’s also dangerously naive. AI’s unique characteristics—its probabilistic nature, its reliance on vast datasets, its ability to generate new content, and the often opaque ‘black box’ of large language models—create entirely novel security challenges that generic policies simply don’t anticipate.

Think about it. Your current policy probably doesn’t have a specific clause for prompt injection, where malicious input manipulates an AI’s output. It won’t detail how to protect against data poisoning, where compromised training data can lead to biased or insecure models. And it almost certainly won’t address the security implications of model bias, which, while often seen as an ethical issue, can have profound security consequences if an AI system discriminates against certain users or misidentifies threats.

We’re not talking about minor tweaks here. We’re talking about fundamental shifts in how data is processed, how access is granted, and how incidents unfold. Ignoring these specifics is like trying to secure a modern cloud environment with rules designed for on-prem servers. It just won’t cut it.

Data handling & AI: re-evaluating classification and usage

This is perhaps the most immediate and terrifying area where AI changes everything. Your data classification policy, which meticulously labels data as ‘public’, ‘internal’, ‘confidential’, or ‘highly restricted’, suddenly feels inadequate when a practitioner copy-pastes a ‘confidential’ customer query into a public LLM. We’ve all seen it happen, or at least heard the whispers.

The core issue is that AI models, especially third-party ones, often treat input data as part of their learning process or may log it for operational purposes. This isn’t just about privacy—it’s about data residency, intellectual property, and competitive advantage. Is your policy clear on:

  • What data can never be input into a third-party AI tool, regardless of its classification? (Hint: PII, sensitive IP, financial data should be at the top of that list.)
  • How data used for internal AI model training is classified, protected, and retained? (Because that internal model could become a treasure trove for attackers if compromised.)
  • The implications of data flowing out of an AI system? If an AI generates code, does your policy dictate how that code is reviewed for vulnerabilities before deployment? If it summarises sensitive documents, how do you ensure the summary doesn’t inadvertently reveal too much?

Your policies need to explicitly define what constitutes acceptable data input and output for different AI tools, making it crystal clear to employees and providing a framework for IT to block or monitor inappropriate usage. This isn’t about stifling innovation; it’s about preventing a catastrophic data leak that could sink the business.

Credential sprawl & access control for AI tools

Remember the early days of SaaS adoption, when every department had its own cloud services and IT had no idea who had access to what? Welcome to AI, version 2.0. Except now, instead of just user accounts, you’ve got an explosion of API keys, service accounts, and bespoke logins for a myriad of AI applications.

One team signs up for an AI-powered design tool, another for an AI coding assistant, a third for an AI marketing platform. Each one comes with its own authentication method, its own set of permissions, and its own potential for compromise. This is a credential sprawl nightmare waiting to happen.

Your cyber security policy needs to bring order to this chaos. This means:

  • Centralised identity management: Insisting that all AI tools, where technically feasible, integrate with your existing Single Sign-On (SSO) solution. No more standalone accounts with weak passwords.
  • Principle of least privilege: Ensuring that API keys and service accounts are scoped to the absolute minimum permissions required for their function. If an API key only needs to read data, it shouldn’t have write access.
  • Regular review and rotation: Mandating regular audits of AI tool access, including API keys, and establishing clear processes for rotating credentials, especially after an employee leaves or a project concludes.
  • Secure storage of credentials: Policies must dictate how API keys and other sensitive credentials for AI services are stored—ideally in a secrets manager, not in plain text in a .env file or, worse, a public GitHub repo.

If you don’t get a handle on this, you’re creating a vast attack surface that’s almost impossible to defend.

Third-party AI vendor risk management

Your organisation probably has a robust vendor risk assessment framework. It covers everything from financial stability to data protection clauses. But how well does it truly assess an AI service provider?

When you integrate a third-party AI model, you’re not just buying a piece of software; you’re often entrusting them with processing your data, and in some cases, hosting critical business logic. Your policy needs to expand your existing framework to ask specific questions:

  • Data Processing Agreements (DPAs): Are their DPAs sufficiently strong? Do they explicitly state how your data will be used, stored, and protected? Are they clear that your data won’t be used to train their general models without explicit consent?
  • Security Attestations: Do they have relevant certifications (e.g., ISO 27001, SOC 2 Type II)? More importantly, do these attestations specifically cover their AI infrastructure and data pipelines, not just their general corporate IT?
  • Incident Response: What’s their plan if their AI system is compromised? How quickly will they notify you? What’s their liability?
  • Model explainability and auditability: While not strictly security, understanding how their model works can be crucial for identifying security vulnerabilities or biases that could lead to an incident.

