AI Security for Software & SaaS Platforms
Your AI features are your customers' risk.
If your platform uses AI, your enterprise clients in Australia and New Zealand are now accountable for the security of your AI components. Guardrails protect your product. AI Red Teaming proves they work. Insicon Cyber helps software companies and SaaS developers build both.
The Regulatory Moment
Australia and New Zealand regulators are already inside your clients' boardrooms
In April 2026, APRA wrote directly to every Australian bank, insurer, and superannuation trustee about AI risk. One of its four core concerns was supplier risk management. APRA explicitly called out entities "heavily dependent on a single provider for multiple AI use cases" and found that contractual arrangements with AI vendors often lacked provisions for audit rights, model updates, incident notification, and changes to data handling.
One month later, ASIC issued its own open letter to Australian financial services licensees. It directed boards to ensure governance "is supported by evidence: test results, audit findings, lessons from incidents, and independent validation." The NCSC in New Zealand made supply chain exploitation one of its five key threat judgements for 2025.
The implication for your platform is direct. Your enterprise clients need to produce evidence of their AI controls to their regulators. That evidence depends on what you can demonstrate about your own.
87%
of global security leaders say AI vulnerabilities are the fastest-growing cyber risk — WEF 2026
67%
of organisations face pressure to accelerate AI deployment even when security concerns are raised — TrendAI 2025
41%
of organisations have implemented governance controls for AI data integrity — most are still drafting policy
The Platform Owner's Problem
You are not just a user of AI. You are a provider. That changes everything.
Your AI is in scope
When your platform processes client data with AI, your enterprise clients' regulators in Australia and New Zealand treat your AI as part of their risk surface. Prompt injection, data leakage, insecure integrations, and autonomous agent manipulation are now named attack vectors in APRA's supervisory framework.
Guardrails are a product requirement
Input validation, output filtering, access controls on model endpoints, rate limits on inference APIs, constraints on agentic behaviour. These are no longer nice-to-have architecture decisions. They are what enterprise clients in regulated sectors now ask about before signing.
Point-in-time testing is not enough
AI models drift. Fine-tuning changes behaviour. Third-party model updates change behaviour. New user interaction patterns expose attack surfaces that did not exist at launch. APRA has explicitly stated that point-in-time assurance methods are "ill-suited to probabilistic models that learn, adapt and degrade over time."
AI Red Teaming Explained
AI Red Teaming is the adversarial testing discipline your development pipeline is missing
AI Red Teaming applies the logic of penetration testing to AI systems. It involves structured attempts to bypass guardrails, manipulate model outputs, inject malicious prompts, extract training data, and cause the system to behave in ways its designers did not intend.
It is not a one-time audit. It is a continuous testing discipline that runs alongside product development and responds to every significant model update, new integration point, and change in how users interact with your platform.
Step 1
Set guardrails
Define boundaries for every AI component. What it can do. What data it can touch. What outputs are permissible.
Step 2
Red Team test
Adversarially test those guardrails before release. Prompt injection, data extraction, agent manipulation, output bypass.
Step 3
Monitor
Continuously monitor model inputs, outputs, and agent actions in production. Alert on anomalous behaviour before clients notice.
Step 4
Retest
Retest after every model update, new integration, or significant change in usage patterns. Guardrails that held at launch may not hold six months later.
Attack Vectors in AI-Powered Platforms
What AI Red Teaming tests for
APRA's April 2026 letter named these attack pathways as active concerns for AI implementations across Australia.
Prompt injection
Malicious instructions embedded in user inputs or external data that redirect your model to behave outside its intended boundaries.
Data leakage
Extraction of training data, system prompts, or other clients' data through crafted queries — a critical risk where models are multi-tenant.
Insecure integrations
Vulnerabilities in APIs, third-party model connectors, and data pipelines that allow attackers to manipulate model inputs or intercept outputs.
AI-generated code vulnerabilities
Security flaws introduced through AI-assisted development that escape standard code review because reviewers assume the model output is safe.
Autonomous agent manipulation
Attackers redirecting AI agents to perform unintended actions — executing transactions, escalating privileges, or exfiltrating data — by exploiting gaps in access controls designed for human actors.
Model drift and bias
Gradual degradation in model behaviour over time that erodes the effectiveness of guardrails without triggering obvious alerts — only detectable through continuous monitoring and scheduled retesting.
How Insicon Cyber Helps
From guardrail design to continuous assurance
Insicon Cyber's co-founders Matt Miller and Greg Bunt are practising Fractional CISOs with experience across both Australia and New Zealand. They lead the AI security practice and work directly with software companies and SaaS developers on the full programme.
AI Guardrail Design
Build the boundaries in
We work with your engineering and product teams to design guardrails at the architecture level. Input validation, output filtering, endpoint access controls, inference rate limits, and agentic behaviour constraints. Built in from the start, not retrofitted after a breach.
