Hybrid AI-Aware Cybersecurity Program Management Framework for Medium and Large Organizations: Integrating Adversarial AI Defense into Governance and Operations

Abstract

The rapid adoption of artificial intelligence (AI) in enterprise systems introduces novel cybersecurity risks, including adversarial attacks that exploit vulnerabilities in AI models. Traditional cybersecurity program management frameworks, such as NIST CSF, ISO/IEC 27001, and COBIT, provide robust governance, risk management, and compliance mechanisms, but they often fail to address AI-specific threats. This study develops a Hybrid AI-Aware Cybersecurity Program Management Framework that integrates adversarial AI defense mechanisms across planning, execution, monitoring, reporting, and governance feedback stages. Using a mixed-methods approach—including literature review, surveys with 150 IT managers, and interviews with 30 cybersecurity and AI professionals—the framework was evaluated for effectiveness in medium and large organizations. Results demonstrate significant improvements in AI security resilience, operational efficiency, and compliance alignment. This research contributes a practical, scalable model for embedding AI security into program management, offering strategic and operational guidance for enterprises facing evolving AI threats.