AI Cybersecurity Awareness Guide

What’s inside

AI doesn’t just expand productivity — it expands attack surface. This guide covers the five threat categories every organization should understand, the compliance frameworks that govern AI data handling, and a practical incident response plan.

• Five major AI threat categories with examples (data leakage, prompt injection, deepfakes, model poisoning, shadow AI)
• Compliance crosswalk: GDPR, HIPAA, FERPA, Maine Right-to-Know
• Vendor evaluation rubric focused on data terms and security posture
• Pre-deployment security review checklist
• Incident response plan template (1-page and full versions)
• Employee awareness training summary

Who should use this

Security, IT, and compliance leads at any organization deploying or considering AI tools.

• IT directors and security leads
• Compliance officers handling regulated data
• Department heads adopting AI in regulated workflows

Key outcomes

After using this resource, you’ll be able to:

• Identify the AI threats most likely to affect your operations
• Vet AI vendors against a documented security rubric
• Map AI use to existing compliance frameworks
• Have an incident response plan that survives first contact

How to use

Inventory current AI tool use first (even informal). Apply the threat framework to each. Use the vendor rubric on new procurement. Test the incident response plan once a year.