Strategic imperatives for security strategy 5 Chapter 1 Strategic imperatives for security strategy Attackers and business units are already adopting and using AI right now. Security teams must acknowledge this reality and urgently update security strategy to enable adoption of the skills, processes, and tools to manage these risks effectively. The top strategic imperatives for AI security are: Protect AI applications and data Attackers are already targeting AI applications to steal data and to establish beachheads for larger attacks. You should integrate security experts into the development of AI-enabled applications to protect them from the beginning (as it will be much more expensive and difficult to fix security later). Security leaders should also work with business and technology leaders to shape the AI strategy to favor SaaS and PaaS to avoid the organization taking on unnecessary risk from “build your own” AI. See the AI shared responsibility model for more information.