Assessing the Effectiveness of Artificial Intelligence Cybersecurity Controls: Practitioner Perspectives on Risk Mitigation in AI Systems | IJCT Volume 13 – Issue 4 | IJCT-V13I4P5
Assessing the Effectiveness of Artificial Intelligence Cybersecurity Controls: Practitioner Perspectives on Risk Mitigation in AI Systems | IJCT Volume 13 – Issue 4 | IJCT-V13I4P5
The rapid integration of artificial intelligence (AI) into organizational operations has intensified the need for effective cybersecurity controls. However, the extent to which existing security measures adequately protect AI systems against both conventional and AI-specific threats remains poorly understood from a practitioner’s perspective. This qualitative study explores how AI professionals perceive the effectiveness of current cybersecurity strategies in mitigating security and privacy risks in AI systems. Semi-structured interviews were conducted with 12 AI and cybersecurity professionals across financial services, healthcare, cloud computing, and technology sectors. Thematic analysis of the data identified four principal dimensions of effectiveness perception: (1) foundational controls are viewed as effective for conventional threats but insufficient for AI-specific risks; (2) AI-specific defenses are recognized as necessary but remain immature in most organizational settings; (3) monitoring capabilities exhibit a persistent gap between infrastructure-level and model behavioral detection; and (4) organizational and governance factors significantly moderate technical control effectiveness. Participants consistently described a maturity gap between the pace of AI deployment and the sophistication of protective measures. These findings have important implications for practitioners, policymakers, and researchers working to strengthen AI security frameworks and governance structures.
Keywords
AI cybersecurity effectiveness, risk mitigation, AI security controls, practitioner perceptions, qualitative research, machine learning security, AI governance, data protection, adversarial threats, information security
Conclusion
This study examined how AI professionals perceive the effectiveness of cybersecurity controls in mitigating security and privacy risks in AI systems. Drawing on semi-structured interviews with 12 practitioners across diverse organizational contexts, four principal themes were identified. Foundational cybersecurity controls are widely regarded as effective against conventional threats but are materially insufficient to address AI-specific risks. AI-specific defenses are recognized as necessary but remain immature in most organizational settings, with adversarial defense being particularly underdeveloped. Monitoring effectiveness is uneven, with strong infrastructure-level capabilities and persistent gaps in model behavioral monitoring. Organizational and governance factors, including team alignment, governance maturity, resource availability, and framework quality, critically moderate the effectiveness of technical controls.
These findings make several contributions to research and practice. Empirically, the study provides practitioner-grounded evidence of how AI cybersecurity control effectiveness is perceived across diverse organizational contexts, contributing nuance to a debate that has been dominated by technical evaluation studies. Conceptually, the study advances the argument that AI security effectiveness cannot be reduced to technical control deployment but must be understood as a complex function of technical, organizational, and governance factors operating in interaction.
For practitioners, the findings underscore the importance of developing AI-specific security evaluation frameworks alongside investment in model behavioral monitoring capabilities and cross-functional governance mechanisms. For policymakers and framework developers, the consistent reports of implementation guidance deficits in current frameworks and the resulting gap between framework adoption and security effectiveness point to a critical need for more actionable, tiered, and technically specific guidance.
Limitations of the study include its qualitative design, which prioritizes depth over generalizability, and the concentration of participants in financial services and technology sectors. Future research should include quantitative assessments of control effectiveness across larger samples, longitudinal studies tracking effectiveness changes as AI security practices mature, and comparative analyses examining how effectiveness perceptions vary across regulatory environments and national contexts.
References
[1] S. Russell, P. Norvig, Artificial Intelligence: A Modern Approach, 4th ed., Pearson, Upper Saddle River, NJ, 2020.
[2] M. Taddeo, T. McCutcheon, L. Floridi, “Trusting artificial intelligence in cybersecurity is a double-edged sword”, Nature Machine Intelligence, 2019, 1, 557–560.
[3] M. Goldblum, D. Tsipras, C. Xie, X. Chen, A. Schwarzschild, D. Song, A. Madry, B. Li, T. Goldstein, “Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses”, IEEE Transactions on Pattern Analysis and Machine Intelligence, 2022, 45, 1563–1580.
[4] B. Biggio, F. Roli, “Wild patterns: Ten years after the rise of adversarial machine learning”, Pattern Recognition, 2018, 84, 317–331.
[5] National Institute of Standards and Technology, Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST, Gaithersburg, MD, 2023. https://airc.nist.gov/RMF
[6] MITRE, MITRE ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems, 2023. https://atlas.mitre.org
[7] Z.A. Soomro, M.H. Shah, J. Ahmed, “Information security management needs more holistic approach: A literature review”, International Journal of Information Management, 2016, 36, 215–225.
[8] R.N. Rajapakse, M. Zahedi, M.A. Babar, H. Shen, “Challenges and solutions when adopting DevSecOps: A systematic review”, Information and Software Technology, 2022, 141, 106700.
[9] L. Huang, A.D. Joseph, B. Nelson, B.I. Rubinstein, J.D. Tygar, “Adversarial machine learning”, Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, Chicago, IL, USA, October 2011, pp. 43–58.
