Malik Haidar is a veteran cybersecurity expert who has spent his career defending multinational corporations against increasingly sophisticated digital threats. With a deep background in analytics and intelligence, he has transitioned into the complex world of artificial intelligence security, where he focuses on the intersection of technical robustness and business governance. His approach moves beyond traditional firewalls, advocating for a fundamental shift in how we perceive the relationship between code, data, and risk in a world of probabilistic machines.
The following discussion explores the evolution of threat modeling in the age of non-deterministic systems and the necessity of a shared governance language. It covers the specific learning paths required for security professionals to demystify “black box” models and the critical role of frameworks like the NIST AI RMF and ISO/IEC 42001 in creating an auditable and defensible AI ecosystem.
AI systems are fundamentally probabilistic rather than deterministic, meaning code and data are inseparable. How does this shift change the way you approach a threat model compared to traditional software?
In traditional security, we are used to a world where a specific input leads to a predictable output, but AI breaks that mold entirely. When you are dealing with a system where the code and data are intertwined, the threat model is no longer static; it shifts every single time a retraining cycle occurs. You cannot simply “patch” a hallucination like you would a standard software bug; instead, you often have to retrain the entire model to correct the underlying behavior. This forces us to expand our defensive playbooks from focusing on endpoints and applications to securing the training data itself and maintaining rigorous post-deployment monitoring. We have to look at threats like data poisoning and prompt injection, which target the logic of the model rather than just the infrastructure.
You’ve mentioned that traditional frameworks like MITRE ATT&CK weren’t built for model-centric threats. What specific frameworks or “shared languages” are you using to bridge that gap?
We have reached a point where we need a common vocabulary so that security, engineering, and business leaders can actually understand one another. I lean heavily on frameworks like MITRE ATLAS because it was specifically designed to address the unique vulnerabilities of machine learning systems. To provide a structured management approach, many are turning to ISACA’s AAISM, which gives us a lens focused specifically on AI security management. When you pair that with the NIST AI RMF for risk mapping and ISO/IEC 42001 for governance depth, you start to see a repeatable method for assessing and securing these systems. These aren’t just badges to collect; they are the blueprints that allow us to make informed, auditable decisions as adoption scales across the enterprise.
Many professionals feel that AI is a “black box” mystery. What steps can a cybersecurity expert take to pull back the curtain and understand how these models actually learn and predict?
The first step is to stop looking at AI as magic and start looking at it as a series of statistical probabilities. I often advise people to follow a five-stage study path, starting with foundational concepts like data quality, bias, and variance to understand how a model generalizes. You have to get comfortable with tools like SHAP and LIME, which are essential for testing for bias and gaining actual insight into how a model arrives at a specific output. Beyond the theory, there is no substitute for hands-on practice, such as building a tiny model in Google Colab or a Kaggle Notebook. Once you see how feature engineering and data pipelines work firsthand, the “black box” starts to feel a lot more like a manageable piece of technology.
Data is often described as the fuel for AI, but it also presents a massive privacy risk. How do you balance the need for high-quality training data with strict regulations regarding personally identifiable information?
This is where the role of the security professional overlaps heavily with data privacy and governance. If the data fueling your AI is mismanaged or misused, you are going to fall foul of laws regarding PII, which is why I recommend supplementing AI training with certifications like CIPT or CDPSE. You have to establish clear data lineage and consent protocols while being extremely disciplined about data retention and de-identification. It is a constant balancing act where you must ensure the data is “balanced” and high-quality for the model to function, while simultaneously implementing strong controls to prevent privacy leakage. We have to treat data not just as an asset to be exploited for intelligence, but as a liability that requires rigorous protection throughout the entire lifecycle.
What is your forecast for the future of AI security?
I believe we are moving toward a future where AI will no longer be treated as just another application to harden, but as a living, breathing system that requires continuous, outcome-based monitoring. My forecast is that the focus will shift from initial deployment security to a model of perpetual assurance, where we use specialized tools to detect drift and misuse in real-time. We will see a much tighter integration between cybersecurity and audit professionals, using model cards and detailed change logs as standard evidence for defensibility. As organizations realize they cannot rely on traditional “set it and forget it” security, the demand for experts who can navigate both the statistical foundations and the governance frameworks of AI will become the backbone of corporate risk management.
