ai risk today logo svg bl font
Menu
SUBSCRIBE
SUBSCRIBE
ai risk today logo svg bl font
Menu

AI Cyber

Abstract visualization of AI-driven cybersecurity testing with a central digital shield and flowing data streams representing controlled access to security tools

OpenAI Expands Trusted Access Program For Cyber Defense AI Tools

, , ,

The company will allow vetted users to access GPT-5.4-Cyber for controlled cybersecurity testing under its Trusted Access for Cyber program.

 

OpenAI is expanding access to its latest cybersecurity AI model,  GPT-5.4-Cyber, through a formal vetting program, allowing qualified users to test and strengthen cyber defenses while restricting broader use.

In a blog post, the company said that cybersecurity teams can access GPT-5.4-Cyber via its Trusted Access for Cyber (TAC) program, which vets parties by evaluating their intended use, security controls, and alignment with defensive objectives. 

The statement said that GPT-5.4-Cyber can accelerate vulnerability discovery, but noted that similar capabilities could also be used to identify and exploit software weaknesses. The company said the TAC program is designed to reduce misuse by limiting access to vetted users.

OpenAI will monitor usage and apply restrictions to prevent the system from being used for offensive or unauthorized activities.

OpenAI’s announcement follows Anthropic’s recent launch of Project Glasswing, a partnership initiative with 40 companies from the AI and cybersecurity industries to sandbox Anthropic’s Mythos agent. Anthropic said that Mythos was so effective at finding cyber vulnerabilities that access had to be limited and the product thoroughly vetted before considering giving general access. 

OpenAI is positioning the initiative as striking a balance between providing cybersecurity tools and giving access to potential bad actors.

AXIS Capital AI cybersecurity visualization showing digital lock and data networks

Axis Capital Survey Finds Executives Split On AI-Driven Cyber Risk Landscape

, ,

The research examines differing views among CEOs and chief information security officers on the role of artificial intelligence in cyber risk and security preparedness.

 

Axis Capital Holdings Limited released a survey showing how AI is reshaping perceptions of cyber risk among corporate leaders in the United States and the United Kingdom. The study, which polled 500 chief executive officers (CEOs) and chief information security officers (CISOs), highlights contrasting views on AI’s potential benefits and risks in cybersecurity.

The survey asked executives at companies with at least 250 employees about AI’s impact on cyber defenses and emerging threats. It found that AI-driven attacks, including deepfakes, social engineering, shadow AI, and advanced ransomware, are widely seen as major new risks.

Nearly 82% of respondents said they plan to increase cybersecurity budgets over the next 12 months, and 75.2% said they are likely to reduce cybersecurity headcounts as productivity gains from AI tools improve efficiency.

CEOs generally expressed greater confidence in AI’s cybersecurity value than CISOs. By a margin of 29.7% to 19.5%, fewer CISOs said they believe AI will strengthen their company’s cyber defenses, while 67.1% of CEOs said they trust AI tools to assist in cybersecurity decisions compared with 58.6% of CISOs.

“There are differing views between CEOs’ strategic optimism and CISOs’ security prudence,” said Lori Bailey, Head of Global Cyber and Technology at AXIS. “While it is now commonplace for CEOs to champion AI as a catalyst for innovation and efficiency, CISOs tend to see it as a new frontier of exposure and control.”

The survey also found regional differences: 85% of U.S. executives reported feeling prepared for AI-related threats, compared with 44% of U.K. executives. A higher share of U.S. CEOs also said they trust AI tools to support cybersecurity decisions than their U.K. counterparts.

The methodology outlined that responses were collected from October 22–29, 2025, by an independent firm, and included 138 U.S. CEOs, 112 U.S. CISOs, 123 U.K. CEOs, and 127 U.K. CISOs.

Cover image of the World Economic Forum Global Cybersecurity Outlook 2026 report highlighting artificial intelligence and cyber risk

WEF Report Finds 94% Of Cybersecurity Leaders Say AI Will Have The Greatest Impact On Cyber

, , , ,

Report finds artificial intelligence is accelerating cyber threats, reshaping defenses, and shifting executive risk priorities.

 

The World Economic Forum (WEF) released its Global Cybersecurity Outlook 2026 report, outlining trends in cyber risk, including the accelerating role of artificial intelligence (AI) in both cyber defense and cyberattacks. 

Key takeaways

  • 94% of respondents said artificial intelligence will have the greatest impact on cybersecurity in 2026.
  • 87% identified AI-related vulnerabilities as the fastest-growing cyber risk.
  • 64% of organizations now have processes to assess the security of AI systems, up from 37% the previous year.
  • 73% of respondents reported experiencing cyber-enabled fraud in 2025, with AI cited as a contributing factor.

