An Introduction to Artificial Intelligence

Published on August 7, 2025

Controls-An Intro to AI GuideArtificial Intelligence (AI) has rapidly become a popular topic and a focus of discussion across multiple sectors. While AI is a concern to consider, nothing has changed to reduce the impact of good security fundamentals, such as those provided by the Center for Internet Security® (CIS®), Critical Security Controls® (CIS Controls®), and CIS Benchmarks®. Data is still protected the same way, systems are still secured the same way, and the techniques used by attackers have not significantly changed. While AI is an important consideration for enterprises of any size, it hasn’t altered any of the principles of a strong cybersecurity program.In this paper, we review the real-world impact AI has had on cybersecurity for the average small- and medium sized enterprise (SME) as well as the use of AI in business operations. Although AI has enabled some efficiencies, the threat vector remains unchanged with the same recommended mitigations. To date, CIS has not observed any brand-new threats, only threat actors using AI to facilitate existing attempts. This further advocates the importance of cybersecurity fundamentals, such as the use of CIS Controls for essential cyber hygiene and the use of the CIS Benchmarks for secure configurations.

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.