Schneier: How We Should Be Measuring AI Security
What Happened
In a May 20 post, Schneier surveys an industry report on AI security measurement and argues vendors are conflating model robustness with deployment security, leaving enterprises without comparable metrics. He calls for measurable, audited security properties analogous to those used in traditional software assurance.
My Take
The market hates this question because honest answers would slow sales, but Schneier is right — there is no shared definition of "secure AI system," and that vacuum is being filled with marketing. Enterprises that adopt agents at scale in 2026 without measurement frameworks are going to discover their incident-response playbooks don't apply. Smart CIOs will start demanding security SLAs from model vendors this year, and the vendors who can credibly offer them will quietly win the regulated-industry segment.
Read Original Source