[10] S.A. Seshia, D. Sadigh, S.S. Sastry, “Toward verified artificial intelligence”, Communications of the ACM, 2022, 65, 46–55.
[11] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, R. Fergus, “Intriguing properties of neural networks”, Proceedings of the International Conference on Learning Representations, Banff, Canada, April 2014.
[12] I.J. Goodfellow, J. Shlens, C. Szegedy, “Explaining and harnessing adversarial examples”, Proceedings of the International Conference on Learning Representations, San Diego, CA, May 2015.
[13] X. Chen, C. Liu, B. Li, K. Lu, D. Song, “Targeted backdoor attacks on deep learning systems using data poisoning”, arXiv:1712.05526, 2017.
[14] A. Shafahi, W.R. Huang, M. Najibi, O. Suciu, C. Studer, T. Dumitras, T. Goldstein, “Poison frogs! Targeted clean-label poisoning attacks on neural networks”, Advances in Neural Information Processing Systems, 2018, 31.
[15] M. Fredrikson, S. Jha, T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures”, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, October 2015, pp. 1322–1333.
[16] F. Tramer, F. Zhang, A. Juels, M.K. Reiter, T. Ristenpart, “Stealing machine learning models via prediction APIs”, Proceedings of the USENIX Security Symposium, Austin, TX, August 2016, pp. 601–618.
[17] R. Shokri, M. Stronati, C. Song, V. Shmatikov, “Membership inference attacks against machine learning models”, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017, pp. 3–18.
[18] A.B. Arrieta, N. Diaz-Rodriguez, J. Del Ser, A. Bennetot, S. Tabik, A. Barbado, S. Garcia, et al., “Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI”, Information Fusion, 2020, 58, 82–115.
[19] A. Athalye, N. Carlini, D. Wagner, “Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples”, Proceedings of the International Conference on Machine Learning, Stockholm, Sweden, July 2018, pp. 274–283.
[20] N. Carlini, D. Wagner, “Towards evaluating the robustness of neural networks”, Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, May 2017, pp. 39–57.
[21] J. Cohen, E. Rosenfeld, Z. Kolter, “Certified adversarial robustness via randomized smoothing”, Proceedings of the International Conference on Machine Learning, Long Beach, CA, June 2019, pp. 1310–1320.
[22] J. Steinhardt, P.W. Koh, P.S. Liang, “Certified defenses for data poisoning attacks”, Advances in Neural Information Processing Systems, 2017, 30.
[23] C. Dwork, A. Roth, “The algorithmic foundations of differential privacy”, Foundations and Trends in Theoretical Computer Science, 2014, 9, 211–407.
[24] P. Juuti, S. Szyller, S. Marchal, N. Asokan, “PRADA: Protecting against DNN model stealing attacks”, Proceedings of the IEEE European Symposium on Security and Privacy, Stockholm, Sweden, June 2019, pp. 512–527.
[25] Verizon, Data Breach Investigations Report 2024, Verizon Communications Inc., New York, 2024.
[26] IBM Security, Cost of a Data Breach Report 2024, IBM, Armonk, NY, 2024.
[27] H.A. Kruger, W.D. Kearney, “A prototype for assessing information security awareness”, Computers & Security, 2006, 25, 289–296.
[28] R. Von Solms, J. Van Niekerk, “From information security to cyber security”, Computers & Security, 2013, 38, 97–102.
[29] K.J. Knapp, T.E. Marshall, R.K. Rainer, F.N. Ford, “Information security: Management’s effect on culture and policy”, Information Management & Computer Security, 2006, 14, 24–36.
[30] S. Ransbotham, D. Kiron, “Analytics as a source of business innovation”, MIT Sloan Management Review, 2017, 58, 1–6.
[31] M. Coeckelbergh, AI Ethics, MIT Press, Cambridge, MA, 2020.
[32] J.W. Creswell, J.D. Creswell, Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, 5th ed., SAGE Publications, Thousand Oaks, CA, 2018.
[33] V. Braun, V. Clarke, “Using thematic analysis in psychology”, Qualitative Research in Psychology, 2006, 3, 77–101.
[34] T. Dietterich, E. Kong, “Machine learning bias, statistical bias, and statistical variance of decision tree algorithms”, Technical Report, Oregon State University, 1995.
[35] J. Lu, A. Liu, F. Dong, F. Gu, J. Gama, G. Zhang, “Learning under concept drift: A review”, IEEE Transactions on Knowledge and Data Engineering, 2019, 31, 2346–2363.
[36] I.D. Raji, A. Smart, R.N. White, M. Mitchell, T. Gebru, B. Hutchinson, J. Smith-Loud, D. Theron, P. Barnes, “Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing”, Proceedings of the ACM Conference on Fairness, Accountability, and Transparency, Barcelona, January 2020, pp. 33–44.
How to Cite This Paper
Richard B Antwi (2026). Assessing the Effectiveness of Artificial Intelligence Cybersecurity Controls: Practitioner Perspectives on Risk Mitigation in AI Systems. International Journal of Computer Techniques, 13(4). ISSN: 2394-2231.