Australia: Australian Cyber Security Centre published guidance on managing cyber security risks of artificial intelligence for small business

On 14 January 2026, the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) published guidance on managing cybersecurity risks of artificial intelligence for small businesses, aimed at managing cybersecurity risks when adopting cloud-based artificial intelligence (AI) technologies. The guidance aims to address vulnerabilities such as data leaks, privacy breaches, unreliable AI outputs, and supply chain dependencies. It clarifies that businesses should implement internal AI usage policies, anonymise personal details before uploading data to platforms, and maintain human oversight in decision-making processes for high-stakes operations. Additionally, the publication provides a checklist for businesses to verify data ownership, evaluate AI vendor security compliance frameworks such as ISO 27001, and establish incident response mechanisms for AI-related cybersecurity events.