Sign up to access an inspiration library of 30,000+ posts
Rock Lambros's Recent LinkedIn Posts
Rock Lambros
@rocklambros
Securing Agentic AI @ Zenity | Cybersecurity | CxO, Startup, PE & VC Advisor | Executive & Board Member | CISO | CAIO | QTE | AIGP | Author | OWASP AI Exchange, GenAI & Agentic AI | Tiki Tribe Founding Member
Posts
Rock Lambros
Tech & AI
14mo
We had warning, and we didn't listen...
2022 Paper Predicted Today's AI Warfare Landscape - With Eerie Accuracy
ᏗᏎᏍᏗ Disesdi Susanna Cox 🪬 paper on AI Information Warfare has been sitting in my digital library since 2022 and after catching up with her on Friday, I decided to go back and re-read it.
TL;DR...her foresight nailed it.
Here's what makes her 2022 analysis so damn prescient:
1. She recognized AI systems aren't just technical tools but potential weapons in information warfare that could "exert artificial/unintended influence over systems."
2. The paper establishes an attack methodology framework identifying four critical requirements for any successful AI attack:
• Access (getting to the system)
• Knowledge (understanding how to exploit it)
• Capability (having resources to execute)
• Impact (creating meaningful damage)
Sound familiar? We're seeing these attack chains today and, while isn't all that different from a traditional attack methodology, AI security requires fundamentally different thinking than traditional cybersecurity:
"The calculus differs significantly from traditional cybersecurity... Because AIML systems are only as intelligent as the data on which they are trained, an attacker does not need access to models themselves to impact their outputs—only to their training data."
Notice how this predicted the exact vulnerability path we're seeing exploited in 2025? When was the last time YOUR organization conducted an adversarial test of AI training data?
The paper even predicted that public datasets would become default attack vectors, something we've watched happen repeatedly with poisoning attacks against large language models (Microsoft Tay, anyone?).
What keeps me up at night is the maturity model showing most organizations at "Most Immature" (Level 5) or "Immature" (Level 4). Where would you honestly place your organization today?
The OODA loop framework applied to AI security feels eerily predictive of our current challenges with algorithmic feedback loops and manipulation. Sandy Dunn has also spoken much about this with regards to AI read teaming.
Has your organization implemented any of the continuous monitoring frameworks outlined in Figure 6 of this paper? Most haven't.
The most sobering realization is that the paper's recommended maturity model laid out exactly what organizations needed to build:
• Formalized AI security asset portfolios
• Continuous monitoring frameworks
• Adversarial testing protocols
• Documented attack vectors
How many of these do you have in place today? If you're like most organizations I work with at RockCyber, the answer is "not enough."
We are tackling a lot of these challenges at both the OWASP GenAI Security Project and the OWASP AI Exchange. Come check us out!
Rob van der Veer Aruneesh Salhotra Behnaz Karimi Scott Clinton Steve Wilson John Sotiropoulos Allie Howe Evgeniy Kokuykin
#AIGovernance #CyberSecurity #InformationWarfare #AISecurityMaturity
24 pages
113
Rock Lambros
Tech & AI
14mo
We had warning, and we didn't listen...
2022 Paper Predicted Today's AI Warfare Landscape - With Eerie Accuracy
ᏗᏎᏍᏗ Disesdi Susanna Cox 🪬 paper on AI Information Warfare has been sitting in my digital library since 2022 and after catching up with her on Friday, I decided to go back and re-read it.
TL;DR...her foresight nailed it.
Here's what makes her 2022 analysis so damn prescient:
1. She recognized AI systems aren't just technical tools but potential weapons in information warfare that could "exert artificial/unintended influence over systems."
2. The paper establishes an attack methodology framework identifying four critical requirements for any successful AI attack:
• Access (getting to the system)
• Knowledge (understanding how to exploit it)
• Capability (having resources to execute)
• Impact (creating meaningful damage)
Sound familiar? We're seeing these attack chains today and, while isn't all that different from a traditional attack methodology, AI security requires fundamentally different thinking than traditional cybersecurity:
"The calculus differs significantly from traditional cybersecurity... Because AIML systems are only as intelligent as the data on which they are trained, an attacker does not need access to models themselves to impact their outputs—only to their training data."
