AWS Security Blog

New whitepaper available – AI for Security and Security for AI: Navigating Opportunities and Challenges

The emergence of AI as a transformative force is changing the way organizations approach security. While AI technologies can augment human expertise and increase the efficiency of security operations, they also introduce risks ranging from lower technical barriers for threat actors to inaccurate outputs.

As AI adoption accelerates alongside cyber threats and a growing patchwork of regulations, adapting security and compliance strategies is critical.

The World Economic Forum Global Cybersecurity Outlook 2025 reveals that 66% of organizations expect AI to significantly impact cybersecurity.

We’re excited to share a whitepaper we recently authored with SANS Institute called AI for Security and Security for AI: Navigating Opportunities and Challenges. The whitepaper explores the use of AI systems through three interconnected lenses: securing generative AI applications, using generative AI to strengthen overall security posture in the cloud, and protecting against generative AI-powered threats. Key considerations include the following:

  • Understanding generative AI and AI agents
  • Scoping generative AI use cases
  • Using key concepts to help architect generative AI solutions
  • Verifying large language model (LLM) outputs with automated reasoning
  • Implementing responsible AI practices throughout the AI lifecycle
  • Scaling security best practices
  • Balancing AI automation with human oversight

Effectively using generative AI technologies to enhance your security posture while reducing associated risks is an iterative process that is different for every organization. The whitepaper details key action items that can help set you on the right path. We encourage you to download it, and gain insight into how you can address generative AI security with a multi-layered strategy that meaningfully improves your technical and business outcomes. We look forward to your feedback, and to continuing the journey together.

Download  AI for Security and Security for AI: Navigating Opportunities and Challenges.

If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.

Debashis Das

Debashis Das

Debashis is a Principal in the Office of the CISO at AWS, where he helps expand the impact of the AWS CISO through customer executive engagements and public policy outreach. He also provides internal guidance to AWS service teams on security architecture decisions, upholding AWS security standards and addressing the requirements of security-sensitive customers. Recently, his efforts have focused on the security of generative AI, enhancing the AWS Well-Architected Framework, strengthening software supply chain security, and improving open-source security strategy.

Riggs Goodman

Riggs Goodman

Riggs is a Principal Partner Solution Architect at AWS. His current focus is on AI security, providing technical guidance, architecture patterns, and leadership for customers and partners to build AI workloads on AWS. Internally, Riggs focuses on driving overall technical strategy and innovation across AWS service teams to address customer and partner challenges.

Dr. Paul Vixie

Dr. Paul Vixie

Paul is a VP, Distinguished Engineer, and Deputy CISO at AWS. He joined AWS Security after a 29-year career as the founder and CEO of five startup companies covering the fields of DNS, anti-spam, internet exchange, internet carriage and hosting, and internet security. He earned his PhD in Computer Science from Keio University in 2011 and was inducted into the Internet Hall of Fame in 2014. Paul is also known as an author of open source software, including Cron. Paul and his team in the Office of the CISO use leadership and technical expertise to provide guidance and collaboration on the development and implementation of advanced security strategies and risk management.

Anne Grahn

Anne Grahn

Anne is a Senior Worldwide GTM Specialist at AWS, based in Chicago. She has 15 years of experience in the security industry, and focuses on effectively communicating cybersecurity risk. She maintains a Certified Information Systems Security Professional (CISSP) certification.