Why this path
CISOs face AI as both a security tool and a security risk. This path addresses the threats specific to AI systems and the governance gaps that create exposure.
10 concepts
The AI models behind most generative tools today — capable of remarkable language tasks, and unreliable about facts they were never trained on.
Why it matters for CISOs: Understanding the systems creating the most new attack surface
Prompt engineering is the practice of writing clear instructions for an AI system, specifying the task, context, format, and constraints, so it produces more useful, consistent output.
Why it matters for CISOs: Including prompt injection as a security vector
Protecting data from unauthorized access — including the new attack surfaces that AI tools introduce.
Why it matters for CISOs: Data exposure risks from AI tool adoption
AI creates more ways for personal data to move, be retained, and end up somewhere it shouldn't than most organizations have mapped.
Why it matters for CISOs: Privacy obligations when data flows into AI systems
AI governance is the system that determines who can deploy AI, under what conditions, with what oversight, turning ad hoc experimentation into accountable organizational practice.
Why it matters for CISOs: Governance structures that enable security oversight
AI risk management is the discipline of deciding which AI systems need controls, what those controls should be, and who is accountable when something goes wrong before something does.
Why it matters for CISOs: Integrating AI risks into the security risk framework
The ability to show — after the fact — exactly what your AI system did, why, and who was watching.
Why it matters for CISOs: What logging and traceability AI systems require
Responsible AI is the difference between an organization that says it uses AI ethically and one that can actually prove it.
Why it matters for CISOs: Security's role in the responsible AI framework