ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review
Publications

State of AI Security Engineering 2026

Scope

This report is an applied research study. We reviewed 2,847 job descriptions posted from Q3 2024 through Q2 2025. The question is simple: what do employers ask for when they hire for AI security?

The answer comes from public hiring signals: job posts, skill lists, team language, and governance docs. It does not prove internal maturity. It does not prove the skill of any one person.

Key findings

1. "AI Security Engineer" is not yet a stable title

The title "AI Security Engineer" appears in fewer than 12% of relevant postings. Most AI security work is spread across security architect, ML engineer, platform engineer, and risk and compliance roles.

Organizations hiring for AI security should audit their job descriptions against the skills taxonomy in Chapter 3 — most are missing 40–60% of the relevant skills.

2. The skills split is 60/40 security/ML

Job posts that name AI security work ask for about 60% classic security skills and 40% ML or AI skills.

The ML side is not optional. Teams that hire pure security staff without ML fluency often hit friction.

3. Governance is lagging hiring

Many teams hire before policy exists. In those cases, practitioners join a draft or pre-draft governance setup.

4. Prompt injection is the most-cited threat class

In posts that name threat classes, prompt injection appears in 67% of them. That is higher than model exfiltration (43%), model-weight supply chain attacks (38%), or training data poisoning (31%).

Method

Job posting corpus

  • Source: LinkedIn, Indeed, Greenhouse, Lever, Ashby, and company career pages
  • Collection window: Q3 2024 to Q2 2025
  • Initial corpus: 4,211 posts matching keyword filters
  • After deduplication and filtering: 2,847 posts
  • Manual review: every post reviewed by at least one practitioner analyst

Skills taxonomy construction

We used a bottom-up method: extract skills from posts, group them by meaning, review the groups with practitioners, then map them to a hierarchy.

The final taxonomy has 6 top-level domains and 87 leaf skills. It is available as structured data in the appendix.

Governance corpus

We also reviewed governance material from 120+ organizations. Sources include NIST AI RMF work, EU AI Act filings, published AI policies, and SEC risk disclosures with AI language.

The field

Definition

An AI Security Engineer designs, builds, and tests security controls across the AI life cycle.

The role needs both classic security skill and ML or AI system knowledge. It is not just one field with a new label.

Core competency areas

1. AI Threat Modeling Extend threat modeling to cover training data, model weights, inference, prompts, and output paths.

2. LLM Security Prompt injection defense, output checks, context safety, system prompt hardening, jailbreak tests, and RAG security.

3. MLSecOps Secure model pipelines, artifact signing, registry security, CI/CD checks, and automated red teaming.

4. AI Governance Integration Turn governance needs into controls, evidence, and audit artifacts.

5. Supply Chain Security for AI Review third-party models, ML dependencies, data provenance, and model cards.

Next

The 2027 edition will add:

  • Longitudinal comparison of 2025 vs 2026 hiring trends
  • Compensation band data (aggregated, anonymized)
  • Skills validation benchmarks
  • Governance maturity scoring for specific industries

If you are building an AI security team or program and want to contribute data to the 2027 edition, contact us at research@davidwolf.org.