AI is changing the threat landscape faster than many security programs can respond. Traditional frameworks built around static control sets may still check the right boxes on paper, but that alone is no longer enough. Attackers are already using AI to scale phishing, manipulate users, exploit AI-enabled systems, and find new paths into organizations.
If your security framework isn’t evolving alongside these threats, your organization may already be behind.
HITRUST doesn’t take a one-time approach to security. Our assessments are designed to adapt continuously based on real-world threat intelligence, including emerging AI-driven attack techniques. We regularly update our requirements to stay aligned with the latest risks. That’s what makes the HITRUST framework different: it’s built to evolve as the threat landscape changes.
HITRUST uses a continuous, data-driven approach called the Cyber Threat Adaptive (CTA) program. It’s a constant cycle of collecting, analyzing, and responding to real-world threat intelligence. This analysis is directly applied to the i1, e1, and r2 validated assessments in addition to the HITRUST AI Security Certification.
In the first quarter of 2026, we
The most common attack techniques remain familiar, but the first quarter of 2026 also showed meaningful growth in AI-related attack activity. In addition to the most prevalent traditional attack methods, we saw AI-enabled techniques rise sharply as adversaries continue to expand how they target organizations.
Here are some of the top AI-related techniques organizations should be watching.
This was the top AI-related technique observed in Q1 2026. Attackers rely on a user to take an action that triggers execution, such as opening a malicious file, package, or link.
It leads to: Execution of malicious code, compromise of AI-enabled environments.
What helps: Verifying AI artifacts, vulnerability scanning, and user training.
Phishing remains one of the most successful attacker techniques, and AI is making it more scalable and convincing. Adversaries are increasingly using synthetic text, visual deepfakes, and audio deepfakes to target users.
It leads to: Stolen credentials, fraudulent activity, malware delivery, and broader compromise.
What helps: User training and deepfake detection.
When AI agents can perform write operations or use connected tools, adversaries may manipulate them to exfiltrate data or take unauthorized actions.
It leads to: Data loss, unauthorized document or system changes, and misuse of connected enterprise tools.
What helps: Strong AI agent permission controls, human-in-the-loop oversight, segmentation of AI components, and input/output filtering.
HITRUST has long recognized that the threat landscape does not stand still. Attackers adapt, new vulnerabilities emerge, and AI is accelerating both discovery and exploitation. That is why HITRUST created the Cyber Threat Adaptive (CTA) program. CTA keeps the HITRUST CSF aligned with real-world risk using threat intelligence, vulnerability research, and attack data.
Through CTA, HITRUST is already strengthening guidance in fast-changing areas such as vulnerability management, secure software development, dependency management, and detection and response. These updates are delivered through the CSF, CTA, and MyCSF with a focus on improving threat relevance without adding unnecessary assessment burden.
Recent developments, including frontier AI models and Project Glasswing, should get the industry’s attention. HITRUST is evaluating Project Glasswing and related information to determine what CSF updates may be needed. This CTA release does not include Project Glasswing specific control changes, but future updates, including out-of-cycle updates, may address those risks as they develop.
Take the following steps to stay resilient against cyber threats.
Your security program should evolve at the speed of threats. Using adversary intelligence as a weapon can help get you there.
HITRUST assessments are designed to keep up with both established and emerging attack techniques. Backed by real intelligence and continuous updates, they help organizations build trust and resilience in a rapidly changing digital world.
As AI-related threats continue to grow, HITRUST’s threat-adaptive approach helps ensure both traditional systems and AI-enabled services remain better protected against what’s next.
Whether you’re just starting your security assessment process or need deeper protection, HITRUST helps you stay ready — not just compliant. Download the complete analysis to learn more.