AI security & AI incident response
New attack surface. Same discipline.
A convincing video call authorises a transfer that no executive ever requested. A support agent gets talked into refunding an attacker. A model quietly learns from poisoned data. These incidents are already happening, and most IR plans go silent the moment the compromised system is a model rather than a server. We secure AI deployments and respond to AI incidents the way we approach every incident surface: adversary first, evidence always.
AI is both a target and a weapon.
Attacks on your AI
Prompt injection that turns your agent against you. Poisoned training data. Model and pipeline compromise. Shadow AI nobody signed off. If it can be manipulated into acting for an attacker, it’s in scope.
Attacks using AI
Deepfake authorisation fraud is taking companies for millions per incident, and finance teams are the front line. Voice clones, synthetic identities, AI-accelerated phishing. Your controls were designed for a world where seeing was believing.
We respond to these incidents. That’s the difference.
Most AI security advice comes from people selling an AI security product. Ours comes from incident response: what the attack actually looked like, which controls failed, what the recovery cost. We’re vendor-neutral, so the answer is never “buy our platform”. Sometimes it’s a control, sometimes a process, sometimes a ninety-minute drill with your finance team that makes the deepfake call fail on the day it comes.
What we do
- AI incident response: compromised agents, model abuse, data poisoning, AI-enabled fraud
- Deepfake fraud response and finance-team drills
- AI deployment security reviews: architecture, guardrails, data flows
- AI additions to IR plans and playbooks
- Shadow AI discovery
- AI acceptable use and governance advisory
Regulatory relevance
- Privacy Act: automated decision-making transparency obligations, from December 2026
- OAIC: guidance on AI and personal information
- Boards: oversight expectations for AI risk
- SOCI: sector obligations where AI touches critical infrastructure
Fair questions.
We barely use AI. Does this apply?
Your staff use it whether or not you’ve sanctioned it, and attackers use it on you regardless. The Review’s shadow AI discovery usually surprises people.
Can you stop deepfakes?
Nobody can stop them arriving. We make them fail: verification controls that don’t rely on eyes and ears, and a finance team that’s rehearsed the exact call.
Is this separate from normal incident response?
Same team, same method. AI incidents are incidents; the difference is knowing the failure modes. Retainer hours cover AI work like anything else.