Australia’s ASD outlines AI opportunities and risks in cyber defence

ASD said AI can improve cyber defence through risk prioritisation, threat detection, response, recovery, and reduced manual work.
Australian Signals Directorate visual for AI cyber defence guidance, secure adoption, agentic AI risks, human oversight, and cyber resilience

The Australian Signals Directorate (ASD) has published new guidance outlining how organisations can use AI to strengthen cyber defence while managing risks associated with AI adoption.

According to ASD, malicious actors are increasingly using AI to scale and accelerate cyber operations, including reconnaissance, vulnerability analysis, and the generation of tailored malicious content. The guidance warns that AI may lower technical barriers for less experienced threat actors and shorten the time between vulnerability discovery and exploitation.

ASD says AI can support cyber defence by improving threat detection, vulnerability analysis, incident response, and prioritisation of security risks. However, ASD stresses that AI should complement rather than replace existing cybersecurity practices and controls.

The guidance maps AI use in cyber defence to six Information Security Manual functions: Govern, Identify, Protect, Detect, Respond, and Recover. Suggested uses include analysing supply chain risks, improving asset discovery, prioritising hardening actions, scanning source code, detecting anomalous behaviour, supporting incident triage, and assisting restoration planning.

The guidance also addresses so-called ‘agentic AI’ systems capable of autonomous planning and decision-making, warning that such technologies require clear operational limits, sandboxing, and strong human oversight. ASD warns that such systems require careful adoption, clear limits, permissions, sandboxing, and strong human oversight.

Organisations adopting AI for cybersecurity are advised to apply a strong baseline aligned with the Information Security Manual and Essential Eight. ASD recommends protecting AI systems from prompt injection, model evasion, and model extraction, while ensuring least-privilege access, auditability, secure integration, and validation of AI-assisted outputs.

ASD also recommends that organisations assess AI and cybersecurity vendors against criteria including explainability, human oversight, resilience, supply-chain dependencies, fallback mechanisms, and data protection practices.

ASD concludes that AI can strengthen cyber defence when deployed securely and responsibly, but warns that poorly governed systems may introduce new vulnerabilities and operational risks.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.