Strategic imperatives for security strategy 6 Provide guidance to users the impact of an attack, building reports on Attackers are already using AI to increase incidents and investigations, and reverse the quality and volume of existing attack engineering scripts. Security teams should techniques like phishing emails, scam phone evaluate AI security capabilities to see if it will calls for business email compromise, and more. increase their ability to keep up with attacks Review your use policy, user support processes, and user education to ensure users are aware Establish appropriate standards of how convincing attacker communications Organizations should ensure they have written can be, how to identify these threats, and how standards that can guide organizational to escalate them to security teams. decisions and show due diligence and due care to regulators and other 3rd parties. These Adopt AI security capabilities standards typically cover security, privacy, and AI technology is no silver bullet, but it ethical topics depending on the organization’s provides clear and compelling value in key expected and authorized use of AI. For an scenarios like guiding analysts through the example you can use Microsoft’s Responsible incident response process, summarizing AI Standard as a reference. Managing multiple dimensions of AI security risk Protect AI data and applications abilities p a c y t i r u c e s AI Expect, plan t for, and track dop attacker use A of AI Protect AI data and applications User educa tion and policy