It’s not enough to just tick boxes. You need to understand the unique risks an AI vendor introduces and ensure their security posture aligns with yours. Push for clear terms, because when things go sideways, you’ll want that paper trail.

Employee AI usage & acceptable use policies

Here’s where the rubber meets the road for most employees. They’re already using AI, and you can’t put the genie back in the bottle. So, your acceptable use policy (AUP) needs to evolve from merely prohibiting illicit software to actively guiding responsible AI engagement.

This isn’t about lecturing; it’s about empowering secure use. Your updated AUP should:

  • Define ‘Shadow AI’: Make it clear why using unapproved AI tools is a risk (data leakage, compliance violations, security vulnerabilities) and what the approved alternatives are.
  • Outline data input guidelines: Explicitly state what types of data can and cannot be input into any AI tool, approved or otherwise. Provide examples.
  • Emphasise verification: Encourage employees to verify AI-generated content, especially for critical tasks, acknowledging that AI can ‘hallucinate’ or produce incorrect information.
  • Promote ethical use: Touch upon responsible use, avoiding bias, and respecting privacy—even if these aren’t strictly ‘security’ in the traditional sense, they contribute to overall risk.
  • Provide training: A policy is useless without training. Regularly educate employees on the risks and responsible practices. Make it easy for them to ask questions and report concerns.

Fostering a culture of secure innovation means providing guardrails, not roadblocks. Your AUP should be a guide, not a rulebook designed to punish curiosity.

Incident response & AI: what happens when AI goes wrong?

Your incident response plan is a finely tuned machine, designed to kick into gear when a server is breached, or a phishing attack succeeds. But what happens when an AI goes rogue? What if a model starts leaking sensitive data it shouldn’t have access to, or a compromised AI system is used to generate highly convincing deepfake phishing attacks?

AI incidents demand new considerations in your IR plan:

  • Detection: How do you detect anomalous behaviour in an AI system? Are you monitoring API usage for unusual spikes? Are you looking for unexpected data outputs?
  • Containment: How do you ‘switch off’ a compromised AI model or an API key that’s being misused? Do you have kill switches in place?
  • Forensics: How do you forensically investigate an AI incident? Can you trace the source of a prompt injection attack? Can you determine what data was exposed through a model?
  • Communication: How do you communicate an AI-related data leak, especially if the data was ‘inferred’ or generated, rather than directly copied?
  • Recovery: How do you retrain or redeploy an AI model that has been poisoned or compromised?

These aren’t hypothetical scenarios; they’re emerging realities. Your IR team needs to be equipped and trained for these new types of incidents, and your policy must reflect these new processes.

It’s not just another tool. It’s a paradigm shift.

The counterargument that AI is ‘just another tool’ and existing policies are sufficient just doesn’t hold water. AI’s unique characteristics—its data-hungry nature, its probabilistic outputs, its reliance on complex, often opaque models, and its ability to act autonomously—demand a more nuanced and integrated approach to security. A standalone ‘AI policy’ might look good on paper, but if it’s not deeply woven into your existing cyber security framework, it’s just another document gathering dust.

What’s needed is not a wholesale rewrite, but a deliberate, systematic review of every section of your cyber security policy through an ‘AI lens’. It’s about identifying the gaps, understanding the new risks, and then carefully integrating AI-specific clauses and procedures into the frameworks you already have. This ensures consistency, enforceability, and, most importantly, actual security.

It’s a messy, ongoing process, but it’s vital. The robots aren’t going anywhere, and neither are the security risks they bring. Your policy needs to keep pace, or you’ll be left picking up the pieces.

Ready to dive deeper into securing your AI journey? Explore Part 1 of The AI Security Checklist for foundational insights.

This post was entirely AI-generated — from keyword research and topic planning to writing and publishing. Learn more about how Bitsmithing works.