4 AI Security Lessons From the Front Lines of Cybersecurity

As the speed of artificial intelligence adoption reaches unprecedented levels, AI is understandably a topic that spurs anxiety among security leaders. We are operating in an era where uncertainty often outweighs confidence.

Yet, after moderating a recent panel with experts including Sam Stepanyan (London Chapter Leader, OSAWP), Eva Benn (Principal Security Program Manager, Microsoft), Abed Hamdan (UnixGuy) and Ashu Savani (Co-founder, TryHackMe), one core theme emerged: AI security is not something to fear; it is a new skillset that organizations and professionals can learn, adapt to and strengthen over time.

The conversation did not dismiss the risks. AI has created a workplace ecosystem where every employee is now an attack surface and an attack vector. The threat landscape will continue to expand, and attackers will shift how they operate, but trying to piece together the unknowns before creating a resilience plan cannot be the anchoring strategy. With new AI tools flooding the market, the organizations that will succeed are those that approach AI security with continuous learning and experimentation. 

Here are four top lessons shared by leaders at the forefront of the space:

1) AI security might be new, but understanding the fundamentals is critical.

A lot of the worry around AI stems from a misconception that, to keep up with the technology's novelty, security professionals need to throw out everything they've learned and create a new framework.

However, AI is still a software, just one with new behaviors and failure models. From TCP/IP, HTTP, APIs and the way systems interface with LLMs, the core of the internet is not going to change. Defenders still need to understand traditional cybersecurity principles, such as defense-in-depth and risk management. 

Conversely, that doesn’t mean traditional security controls are enough. It means that security protocols need to evolve and build off the basics. AI needs to be treated like an extension of cybersecurity, not siloed into its own discipline, or, worse, treated as a shortcut for cybersecurity expertise.

AI can amplify one’s skillset, but it is not a substitute for skill. When faced with a real threat, AI will not save the day if the fundamentals are not in place. Imagine if a contractor installed a roof before installing the building's support beams. The entire structure would fall apart. We need to look at AI security the same way.

2) Prompt injection is one of the most dangerous new threats. 

This is the first time in cybersecurity that software can be manipulated through something as simple and as powerful as language itself. Think about traditional social engineering. At its core, it is the manipulation of people into performing actions or revealing sensitive information by exploiting natural human instincts like trust or fear. Prompt injection introduces a similar dynamic, but against machines.

For agentic AI systems that can reason, take actions and adapt their outputs in real time, the implications become especially dangerous. Attackers are no longer limited to exploiting fixed code syntax or predefined vulnerabilities. Instead, they can attempt to influence behavior through persuasive instructions, contextual manipulation, hidden prompts, encoded text or malicious conversational inputs.

The attack surface is also effectively the entirety of human language, including all human languages, programming languages, symbols and encoded strings. That makes the challenge fundamentally different from traditional application security.

Defending against prompt injection is not simply about filtering known malicious commands; it requires building new skills to understand intent, context, and the highly dynamic ways language can shape AI behavior.

3) Security teams should assume AI systems will fail.

AI defenses are probabilistic, and for defenders, this is an incredibly critical change. Since these systems work off predictions and likelihoods, not absolute certainty, organizations should not assume that a guardrail is perfectly safe.

Throughout the conversation, the experts repeatedly emphasized the importance of defense-in-depth. Security is increasingly about reducing risk rather than guaranteeing prevention, making layered controls essential.

From a preparedness standpoint, security teams should continue to use frameworks such as OWASP Top 10 and ISO 27001, while strengthening systems with a variety of complementary tactics.

For example, if an adversary can successfully use prompt injection to bypass one layer of software, additional guardrails, such as scoped permissions and segmented access, will be key to reducing vulnerabilities.

Importantly, this does not mean the security team needs to start from scratch. There are already useful open resources, but they must be applied practically and be tailored to the enterprise’s environment and threat model.

In practice, this shifts security from certainty to resilience, designing systems that assume failure and contain it when it happens.

4) Getting leadership to understand the risk requires a reframing of the landscape.

For professionals, the rationale behind cybersecurity investment is already clear. As organizations deploy AI systems, defenders recognize that the investment introduces new risks that require increased resources to protect their organization's assets.

LLMs are already concerning when they can summarize or generate text, but the stakes are much higher when they are connected to tools, APIs or business workflows. The danger is not just what the model says, but what the model can actually do.

Yet making the case to decision-makers is difficult. Cybersecurity has historically been seen as a cost center, and many senior leaders don’t understand the technical nuances of AI.

As a result, the panelist emphasized that cybersecurity communications must not be rooted in fear-based messaging but instead be translated into language that leaders understand. The most effective path to executive buy-in: reframe the conversation around business implications — revenue protection, regulatory risk, continuity and reputational impact — and back it up with data, comparable incidents and concrete financial consequences.

Securing an AI-driven future

Despite the industry’s atmosphere of worry, AI security does not require an overhaul of preexisting frameworks or training. As the experts said, you can’t secure or defend anything without understanding how it works, and this new threat landscape builds on the same principles that security teams have been defending for years.

More broadly, AI introduces new interfaces and behaviors, but not a new foundation. The principles of risk management, layered defense and systems thinking still apply.

The next frontier of cyber resilience will not be defined by flashy products or fear-driven narratives. It will be shaped by organizations that treat AI not as an unknowable force but as a skill set to be understood, developed and continuously practiced.