AI Red Teaming
Test before your clients do
Structured adversarial testing against every AI component in your platform. Prompt injection, data extraction, agent manipulation, output bypass, insecure integration probing. Scheduled before major releases, and after every significant model update or new integration.
Continuous Monitoring
Visibility across the AI lifecycle
Continuous monitoring of model inputs, outputs, and agent actions in production. Automated alerting on anomalous behaviour, model drift, and inference abuse. Powered by our adaptive SOC, operating 24/7 across Australia and New Zealand.
ISO 42001 Implementation
The governance credential your clients will ask for
ISO 42001 is the international standard for AI management systems. It covers governance, risk, accountability, and oversight across the AI lifecycle. We implement it. AI Red Teaming provides the empirical evidence that your controls hold under adversarial conditions.
Assurance Documentation
Evidence your enterprise clients need
We produce the test results, guardrail specifications, Red Team findings, and remediation records that your enterprise clients' boards in Australia and New Zealand now require. This documentation is becoming a standard part of regulated-sector procurement.
Fractional CISO
Senior security leadership, without the overhead
Matt Miller and Greg Bunt provide direct Fractional CISO engagement for software companies that need senior security input at board and executive level but are not ready for a full-time appointment. Strategy, governance, and regulatory navigation across the trans-Tasman region.
Common Questions
AI Red Teaming for software platforms: what you need to know
What is AI Red Teaming for software platforms?
AI Red Teaming is the practice of adversarially testing AI systems to find weaknesses before attackers do. For software companies and SaaS developers, it means structured testing of every AI component in your platform: prompt injection attacks, attempts to extract training data or system prompts, manipulation of autonomous agents, inference API abuse, and insecure integration probing. It is run by security specialists using the same methods that real-world attackers use, and it produces findings your team can act on before the next release.
How is AI Red Teaming different from standard penetration testing?
Standard penetration testing targets network, application, and infrastructure vulnerabilities. AI Red Teaming targets the specific behaviours and failure modes of AI systems: how models respond to adversarial inputs, whether guardrails can be bypassed, whether agents can be redirected, and whether data boundaries hold under pressure. AI models are probabilistic and non-deterministic, which means the attack surface is fundamentally different from a traditional application. The testing methodology must reflect that.
How often should software platforms run AI Red Teaming?
Before every major release. After every significant model update or change in the underlying model version. After any new integration point is added. At minimum, on an annual scheduled basis independent of release cycles. APRA's April 2026 guidance explicitly found that point-in-time assurance is ill-suited to AI models that "learn, adapt and degrade over time" and requires continuous validation instead. The cadence should match the rate at which your AI components change.
What are AI guardrails and why do software platforms need them?
AI guardrails are the technical controls that define the boundaries of what your AI can and cannot do. They include input validation (screening what enters the model), output filtering (screening what the model returns), access controls on model endpoints, rate limits on inference APIs, constraints on what data an agent can access or act on, and human oversight requirements for high-risk decisions. Without guardrails, your AI is a powerful capability with no defined operating boundaries. AI Red Teaming is how you verify that those boundaries hold.
Do Australian and New Zealand regulators require AI Red Teaming?
Not by name. But APRA's April 2026 letter requires security testing scope and coverage to be extended to AI implementations, requires continuous validation rather than point-in-time assurance, and requires AI-specific attack vectors to be included in updated threat models. ASIC's May 2026 letter requires governance to be supported by evidence including test results and independent validation. AI Red Teaming is the most direct way to produce that evidence. For regulated-sector clients in Australia and New Zealand, your ability to demonstrate this capability is increasingly a procurement requirement.
What is ISO 42001 and should our platform pursue it?
ISO 42001 is the international standard for AI management systems. It provides the governance framework for responsible AI development and deployment: policies, risk assessments, accountability structures, monitoring requirements, and oversight across the full AI lifecycle. For software companies selling to regulated sectors in Australia and New Zealand, ISO 42001 is becoming the governance credential that enterprise clients ask for in the same way ISO 27001 became mainstream. Insicon Cyber implements ISO 42001 and pairs it with AI Red Teaming to provide both the framework and the empirical evidence that the controls work.
The honest starting point for most organisations isn't a framework. It's a question: do you know where AI is being used inside your business, and do you know what would happen if one of those systems was compromised or manipulated? If you can't answer that, you're not ready to govern it. And you're definitely not ready to defend it.
Matt Miller — Co-founder, CEO and Fractional CISO, Insicon Cyber
Ready to build guardrails and prove they hold?
Talk to the Insicon Cyber team about AI Red Teaming, guardrail design, ISO 42001 implementation, and the assurance programme your enterprise clients in Australia and New Zealand need to see.
Contact us: info@insiconcyber.cominsiconcyber.com | North Sydney | Australian data sovereignty | Trans-Tasman coverage