AI Security| AI for Security + Security for AI

A lot of people still say “AI security” as if it were a single conversation; here are reasons and context that highlight the differences.

The image above, directly assisting in framing this discussion, is also reflected in a slide presented at the Fortinet 2026 AI Cybersecurity Summit (EMEA), which distinguishes between “AI for Security” and “Security for GenAI” as two parallel and increasingly interdependent priorities.

Again, as the split captures well, on one side is AI for Security: using AI as a force multiplier for defenders. On the other is Security for AI: securing the models, data, agents, pipelines, and business processes that AI now touches.
That distinction matters because in 2026, security teams are no longer experimenting at the edge. They are being asked to defend organisations with AI, and at the same time defend the AI that those organisations are adopting.

That is the real story of this moment. AI has moved from novelty to infrastructure. Gartner expects worldwide AI spending to reach $2.52 trillion in 2026, up 44% year over year, while Google is openly positioning AI agents at the centre of its enterprise strategy and adding new governance and security features around them. This is no longer a future-facing discussion. It is a present-tense operating challenge.

On the AI for Security side, the promise is obvious. Security teams are overwhelmed by alert volume, brittle tooling, fragmented context, talent shortages, and the simple reality that attackers often move faster than defenders can respond to manually. The latest wave of cyber-focused AI is being marketed as a way to compress that gap. Reuters reported that OpenAI has been briefing U.S. federal agencies, state governments, and Five Eyes countries on GPT-5.4-Cyber, a version of its flagship model tuned for defensive cybersecurity work, though it could not independently verify Axios’ report. Reuters also reported that Microsoft is integrating Anthropic’s Claude Mythos Preview into its Security Development Lifecycle, saying the model can help identify vulnerabilities and speed fixes earlier in the cycle.
Without any doubt, discussions about the capabilities of Anthropic’s Mythos have added momentum to industry conversations around AI-assisted vulnerability discovery, secure software development, and the growing cyber significance of frontier model capabilities.

That same Reuters reporting explains why defenders are paying so much attention. Anthropic’s Mythos, announced earlier this month, has reportedly identified thousands of major vulnerabilities in operating systems, browsers, and other software, and access has been widened to more than 40 organisations involved in building or maintaining critical software infrastructure. Australia said on 23 April that it is working with Anthropic and other software firms to address vulnerabilities exposed by the model’s limited release. Whether one focuses on the exact branding or the broader trend, the signal is clear: frontier-model capability is beginning to matter directly to cyber defence and vulnerability discovery.

But there is a second half to this story, and it is the one many organisations still underestimate. If AI can help defenders, it can also help adversaries. Europol warned that criminal networks are already using AI to craft multilingual fraud messages, create highly realistic impersonations, and scale abuse, and it warned that increasingly autonomous systems could eventually pave the way for AI-controlled criminal networks. Microsoft’s 2025 Digital Defence Report likewise frames AI as a force that is accelerating both offensive and defensive cyber capabilities. In other words, AI is not automatically a defender's advantage. It is an amplifier, and amplifiers work for whoever operationalises them first.

That is why Security for AI deserves equal weight. Once AI is embedded into enterprise workflows, the attack surface changes.
OWASP’s guidance for LLM and GenAI applications highlights risks such as prompt injection, training data poisoning, model denial-of-service, and supply-chain vulnerabilities. Google’s Secure AI Framework, SAIF, pushes the same message from a different angle: AI must be treated as a full-stack security problem spanning data, infrastructure, models, applications, detection, response, and business context. The Coalition for Secure AI goes further still, explicitly focusing on model theft, data poisoning, prompt injection, scaled abuse prevention, membership inference, and secure design patterns for agentic systems.

And that word, agentic, may be the most important shift in the 2026 conversation. We are moving beyond chat interfaces into systems that can plan, decide, use tools, and act across enterprise environments. Reuters reported on 22 April that Google described AI agents as a linchpin of its enterprise push and announced new governance and security features for them. CoSAI has already made “secure design patterns for agentic systems” one of its core workstreams. That should tell us something important: the industry increasingly recognises that the problem is no longer just unsafe outputs from a model.
It is unsafe actions from semi-autonomous systems connected to real tools, real data, and real privileges.

Check out this deep dive into the AI threat landscape by HiddenLayer, AI is moving from assistant to actor!

Regulation and standards are starting to catch up, but only just.
In the EU, the AI Act entered into force on 1 August 2024; prohibited practices and AI literacy obligations started applying from 2 February 2025; GPAI obligations applied from 2 August 2025; and the Act becomes fully applicable from 2 August 2026, with some exceptions.
NIST’s Generative AI Profile provides a lifecycle-based companion to the AI RMF, while a joint cybersecurity guidance document from CISA, NSA, FBI, and partner agencies focuses specifically on AI data security across development, testing, and deployment. The UK NCSC’s secure AI system development guidance organises the challenge around secure design, development, deployment, and operation. The direction of travel is unmistakable: AI governance is becoming operational, not optional.

This matters even more in critical infrastructure.
In April 2026, NIST launched development of an AI RMF Profile on Trustworthy AI in Critical Infrastructure, explicitly to guide operators across IT, OT, and ICS as they adopt AI-enabled capabilities. ENISA’s Space Threat Landscape 2025 similarly frames cybersecurity risks across the satellite lifecycle, from development to deployment, operations, and decommissioning. For me, this is where the conversation becomes especially urgent. AI security is not just about protecting chatbots or speeding up SOC workflows. It is about how we build trust into systems that increasingly sit close to public services, industrial environments, transport, communications, and space-enabled infrastructure.

That is also why this topic is so close to my current work. I do not see AI security as a narrow technical add-on. I see it as a strategic discipline sitting at the intersection of security engineering, governance, assurance, and real-world deployment.
In my current work, I keep returning to one practical truth: organisations do not need more AI slogans: they need clearer methods for evaluating risk, stronger security patterns for adoption, and governance approaches that can keep pace with implementation without collapsing into checkbox theatre.

Meanwhile, the strongest organisations in this next phase will be the ones that can hold both sides of the equation at once.
They will use AI to improve triage, vulnerability discovery, detection engineering, and analyst productivity. But they will also harden prompts, protect training and retrieval pipelines, verify provenance, constrain agent permissions, monitor runtime behaviour, and connect AI governance to existing security and compliance processes.

So yes, the future of AI security is exciting. However, it is not exciting because AI is magical; it is exciting because, for the first time in a long time, the industry is being forced to design security and innovation together.

That is the bar now.

Definitely not an "AI at any cost" principle, certainly not "security as an afterthought"
But altogether, AI that can be used, trusted, governed, and defended.

If that sounds demanding (that is probably because it is). Yet, in 2026, that is exactly what serious AI adoption requires.