If your organisation is still relying on the same old cyber security training—you know, the annual click-through module that reminds everyone not to open dodgy attachments or share their password with the Nigerian prince who emailed them—then you’re in for a rude awakening. We’re in the messy middle of AI adoption, where tools are everywhere, policies are playing catch-up, and the threat landscape is evolving faster than your IT department can say ‘prompt injection’. Traditional phishing drills simply won’t cut it anymore. They’re a bit like bringing a butter knife to a gunfight; utterly inadequate for the sophisticated, AI-driven risks your teams are now facing.
I’ve been in the room when it goes wrong. I’ve seen the panic when a team realises they’ve inadvertently fed proprietary data into a public large language model (LLM), or when a seemingly innocuous AI tool turns out to be a gaping security hole. This isn’t just an IT problem; it’s an everyone problem. Every single person using AI in your organisation—which, let’s be honest, is probably everyone, whether you officially sanction it or not—is now a potential vector for new, complex cyber threats. And if your training hasn’t caught up, you’re leaving your digital doors wide open.
The gaping holes in traditional cyber security training
Let’s be blunt: most generic cyber security training is designed for a pre-AI world. It focuses on well-understood threats like malware, phishing, and basic password hygiene. These are still important, of course, but they don’t address the unique ways AI tools introduce risk. Think about it: an email asking for your login details is one thing. An AI chatbot that appears to be helping you, but is actually extracting sensitive information through a cleverly crafted prompt, is an entirely different beast.
Traditional training often operates on the assumption that malicious actors are outside your systems trying to get in. With AI, the threats can originate from within, through unwitting user interaction with legitimate-looking, but compromised, AI services or through the misuse of internal tools. The lines are blurring, and your team needs to understand these nuances.
Specific AI-centric threats your team needs to understand
AI doesn’t just add new threats; it amplifies existing ones and creates entirely novel attack vectors. Here are the big ones your training needs to tackle head-on.
Prompt injection attacks
This is perhaps the most insidious new threat. Prompt injection is when an attacker manipulates an LLM through a crafted input to make it do something it wasn’t intended to do—like reveal confidential information, bypass security filters, or even generate malicious code. Your employees are interacting with these models daily, and they need to recognise the signs of a manipulated output or a potentially harmful prompt.
Imagine a scenario where an employee uses an internal AI assistant to summarise a confidential document. A prompt injection could trick that assistant into including snippets of that confidential data in a public-facing report or even sending it to an unauthorised external email address. Users need to be trained to spot these anomalies and understand the implications of what they input and what the AI outputs.
Data leakage via AI tools (the shadow AI problem)
This is a massive one. Your employees are using AI tools—ChatGPT, Midjourney, Grammarly AI, and a hundred others—to make their jobs easier. Often, they’re doing this without official sanction, without understanding the terms of service, and without realising that every piece of data they input could be used to train the model, stored indefinitely, or even become publicly accessible. This is the essence of ‘shadow AI’—unapproved tools proliferating across your organisation, creating significant security vulnerabilities. I’ve written extensively about the policy vacuum this creates, and why your old IT policies simply won’t cut it anymore. If you haven’t already, take a look at The AI policy vacuum: why your old IT policy just wont cut it anymore and The policy problem, part 1: your IT policy in the age of AI—where to start (without panic).
Your training must explicitly cover what kind of data can—and absolutely cannot—be fed into external AI tools. It needs to establish clear guidelines for identifying and reporting shadow AI use, and provide approved, secure alternatives where possible.
Credential sprawl and API key nightmares
Every new AI tool, especially the more advanced ones, often comes with its own login, its own API key, or its own integration method. This leads to an explosion of credentials that are often poorly managed, shared insecurely, or left exposed. One compromised API key can grant an attacker access to vast amounts of data or the ability to incur significant costs on your cloud accounts. This is a problem I’ve seen play out time and again, and it’s why I dedicated a whole post to The API key problem: when every AI tool becomes a new security key headache (part 1: credential sprawl).
