New ACSC Guidance for AI Security
Using ChatGPT, Copilot, or other AI tools in your business? The Australian Cyber Security Centre just released critical guidance for business owners.
Image: Unsplash
87% of Australian companies now use AI applications. But cybercriminals are targeting these tools with attacks that trick AI systems into revealing sensitive data.
E.g. A contractor uploaded health records into an AI system in early 2025, causing a notifiable data breach.
In other cases, employees have used AI inappropriately. E.g. A lawyer used AI to write a court document. The AI invented fake cases, and the lawyer was barred from practice.
Without proper safeguards, your AI can pose a risk to your business data and operations.
The Key Risks
Before adopting AI tools, small businesses should understand the related risks and ways to mitigate them to protect your business.
Recent ACSC guidance reveals the mains AI risks include:
Data leaks and privacy breaches – sensitive information uploaded to AI tools can be exposed or misused
Reliability and manipulation of AI outputs – AI can generate false information or be tricked into revealing confidential data
Supply chain vulnerabilities – risks from relying on third-party AI vendors whose security weaknesses can affect your business
Managing AI Risk in Your Business
There are two approaches to securing AI in your business:
1. Follow the ACSC Guidance
The ACSC provides practical steps you can take yourself to review and control how AI is used in your business. Their guidance includes a checklist to help you assess your current AI tools and practices.
For Example: Key questions to ask before using any AI tool:
What data does this tool collect?
Where is the data stored?
Who owns the data—us or the vendor?
Will our data train their AI models?
How do we verify the AI's outputs are correct?
What happens if there's a security incident?
2. Get Expert Help
While the ACSC guidance is comprehensive, navigating AI security can be complex. Having an expert outside opinion helps you identify blind spots and implement safeguards effectively.
At ShadowSafe, we help small businesses:
Assess current AI usage – understand what AI tools are being used and where the risks are
Put safeguards in place – implement security controls around your AI applications
Develop secure AI use cases – we connect you with trusted partners who can help you leverage AI in your business safely.
Develop AI policies and training — we can connect you with trusted partners to create your own AI policies and training
Don't ban AI tools. Secure them.
While AI does come with risks, the benefits far outweigh them. With expert guidance, you can safely harness AI's power to drive innovation and efficiency in your business, without compromising security.
Whether you follow the ACSC guidance yourself or work with our team and our expert partners, the key is taking action. AI isn’t going away, and the sooner you begin to learn, understand and adopt AI tools, the better.
Source: Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), Artificial Intelligence for Small Business: Managing Cyber Security Risks, January 2026. Available at: cyber.gov.au/artificial-intelligence-for-small-business