Notice how this predicted the exact vulnerability path we're seeing exploited in 2025? When was the last time YOUR organization conducted an adversarial test of AI training data?
The paper even predicted that public datasets would become default attack vectors, something we've watched happen repeatedly with poisoning attacks against large language models (Microsoft Tay, anyone?).
What keeps me up at night is the maturity model showing most organizations at "Most Immature" (Level 5) or "Immature" (Level 4). Where would you honestly place your organization today?
The OODA loop framework applied to AI security feels eerily predictive of our current challenges with algorithmic feedback loops and manipulation. Sandy Dunn has also spoken much about this with regards to AI read teaming.
Has your organization implemented any of the continuous monitoring frameworks outlined in Figure 6 of this paper? Most haven't.
The most sobering realization is that the paper's recommended maturity model laid out exactly what organizations needed to build:
• Formalized AI security asset portfolios
• Continuous monitoring frameworks
• Adversarial testing protocols
• Documented attack vectors
How many of these do you have in place today? If you're like most organizations I work with at RockCyber, the answer is "not enough."
We are tackling a lot of these challenges at both the OWASP GenAI Security Project and the OWASP AI Exchange. Come check us out!
Rob van der Veer Aruneesh Salhotra Behnaz Karimi Scott Clinton Steve Wilson John Sotiropoulos Allie Howe Evgeniy Kokuykin
#AIGovernance #CyberSecurity #InformationWarfare #AISecurityMaturity
24 pages
113
Rock Lambros
Tech & AI
14mo
We had warning, and we didn't listen...
2022 Paper Predicted Today's AI Warfare Landscape - With Eerie Accuracy
ᏗᏎᏍᏗ Disesdi Susanna Cox 🪬 paper on AI Information Warfare has been sitting in my digital library since 2022 and after catching up with her on Friday, I decided to go back and re-read it.
TL;DR...her foresight nailed it.
Here's what makes her 2022 analysis so damn prescient:
1. She recognized AI systems aren't just technical tools but potential weapons in information warfare that could "exert artificial/unintended influence over systems."
2. The paper establishes an attack methodology framework identifying four critical requirements for any successful AI attack:
• Access (getting to the system)
• Knowledge (understanding how to exploit it)
• Capability (having resources to execute)
• Impact (creating meaningful damage)
Sound familiar? We're seeing these attack chains today and, while isn't all that different from a traditional attack methodology, AI security requires fundamentally different thinking than traditional cybersecurity:
"The calculus differs significantly from traditional cybersecurity... Because AIML systems are only as intelligent as the data on which they are trained, an attacker does not need access to models themselves to impact their outputs—only to their training data."
Notice how this predicted the exact vulnerability path we're seeing exploited in 2025? When was the last time YOUR organization conducted an adversarial test of AI training data?
The paper even predicted that public datasets would become default attack vectors, something we've watched happen repeatedly with poisoning attacks against large language models (Microsoft Tay, anyone?).
What keeps me up at night is the maturity model showing most organizations at "Most Immature" (Level 5) or "Immature" (Level 4). Where would you honestly place your organization today?
The OODA loop framework applied to AI security feels eerily predictive of our current challenges with algorithmic feedback loops and manipulation. Sandy Dunn has also spoken much about this with regards to AI read teaming.
Has your organization implemented any of the continuous monitoring frameworks outlined in Figure 6 of this paper? Most haven't.
The most sobering realization is that the paper's recommended maturity model laid out exactly what organizations needed to build:
• Formalized AI security asset portfolios
• Continuous monitoring frameworks
• Adversarial testing protocols
• Documented attack vectors
How many of these do you have in place today? If you're like most organizations I work with at RockCyber, the answer is "not enough."
We are tackling a lot of these challenges at both the OWASP GenAI Security Project and the OWASP AI Exchange. Come check us out!
Rob van der Veer Aruneesh Salhotra Behnaz Karimi Scott Clinton Steve Wilson John Sotiropoulos Allie Howe Evgeniy Kokuykin
#AIGovernance #CyberSecurity #InformationWarfare #AISecurityMaturity
24 pages
113