Why Security Engineers Must Learn to Think Like Machine Learning Experts
The cybersecurity profession is undergoing its most significant transformation in decades. As artificial intelligence systems become embedded in critical infrastructure, security engineers can no longer rely on traditional defenses designed for deterministic software. Instead, they must develop a new mindset: treating AI systems as unpredictable, goal-driven actors that require continuous behavioral monitoring rather than static security rules.
What Skills Do Security Engineers Actually Need in the AI Era?
The shift from securing traditional software to defending probabilistic AI systems represents a fundamental change in how security professionals must approach their work. According to cybersecurity experts convened by InfoQ, the most critical new competencies fall into several overlapping categories.
Elham Arshad, a cybersecurity expert specializing in AI-powered security solutions, explained the core challenge: "Security is really just about keeping our data and systems safe from attackers, and it's always been a tug-of-war between those trying to break in and those trying to keep them out. There's a saying: 'To beat a lion, you must be a lion'. The same idea applies here: Defending modern systems requires tools and expertise that are just as advanced as the threats targeting them." She emphasized that modern AI security specialists must understand model behavior, data governance, and AI-specific threats such as model extraction, data poisoning, and prompt manipulation.
"Security engineers need to expand from 'code and infrastructure security' into 'data, model, and agent security'," stated Sabri Allani, a PhD researcher in AI and cybersecurity.
Sabri Allani, PhD, AI and Cybersecurity Consultant at Expleo Group
Allani outlined the essential skill areas for modern AI security professionals:
- AI Threat Modeling: Understanding attack surfaces across models, data, prompts, agents, supply chains, and runtime behaviors specific to AI systems.
- Data Security and Integrity: Ensuring training data remains clean and free from malicious manipulation through provenance tracking, poisoning resistance, and secure labeling pipelines.
- LLM and Agent Attack Literacy: Recognizing how prompt injection, tool abuse, indirect injection via documents, and jailbreak patterns can compromise large language models.
- Secure-by-Design for RAG Systems: Building retrieval-augmented generation (RAG) systems with least privilege access, retrieval scoping, and safe tool execution patterns.
- Adversarial Testing: Conducting safety and security test suites specifically designed for AI systems, including regression testing for behavioral changes.
- Observability and Forensics: Monitoring prompt and response telemetry, tool-call logs, retrieval traces, and detecting model drift in production.
- Governance and Risk Management: Applying frameworks like NIST AI RMF and ISO/IEC 42001 with measurable controls and accountability mechanisms.
Where Do Traditional Security Skills Fall Short?
Vijay Dilwale, principal security consultant at UltraViolet Cyber, stressed that the biggest shift is moving from securing deterministic software to securing probabilistic systems. "You don't need to be a machine learning expert, but you do need to understand how AI systems fail in practice with things like prompt injection, indirect prompt injection, data poisoning, model drift, Retrieval-Augmented Generation (RAG) abuse, and unsafe tool or agent access," Dilwale explained.
"The most important skill isn't a new framework, it's learning to think adversarially about systems that learn and change over time, not just applications that execute fixed logic. That mindset shift is the foundation of AI security," Dilwale noted.
Vijay Dilwale, Principal Security Consultant at UltraViolet Cyber
The critical insight is that in most real-world AI deployments, the model itself isn't the primary vulnerability. Instead, the greatest risk emerges from how the model is wired into data pipelines, identity systems, and automation tools, and how easily those connections can be exploited over time. For example, with a RAG-based system, security teams must ask not just "Is the model safe?" but rather "What happens when an attacker controls or influences the documents being retrieved, and whether the model treats that content as instructions or facts?".
How Can Organizations Build AI Security Capabilities?
Building resilience in AI security requires a multi-layered approach that extends beyond traditional incident response playbooks. Organizations must invest in specialized monitoring, cross-functional collaboration between security and machine learning teams, and incident response capabilities designed for systems that learn and adapt.
- Behavioral Monitoring: Implement continuous monitoring of AI system behavior rather than relying on static security rules, since AI systems can exhibit unexpected behaviors that traditional forensics cannot capture.
- Action-Level Controls: Deploy controls at the point where AI systems take actions, such as accessing databases, executing tools, or transferring funds, rather than only at the authentication layer.
- Continuous Validation: Treat AI systems as unpredictable actors requiring ongoing validation rather than as trusted software components that can be secured once and left alone.
- Cross-Functional Teams: Foster collaboration between security engineers and machine learning teams to identify vulnerabilities at component boundaries where untrusted input meets system instructions.
- Specialized Incident Response: Develop forensic methods and flexible response strategies designed for systems that can behave unpredictably and exhibit new, unexpected behaviors during security incidents.
Igor Maljkovic, a PhD researcher in AI security at the University of Genova, emphasized that foundational cybersecurity principles remain essential. "First, the fundamentals still matter. AI security engineers must develop a strong cybersecurity mindset," Maljkovic stated, noting that the core logic of identifying and exploiting system weaknesses remains unchanged, but the attack surface and threat vectors have expanded dramatically.
What Are the Most Dangerous Attack Boundaries in AI Systems?
The most destructive AI-based attacks exploit the boundaries between system components, where untrusted input meets system instructions, external data enters training pipelines, and AI systems connect to automation and privileged access. These boundary points represent the highest-risk areas for security teams to focus their defensive efforts.
As organizations rapidly adopt AI systems, the gap between deployment speed and security maturity continues to widen. Security engineers must transform their roles by developing new skills, methods, and strategic thinking that account for the probabilistic nature of AI systems. Success depends not on pursuing perfection, but on building resilience and visibility through specialized monitoring, cross-functional collaboration, and incident response capabilities designed for systems that learn and adapt over time.