Training needs to educate users, especially developers and power users, on the secure management of these credentials, the risks associated with hardcoding API keys, and the importance of using secure vaults and proper access controls.
The risks of using unverified AI outputs
AI models, particularly generative ones, can ‘hallucinate’—meaning they confidently present false information as fact. They can also exhibit biases present in their training data, or even generate content that infringes on copyright. Relying blindly on AI-generated content without verification can lead to reputational damage, legal issues, and poor decision-making. Your teams need to understand that AI is a tool, not an oracle. They must be taught critical thinking skills to validate AI outputs, cross-reference information, and understand the ethical implications of using generated content.
Why it’s not just an IT problem
Some leaders might argue that existing data privacy or general cyber security training covers enough, or that AI security is purely an IT department’s problem. This is a dangerous misconception. While IT and security teams are crucial for implementing technical controls, deploying secure infrastructure, and setting policies, they cannot police every single interaction an employee has with an AI tool. The human element is the weakest link, and AI fundamentally changes how that link can be exploited.
Every user is now an active participant in your organisation’s AI security posture. They are the ones feeding data, crafting prompts, and evaluating outputs. Empowering them with the right knowledge is not just good practice; it’s a non-negotiable strategic imperative. It’s about creating a culture of responsible AI use, where everyone understands their role in protecting organisational assets.
Building an effective AI cyber security training programme
So, what does this new, AI-centric training look like? It needs to be practical, actionable, and go far beyond a tick-box exercise. Here’s a framework for what you should be covering:
1. Understanding the AI threat landscape
Start by explaining why AI is different. Introduce concepts like prompt injection, data poisoning, model evasion, and the unique challenges of shadow AI. Use real-world examples—anonymised, of course—of how these threats have impacted other organisations or could impact yours.
2. Data handling and privacy in the age of AI
This is paramount. Clear, concise guidelines on what data can (and cannot) be used with which types of AI tools. Differentiate between internal, approved AI solutions and external, public models. Emphasise GDPR compliance and the risks of inadvertently sharing personally identifiable information (PII) or intellectual property. Provide concrete examples of data classification and how it applies to AI interactions.
3. Secure prompt engineering and interaction
Train users not just on how to get better outputs from AI, but how to interact with models securely. This includes recognising and avoiding prompt injection attempts, understanding the concept of ‘system prompts’ in approved AI tools, and being cautious about sharing overly sensitive context within prompts, even with internal models.
4. Validating AI outputs: critical thinking skills
Equip your team with the skills to critically evaluate AI-generated content. Teach them to fact-check, identify potential biases or hallucinations, and understand the limitations of the models they are using. This module should foster a healthy scepticism, not blind trust.
5. Identifying and reporting shadow AI risks
Train employees to recognise unapproved AI tools and understand the risks they pose. Crucially, establish a clear, non-punitive process for reporting their use—whether accidental or intentional—and for requesting access to approved tools. This fosters transparency and allows your IT and security teams to manage the risk rather than be surprised by it.
6. Secure credential management for AI services
For those working with AI development or integrations, provide specific training on managing API keys, service accounts, and access tokens securely. This should cover principles of least privilege, secure storage, rotation policies, and the dangers of embedding credentials directly into code or public repositories.
Implementation: beyond the webinar
This training shouldn’t just be a passive online course. It needs to be interactive, with workshops, practical exercises, and regular refreshers. Use real-world scenarios relevant to your organisation. Empower ‘the AI person’—that practitioner who got tapped to figure it all out—with the specific knowledge and authority to champion these practices within their teams. And crucially, leaders must champion and fund this comprehensive AI security training as a strategic imperative, not an afterthought. It’s an investment in your organisation’s future, protecting it from threats that are already here.
Ready to move beyond basic cyber security awareness? It’s time to equip your teams with the knowledge they need to navigate the AI landscape securely. Explore our resources on building robust AI governance and capability frameworks to ensure your organisation is truly prepared.