According to the WEF, 94% of respondents expect AI to significantly affect both cyber defense capabilities and the threatscape over the coming year. The report states that organizations are embracing AI and automation at scale, even as governance frameworks and human expertise struggle to keep pace. While 64% now have processes for assessing AI security (up from 37% in 2024), about one-third still lack any validation processes before deployment.

Further, AI-related vulnerabilities were identified by 87% of respondents as the fastest-growing category of cyber risk. The report indicates that data leaks via genAI (34%) and improved adversarial capabilities (29%), such as phishing and malware development, are the top two concerns.

The Global Cybersecurity Outlook 2026 also documents the growing scale of cyber-enabled fraud, which the report links in part to AI-enabled social engineering and automation. 73% of respondents said they or their organization experienced cyber-enabled fraud in 2025. The report notes that chief executive officers increasingly rank cyber-enabled fraud as a top organizational concern, while chief information security officers continue to prioritize ransomware and supply chain attacks, highlighting a potential boardroom disparity in security priorities.

 

About the report

The Global Cybersecurity Outlook 2026 examines how AI adoption, geopolitical fragmentation, and uneven cyber resilience are reshaping cybersecurity. The document draws on a survey of executives and industry experts to identify emerging trends and risks that will affect organizations and economies in the coming year. The report was published in collaboration with Accenture.

NIST AI Cybersecurity Guidelines Released

NIST Releases Draft Cybersecurity Guidelines For The AI Era

, , , ,

Federal agency seeks public comment on new framework to help organizations secure artificial intelligence systems.

 

The U.S. National Institute of Standards and Technology (NIST) released a preliminary draft of new cybersecurity guidance to help organizations address risks associated with artificial intelligence (AI) as the technology becomes more widely used. The draft, known as the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile), is open for public comment through January 30, 2026.

The draft profile is part of the agency’s broader effort to update its Cybersecurity Framework to reflect the changing threat landscape. It outlines priorities for securing AI systems, leveraging AI to strengthen cyber defense, and building resilience against attacks that AI tools could amplify. NIST said the guidance can help organizations plan the safe integration of AI into their cybersecurity strategies.

“Regardless of where organizations are on their AI journey, they need cybersecurity strategies that acknowledge the realities of AI’s advancement,” said Barbara Cuthill, one of the profile’s authors.

The draft profile is the result of a year-long effort by NIST cybersecurity and AI experts who engaged more than 6,500 participants in a community of interest. The process included an initial concept paper, workshops, and meetings to gather feedback on the guidance’s direction.

The Cyber AI Profile outlines three main areas: securing components of AI systems, identifying opportunities to use AI defensively, and preparing for potential AI-enabled cyberattacks. NIST plans to use feedback from the public comment period to refine the draft before issuing an initial public draft in 2026.

NIST also announced a workshop slated for January 14, 2026, to discuss the draft profile and related security practices. The agency encouraged organizations and individuals involved in cybersecurity and AI to participate in the review process.

The move reflects growing concerns across government and industry about how to secure emerging AI technologies while harnessing their potential to improve defensive operations.

The State of Human Risk 2025 Report indicates spike in cyber risks

Human Risk And AI Use Surge As Cybersecurity Incidents Spike, New Study Finds

, , , , ,

The report says human error and AI-related breaches are rising concerns for security leaders.

 

A new industry study released this month shows that organizations are having growing difficulty managing human-related cybersecurity risks as artificial intelligence (AI) becomes more entrenched in everyday work. The State of Human Risk 2025 report, based on a survey of 700 cybersecurity leaders and 3,500 employees, found incidents tied to the human element surged sharply over the past year.

The report, published by security platform KnowBe4, shows a 90% increase in incidents linked to human factors compared with the previous year. These include social engineering attacks such as phishing, risky user behavior, and accidental errors.

Security leaders said cybercriminals are increasingly exploiting employees as the weakest link. 93% of respondents reported incidents caused by attackers leveraging human vulnerabilities, and a 57% increase in email-related incidents underscored the continued threat in everyday communications channels. 64% of organizations reported being hit by external attacks that exploited employees via email.

Human error also remained a critical vulnerability, with 90% of organizations experiencing incidents attributable to employee mistakes. The study further found that deepfake-related incidents rose at 32% of organizations.

Incidents involving AI applications also increased significantly, up 43% over the past 12 months, making AI-related breaches the second-fastest-growing category among all incident types measured. Despite this, nearly all organizations surveyed reported taking steps to address AI risks, and 45% of security leaders said evolving AI threats are their top challenge in managing behavioral risk.

“The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI,” said Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “Employees and AI agents will need to work in harmony, supported by a security program that proactively manages the risk of both.”

