AI Trust Requires More Than AI Ambition

HITRUST AI Security Certification is now available as a standalone offering for deployed AI systems.

Artificial intelligence is no longer a future-state planning topic. It is already embedded in software platforms, business workflows, customer experiences, operational decision-making, and third-party services.

That changes the trust conversation.

Organizations are not only asking what AI can do. They are asking whether AI-enabled systems can be trusted to protect sensitive data, operate securely, and withstand emerging cyber threats. For vendors building or deploying AI, that means customers will expect more than broad claims about responsible AI. For organizations relying on AI vendors, it means traditional vendor assurance may not answer enough of the questions that matter.

AI has created a new assurance challenge. HITRUST AI Security Certification helps address it.

HITRUST AI Security Certification is now available as a standalone offering for deployed AI systems and AI-enabled technologies. This gives organizations a focused path to validated AI cybersecurity assurance without requiring that AI assurance be bundled into a broader certification journey.

That matters because AI risk is not simply traditional cybersecurity risk with new terminology. AI systems blur the lines between data, software, infrastructure, models, automation, and decision-making. The 2026 HITRUST Trust Report describes one of the central challenges clearly: organizations adopting AI often struggle not because controls are absent, but because they are uncertain which controls are necessary, where they should apply, and how they should scale with risk.

AI governance is important. AI security assurance is different.

Many organizations are building AI governance programs. That work is important. Governance helps define oversight, accountability, acceptable use, review processes, and responsible deployment practices. But governance does not prove that an AI system is secure.

AI security assurance asks a more specific question: have the AI system, supporting infrastructure, operating practices, access controls, data flows, and threat mitigations been evaluated against defined security expectations?

That distinction matters.

A policy can say an organization uses AI responsibly. A governance process can document who approves AI use cases. But customers, partners, boards, regulators, and relying parties increasingly need stronger evidence that AI-enabled systems are protected against cybersecurity risks.

HITRUST AI Security Certification helps provide that evidence. Developed with input from AI industry experts, the certification is designed to deliver an AI Security Assessment and accompanying certification for deployed AI systems. It includes a tailored set of AI security requirements for deployed AI systems and addresses relevant AI threats through analysis of multiple sources.

Why standalone availability matters

Making HITRUST AI Security Certification available as a standalone offering is an important step for the market.

Organizations are adopting AI at different speeds and in different ways. Some are building AI into customer-facing products. Some are deploying AI internally to improve operations. Some are relying on vendors whose products now include AI-enabled functionality. Some are still early in their AI journey, but already need a way to answer customer and stakeholder questions with confidence. A standalone offering gives those organizations a more direct path to AI-specific assurance.

For organizations developing or deploying AI, it provides a clearer way to demonstrate that deployed AI technologies are being evaluated against cybersecurity, governance, and threat-mitigation expectations.

For organizations evaluating vendors, it creates a more meaningful assurance signal. Instead of asking whether a vendor has a general security report or an AI policy, relying parties can ask whether the AI system itself has been evaluated through a structured, validated AI security assessment.

That is the difference between accepting claims of trust and requiring evidence of trust.

AI is also changing third-party risk

The 2026 HITRUST Trust Report notes that trust is becoming harder to achieve as organizations depend on interconnected ecosystems of vendors, cloud platforms, and emerging technologies while threats grow in scale, sophistication, and impact. It also notes that third-party related breaches doubled in the last year, reinforcing the need for assurance that keeps pace with modern vendor ecosystems.

AI intensifies that challenge.

When a vendor deploys AI, the relying party may inherit risks related to sensitive data exposure, model behavior, AI agent permissions, third-party model dependencies, unsafe AI artifacts, prompt manipulation, telemetry, and human oversight. Those risks may not be visible in traditional vendor questionnaires or broad assurance reports. That creates practical questions for both sides of the relationship.

• Vendors wonder how to prove their AI systems are secure enough for customers to trust.

• Customers need to know how to evaluate whether AI vendors are managing AI-specific cybersecurity risk appropriately.

   

HITRUST AI Security Certification helps answer both questions through a validated assurance approach designed specifically for deployed AI systems.

Threats are evolving. Assurance has to evolve too.

AI is also changing the threat landscape itself.

HITRUST’s Q1 2026 CSF Threat and Mitigation Analysis explains that AI is accelerating parts of both vulnerability discovery and exploitation, and that static security frameworks cannot assume yesterday’s controls are enough. HITRUST addresses this through its Cyber Threat Adaptive capability, which uses threat intelligence, vulnerability research, and real-world attack data to help keep the HITRUST CSF current.

That same analysis expanded beyond MITRE ATT&CK to incorporate MITRE ATLAS, MITRE’s knowledge base of adversary tactics and techniques targeting AI-enabled systems. Based on a review of 4,761 threat articles and 399,764 MITRE ATT&CK and MITRE ATLAS indicators, HITRUST confirmed that the requirements included in HITRUST AI Security Certification remain responsive to the evolving AI threat landscape, with over 97% coverage of adversarial techniques.This is why AI assurance cannot be static. As AI systems become more powerful, more embedded, and more connected to business-critical workflows, assurance must remain aligned to the ways threats are actually evolving.

