SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsOwn AI Securely: The SANS Secure AI Blueprint, published by SANS Institute in September 2025, introduces a three-track framework (Protect AI, Utilize AI, Govern AI) for moving enterprise AI adoption from experimentation to secure, governed deployment at scale. The paper combines SANS's own SOC research with data from Gartner, AWS, Verizon, Deloitte, and other industry sources to show where AI security commitments are lagging behind adoption.
Across these findings, the pattern holds steady: enterprise AI adoption is outpacing the ability to secure, monitor, and govern it. Budgets, board fluency, and SOC tooling all lag behind deployment speed, while attackers face none of the same constraints. The paper's position is that protecting, utilizing, and governing AI need to function as one connected discipline, with the SANS Critical AI Security Guidelines' six control categories (Access, Data, Deployment, Inference, Monitoring, and Model Security) providing the common backbone across all three tracks.
The paper draws on SANS's own 2025 SOC Survey alongside third-party research from Gartner, AWS, Cisco Talos, Verizon's Data Breach Investigations Report, Deloitte, Dataiku and Harris Poll, and Mayfield.
More SANS AI research, webcasts, and practitioner tools at sans.org/ai.


Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he leads research, mentors faculty, and helps cybersecurity teams and executive leaders prepare for AI and emerging threats.
Read more about Rob T. Lee


















