ACSC and L.E.K. Consulting are developing an AI vendor assessment toolkit to help organizations move beyond point-in-time reviews and make faster, clearer, leadership-ready risk decisions. These select slides preview the project’s framing .

One of my takeaways from the recent ACSC Workshop at MSFT NERD on May 13th, (thanks to Mark and Marc's incredible presentation) is that we are at a structural inflection point across the entire cybersecurity industry, as AI (Mythos-class) technology is quickly reshaping the economics for both attacking and defending. In preparation for the "Operationalizing Agentic AI in Cyber Security" session on June 18th, where Prophet Security's Co-Founder, Grant Oviatt, will detail Proph

As enterprise AI adoption accelerates, organizations need practical controls that improve visibility, accountability, and containment. This guide outlines five leading AI risk use cases and controls shared by Vishal Thakkar, Chief Risk Officer at Options Clearing Corporation.

AI is changing the speed and scale of cyber risk, shrinking the time defenders have to identify, prioritize, and respond. This ACSC Executive Practice Guide highlights why leaders need a new approach to measuring LLM risk, strengthening fundamentals, and using AI to close the gap between discovery and containment. Credit to ACSC AI Cochairs Mark Maybury and Marc Zissman as well as Aanad Oswal from Palo Alto.

Run your numbers. The ACSC AI Co-Chairs’ risk scoring formula helps you evaluate model risk on a zero-to-one scale. Includes: jailbreak rates hallucination rates poisoning resilience attack frequency availability indicators All public data. Additional material from the calculations shared on Dr. Maybury's GitHub repository. https://github.com/mtmaybury/AI-Risk-Assessment

We are pleased to share our summary of the Advanced Cyber Security Center’s (ACSC) 15th Annual Member Conference, "Winning the Competition for Trusted AI: A Risk and Security Agenda," hosted by the Federal Reserve Bank of Boston. The report captures essential discussions on why business continuity now depends on AI resilience and highlights the human as the critical control in managing evolving AI use cases. Beyond tactical advice on board engagement, the overview provides te

We are pleased to release the summary of "AI-Driven Attacks + Defenses: What Security Leaders Need to Know," a vital briefing from our 15th Annual Conference on November 6th. Featuring insights from Mike Sikorski of Palo Alto Networks Unit 42 and Aurora Blum of Google Cloud Threat Intelligence Group, the session assessed how AI is rapidly changing the cyber threat landscape. The experts emphasized that while attackers are using AI for speed and scale, effective defenses must

We are thrilled to share the key takeaways from the opening session of our 15th Annual Conference on November 6th, "The Future for AI Risk and Security (2025–2030)!" This critical presentation was delivered by our AI Co-Chairs, Dr. Mark Maybury of Lockheed Martin and Dr. Marc Zissman of MIT Lincoln Laboratory. The summary highlights the importance of applying the traditional CIA Triad to AI security threats and utilizing the NIST Cybersecurity Framework functions. Download th

The ACSC continues to develop and refine the attached toolkit with member input. This document is meant to help you think about how your traditional 3rd party assessment processes may need to be updated to address novel or complex AI risks.

Working with AI Security and Risk experts from MIT Lincoln Laboratory , the ACSC developed this AI Security Automation Framework with feedback from its membership and other industry thought-leaders. This document is meant to help members work through the maturity of AI security and how much is being entrusted to automation.

ACSC's AI Co-Chairs Mark Maybury, Lockheed Martin and Marc Zissman, MIT Lincoln Laboratory presented an overview of how one might apply the five functions of the NIST Cyber Security Framework to AI capabilities at the Annual Member Conference. Their presentation framed the future of AI security and risks.

ACSC's AI Co-Chairs Mark Maybury, Lockheed Martin and Marc Zissman, MIT Lincoln Laboratory presented the following AI definitions at the Annual Member Conference to align all participants with a common lexicon for the day's discussions. Their presentation which framed the future of AI security and risks.

ACSC's AI Co-Chairs Mark Maybury, Lockheed Martin and Marc Zissman, MIT Lincoln Laboratory presented the following description of the threats to Generative AI aligned to the CIA - Confidentiality, Integrity and Availability - framework during their presentation which framed the future of AI security and risks.

Quantum computing is no longer a distant horizon topic for security leaders, it’s an active planning priority. As organizations prepare for a world where today’s encryption may no longer be sufficient, the Advanced Cyber Security Center (ACSC) is closing the year with a focused discussion on what it takes to build a practical quantum strategy. On December 9, ACSC members will join a special Zoom session featuring Ray Harishankar , IBM Fellow and leader of IBM Quantum Safe. Ra

Presented by Mark Maybury, VP of Commercialization, Lockheed Martin, and Marc Zissman, Associate Head, Cyber Security and Information Sciences Division, MIT Lincoln Laboratory AI is no longer a future technology—it’s embedded in the core of modern enterprise. The next challenge isn’t adoption, but assurance: how do we secure intelligent systems that can think, act, and make decisions at machine speed? At the ACSC 15th Annual Member Conference on November 6, two of the field’s

This Thursday, November 6, the Advanced Cyber Security Center (ACSC) will host its 15th Annual Member Conference at the Federal Reserve Bank of Boston, a full day of keynotes, panels, and interactive working sessions designed to help members tackle one of the most urgent challenges of our time: building trusted AI systems. A Focus on Action and Application on AI and Security This year’s conference theme - Winning the Competition for Trusted AI: A Risk and Security Agenda -

The most damaging security incidents rarely start with an external threat. They start with an insider — sometimes malicious, often careless — who already has access. The results can be catastrophic. Google’s self-driving car unit lost 9.7 gigabytes of intellectual property when a lead engineer walked out with 14,000 files on a removable device. Boeing spent $17 million remediating a breach caused by an employee who emailed sensitive data to his spouse for help formatting a sp

In a major cyber event, the first hours are not only about containment. They are about convening the right team, deciding what and how to...

On November 6, 2025, the Advanced Cyber Security Center (ACSC) will host its 15th Annual Member Conference at the Federal Reserve Bank of...

A new study out of UC San Diego Health has reignited debate about the value of phishing training in enterprise security—and what it says...