A new trust expectation for AI

AI adoption will continue to accelerate. The question is whether assurance will keep up. Organizations building AI need a credible way to show that AI security is being addressed. Organizations buying or relying on AI need a stronger way to evaluate the technologies entering their ecosystems. Customers and stakeholders need evidence they can understand and trust.

HITRUST AI Security Certification helps establish that standard.

It gives organizations a structured, risk-based path to validate AI cybersecurity controls for deployed AI systems. It helps translate abstract AI risk into concrete, implementable control expectations. It supports stronger customer trust, better vendor assurance, and more defensible AI adoption.

AI innovation should not outpace trust. With HITRUST AI Security Certification now available as a standalone offering, organizations have a clearer way to prove, request, and rely on validated AI cybersecurity assurance.

Learn how HITRUST AI Security Certification can help your organization demonstrate or require validated cybersecurity assurance for deployed AI systems.

Recent developments surrounding frontier models, like Anthropic’s Glasswing/Mythos, are intensifying discussion around how AI-driven vulnerability discovery may reshape cybersecurity assurance and third-party trust. 

The Assumption Behind Traditional Assurance 

For years, cybersecurity assurance models have operated on an implicit assumption that assurance activities, certifications, and control validations provide meaningful insight into an organization’s security posture over time. Periodic assessments were designed for a threat environment in which vulnerabilities evolved at a pace that allowed organizations to evaluate, remediate, and reassess over meaningful intervals. 
 
AI-driven vulnerability discovery is accelerating the pace at which threat conditions evolve, creating new challenges for maintaining alignment between assurance activities and real-world exposure. 
 
Recent developments and industry discussion surrounding new frontier models like Anthropic’s Project Glasswing and Mythos model have intensified focus on this issue. While the technical specifics continue evolving, the broader signal is becoming increasingly clear: AI capabilities may materially accelerate how vulnerabilities are identified, analyzed, and operationalized across software ecosystems. 

What Actually Changed 

AI has supported cybersecurity analysis for years, but newer frontier-model capabilities increasingly introduce scalable, systematic vulnerability discovery. 
 
The significance of this shift is not simply increased automation. It is the ability to identify and explore broader classes of vulnerabilities across technology ecosystems with increasing speed and autonomy.

These developments may increasingly compress the time between:

• vulnerability discovery

• exposure identification

• remediation prioritization

• potential exploitation.

Discussions are important not simply because they involve AI, but because they reinforce how quickly assumptions around vulnerability discovery and exposure timelines may evolve.

As a result, organizations may need to think differently about how assurance activities remain aligned to evolving threat conditions over time. 

Why This Matters for Assurance 

Traditional assurance frameworks were designed around periodic validation. Controls were assessed, evidence was collected, and certifications reflected a point-in-time understanding of risk posture. 
 
That approach continues to provide important value. But in an environment where vulnerabilities emerge and evolve more rapidly, organizations may need additional mechanisms to help maintain confidence that validated controls continue to align to evolving threat conditions. 
 
The challenge increasingly becomes not simply whether controls are operating, but whether they remain relevant against newly identified vulnerabilities and evolving exploit techniques. 
 
Controls may continue operating as intended while emerging threats change the effectiveness assumptions surrounding those controls. That distinction matters. 

Maintaining Assurance Relevance Over Time 

The cybersecurity industry has increasingly explored concepts like continuous monitoring, ongoing visibility, and adaptive security operations. 
 
At the same time, organizations are beginning to ask a broader question: How can assurance activities remain meaningfully aligned to rapidly evolving threat conditions? 
 
Operational continuity is not necessarily the same thing as continued relevance. 
 
As vulnerability discovery accelerates, assurance models may need to become more responsive to changing threat conditions, not simply more frequent in their evidence collection. 
 
This does not require constant reassessment of everything. It requires better alignment between assurance outputs and real-world exposure conditions. 

Third-Party Risk Becomes More Dynamic 

The implications are amplified across third-party ecosystems. 
 
Organizations are increasingly dependent on software vendors, cloud providers, infrastructure providers, managed service providers, and interconnected supply chains. AI-driven vulnerability discovery may increase broader exposure implications across interconnected ecosystems. 
 
As a result, third-party risk becomes more dynamic, more synchronized, and more difficult to evaluate through traditional point-in-time review models alone. 
 
Organizations will increasingly need assurance approaches that can adapt to changing exposure conditions while remaining operationally scalable and practical.

Where the Industry Goes Next 

The answer is not endless reassessment or dramatically expanding compliance burden. 
 
The industry will likely continue exploring ways to make assurance activities more responsive to evolving threat conditions while maintaining operational scalability and consistency. 
 
Organizations will continue to need certifications, validations, and trust frameworks. But the underlying assumptions behind those models are beginning to evolve. 
 