OpenAI says future AI models pose high cyber risk

OpenAI Warns Future AI Models Could Pose ‘High’ Cybersecurity Risk

, , , ,

The company says that advancing capabilities increase the risk of exploitation and outlines defensive measures.

 

OpenAI cautioned that its next-generation artificial intelligence (AI) models could pose “high” cybersecurity risks as their capabilities grow.  The warning reflects growing concern within the tech industry that advanced AI could be misused to breach systems or enable novel attacks.

In a blog post accompanying the alert, OpenAI said the models could develop working zero-day remote exploits against well-defended systems or facilitate complex enterprise or industrial criminal operations.

OpenAI’s statement underscores that these risks arise as underlying technologies learn to operate autonomously for longer periods and gain broader access to code and systems. “As capabilities advance,” the company said, it is “investing in strengthening models for defensive cybersecurity tasks and creating tools that enable defenders to more easily perform workflows such as auditing code and patching vulnerabilities.”

To address the threats, OpenAI is tightening safeguards, including access controls, infrastructure hardening, limits on outgoing data flows, and ongoing monitoring to prevent misuse. The firm is also forming a Frontier Risk Council comprised of cybersecurity experts, initially focused on cyber threats posed by evolving AI models.

OpenAI plans to offer tiered-access programs for qualified users in cyber defense, providing advanced capabilities while reducing the risk of misuse. The company’s broader security strategy also includes enhanced tools for defensive use and third-party collaboration.

The alert comes amid growing scrutiny of AI’s impact on security and safety, including previous warnings about other emerging risks and regulatory discussions in the United States and abroad.

CISA - Provide AI guidance re: AI security in critical infrastructure

CISA, Global Cyber Agencies Publish Guidance To Secure AI Use In Critical Infrastructure

, , , , , ,

The Cybersecurity and Infrastructure Security Agency (CISA) and international partners outline four core principles for safely integrating AI into operational technology systems across critical infrastructure.

 

Key takeaways

  • Critical-infrastructure operators are encouraged to treat AI as a high-risk technology in operational technology (OT) environments and to implement robust safety, security, and oversight measures. 
  • The guidance identifies four foundational principles for safe AI integration in OT: understand AI, evaluate AI use, establish governance and assurance frameworks, and embed safety and security practices into AI-enabled OT systems. 
  • The guidance emphasizes that AI deployment in systems that control physical infrastructure must include human-in-the-loop (HITL) oversight, fail-safe mechanisms, continuous monitoring, and incident-response planning, not simply automation. 

CISA, along with the NSA and international cybersecurity agencies, released a joint guidance document, Principles for the Secure Integration of Artificial Intelligence in Operational Technology.” The guidance is aimed at owners and operators of critical infrastructure systems that incorporate operational technology.

The document outlines four core principles designed to help institutions benefit from AI, such as machine-learning tools or AI agents, while safeguarding the safety, reliability, and security of OT environments. The four principles are: 

  1. Understand AI: encourages OT operators to familiarize themselves with the unique risks AI poses in industrial and control-system contexts. This includes model drift, reliability issues, increased complexity, and potential safety hazards. It also calls for training personnel and adopting secure-by-design AI development lifecycles.
  2. Consider AI Use in the OT Domain: recommends a careful assessment of whether AI is truly the right tool for a given OT task. This includes evaluating business cases, vendor transparency, data security, and the long-term maintenance burden that AI integration might bring.
  3. Establish AI Governance and Assurance Frameworks: calls for organizations to build frameworks that include continuous testing, compliance checks, and regulation-aligned evaluation of AI systems before and after deployment.
  4. Embed Safety and Security Practices into AI-Enabled OT Systems: instructs operators to integrate HITL controls for decision-making, implement fail-safe mechanisms, monitor and log AI activity, and update incident-response plans to handle potential AI failures or malicious attacks.

The guidance applies broadly to OT systems across critical infrastructure, including power generation, water treatment, transportation, manufacturing, and other sectors that use AI for tasks such as predictive maintenance, anomaly detection, and operational optimization. It emphasizes that while some AI methods (e.g., machine learning, LLM-based agents, statistical models) vary in complexity and risk, security and safety requirements remain especially important when AI controls physical processes.

By issuing this guidance, CISA and its partners signal growing caution among global cybersecurity authorities. While AI offers promising gains in efficiency and performance, its integration into OT requires rigorous governance, transparency, and risk awareness. Otherwise, critical infrastructure could become vulnerable to failures or cyberattacks.

As adoption of AI in infrastructure deployment accelerates, operators and regulators worldwide will be watching closely to see whether organizations adhere to the new principles and whether this guidance becomes a baseline for future regulatory requirements.