Utilise AI Models in Vulnerability Assessments
Suitable AI models are used to augment both vulnerability assessments and penetration tests.
Plain language
This control is about putting suitable AI models to work alongside your security testers so they augment, not replace, the human effort in both vulnerability assessments and penetration tests. AI can scan larger code and infrastructure footprints faster, triage findings, and surface novel or complex attack paths a human might miss, while a tester decides what to chase and exploit. The word "suitable" matters: the model has to fit the target, the test type, and your data handling rules. Without it, testing is slower to cover everything and more likely to miss the harder, chained attack paths.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
June 2026
Control Stack last updated
19 June 2026
E8 maturity levels
N/A
Guideline
Guidelines for security assuranceSection
Security AssessmentsOfficial control statement
Suitable AI models are used to augment vulnerability assessments and penetration tests.
Why it matters
If suitable AI models are not used to augment this work, vulnerability assessments and penetration tests cover ground more slowly, struggle to scale across large or fast-changing systems, and are more likely to miss novel or complex multi-step attack paths that automated reasoning could have surfaced; weaknesses that AI-augmented testing would have found stay open and exploitable.
Operational notes
Treat AI as an augmentation layer over both vulnerability assessments and penetration tests, never an unsupervised actor: validate AI-generated findings against false positives before they reach a remediation queue, and keep a human tester in control of any AI-driven penetration testing actions such as exploitation, lateral movement, or payload delivery. Scope the AI tooling strictly to authorised in-scope targets so it cannot scan or attack systems outside the rules of engagement, and govern the model and tool versions you use (pinning versions, recording prompts and configurations) so results are repeatable across tests. Periodically compare AI-augmented runs against unaided baselines to confirm the model is genuinely improving coverage and detecting novel paths rather than adding noise.
Implementation tips
- Select AI models suitable for each test type and record the choice in a model register: pick models that augment vulnerability scanning and triage for assessments, and models or agents that assist reconnaissance, attack-path reasoning and exploit suggestion for penetration tests, noting the suitability rationale for each.
- Wire the chosen AI tooling into your existing vulnerability assessment and penetration test workflow so it augments human testers, for example having it pre-triage scanner output, cluster duplicate findings, and propose chained attack paths for the tester to confirm and pursue.
- Constrain the AI tooling to the authorised target list before each engagement by loading the rules-of-engagement scope (IP ranges, hosts, applications) into its configuration and blocking it from acting on anything outside that scope.
- Keep a human tester in control of AI-driven penetration testing actions: require explicit human approval before the model runs any exploit, lateral movement, credential use, or payload, and log who approved each action.
- Validate every AI-generated finding against false positives before it reaches the remediation queue: have a tester confirm exploitability or reproduce the issue, and mark dismissed findings with the reason.
- Govern model and tool versions by pinning the model/tool version per engagement and saving the prompts and run configuration, so each AI-augmented vulnerability assessment and penetration test is repeatable and changes are tracked.
Audit / evidence tips
- Inspect the AI model register and confirm each model is justified as 'suitable' for the specific test type it augments, and that it is mapped to both vulnerability assessment and penetration test activities rather than only one.
- Trace a sample of penetration test exploitation or lateral-movement actions taken with AI assistance back to a named human tester who authorised them, confirming AI-driven actions were not executed without human oversight.
- Check the AI tooling configuration and rules of engagement for a recent engagement to confirm the tooling was scoped only to authorised targets and could not scan or attack out-of-scope systems.
- Review AI-augmented findings in a vulnerability assessment report and confirm each was validated against false positives by a human before entering remediation, rather than accepted automatically.
- Confirm the model and tool versions used in a given test are recorded and pinned so the AI-augmented run is repeatable, and that a version change is tracked in the register.
- Compare an AI-augmented test run against an unaided baseline to confirm the AI genuinely augmented coverage or surfaced novel/complex attack paths.
Cross-framework mappings
How ISM-2119 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 8.8 | ISM-2119 requires organisations to use suitable AI models to augment vulnerability assessments and penetration tests | |
| Annex A 8.29 | ISM-2119 requires suitable AI models to be used to augment vulnerability assessments and penetration tests | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.