As AI-driven cyber capabilities continue evolving, organizations will increasingly need assurance approaches that help maintain trust, defensibility, and meaningful visibility into changing exposure conditions. 
 
The challenge is not replacing existing assurance models. It is helping ensure those models remain relevant and resilient in a faster-moving threat environment. 

AI is changing the threat landscape faster than many security programs can respond. Traditional frameworks built around static control sets may still check the right boxes on paper, but that alone is no longer enough. Attackers are already using AI to scale phishing, manipulate users, exploit AI-enabled systems, and find new paths into organizations.

If your security framework isn’t evolving alongside these threats, your organization may already be behind.

HITRUST doesn’t take a one-time approach to security. Our assessments are designed to adapt continuously based on real-world threat intelligence, including emerging AI-driven attack techniques. We regularly update our requirements to stay aligned with the latest risks. That’s what makes the HITRUST framework different: it’s built to evolve as the threat landscape changes.

How HITRUST stays ahead

HITRUST uses a continuous, data-driven approach called the Cyber Threat Adaptive (CTA) program. It’s a constant cycle of collecting, analyzing, and responding to real-world threat intelligence. This analysis is directly applied to the i1, e1, and r2 validated assessments in addition to the HITRUST AI Security Certification.

In the first quarter of 2026, we

• Reviewed 259 real-world breaches
• Analyzed 4,761 threat intelligence articles 
• Evaluated 399,764 MITRE ATT&CK and MITRE ATLAS indicators 
• Confirmed that the HITRUST AI Security Certification maintains over 97% coverage of adversarial AI techniques observed in the period 

What are the top threats to worry about right now?

The most common attack techniques remain familiar, but the first quarter of 2026 also showed meaningful growth in AI-related attack activity. In addition to the most prevalent traditional attack methods, we saw AI-enabled techniques rise sharply as adversaries continue to expand how they target organizations.

Here are some of the top AI-related techniques organizations should be watching.

1. User Execution

This was the top AI-related technique observed in Q1 2026. Attackers rely on a user to take an action that triggers execution, such as opening a malicious file, package, or link.

It leads to: Execution of malicious code, compromise of AI-enabled environments.

What helps: Verifying AI artifacts, vulnerability scanning, and user training.

2. Phishing

Phishing remains one of the most successful attacker techniques, and AI is making it more scalable and convincing. Adversaries are increasingly using synthetic text, visual deepfakes, and audio deepfakes to target users.

It leads to: Stolen credentials, fraudulent activity, malware delivery, and broader compromise.

What helps: User training and deepfake detection.

3. Exfiltration via AI Agent Tool Invocation

When AI agents can perform write operations or use connected tools, adversaries may manipulate them to exfiltrate data or take unauthorized actions.

It leads to: Data loss, unauthorized document or system changes, and misuse of connected enterprise tools.

What helps: Strong AI agent permission controls, human-in-the-loop oversight, segmentation of AI components, and input/output filtering.

HITRUST has long recognized that the threat landscape does not stand still. Attackers adapt, new vulnerabilities emerge, and AI is accelerating both discovery and exploitation. That is why HITRUST created the Cyber Threat Adaptive (CTA) program. CTA keeps the HITRUST CSF aligned with real-world risk using threat intelligence, vulnerability research, and attack data.

Through CTA, HITRUST is already strengthening guidance in fast-changing areas such as vulnerability management, secure software development, dependency management, and detection and response. These updates are delivered through the CSF, CTA, and MyCSF with a focus on improving threat relevance without adding unnecessary assessment burden.

Recent developments, including frontier AI models and Project Glasswing, should get the industry’s attention. HITRUST is evaluating Project Glasswing and related information to determine what CSF updates may be needed. This CTA release does not include Project Glasswing specific control changes, but future updates, including out-of-cycle updates, may address those risks as they develop.

What should you do now?

Take the following steps to stay resilient against cyber threats.

• Train your people: Make role-based security training a priority, with a strong emphasis on phishing, spear phishing, and AI-related attack patterns.
  
• Strengthen AI safeguards: Include AI-specific security topics in annual training for teams involved in AI development, deployment, data science, and cybersecurity.
• Keep humans involved where it matters: Build human-in-the-loop checkpoints into AI-driven workflows before sensitive actions are executed.
• Validate what enters your systems: Filter user inputs and attachments for suspicious or adversarial content, especially in AI-enabled environments.
  

The bottom line

Your security program should evolve at the speed of threats. Using adversary intelligence as a weapon can help get you there.

HITRUST assessments are designed to keep up with both established and emerging attack techniques. Backed by real intelligence and continuous updates, they help organizations build trust and resilience in a rapidly changing digital world.

As AI-related threats continue to grow, HITRUST’s threat-adaptive approach helps ensure both traditional systems and AI-enabled services remain better protected against what’s next.

Whether you’re just starting your security assessment process or need deeper protection, HITRUST helps you stay ready — not just compliant. Download the complete analysis to learn more.