Research Program
Continuous intelligence · Live signal monitoring
Research that sharpens AI security engagements.
Our research program tracks job-market signals, practitioner evidence, adversary frameworks, vulnerability disclosures, and public-source intelligence so our consulting engagements start from evidence rather than opinion.
When independent sources describe the same structural gap from different angles, convergence becomes the argument. That convergence feeds the annual report, named findings, assessment domains, engagement workshops, and every public claim in the citation library.
Signal Sources
Job Market
Ch 01
Practitioner Survey
Ch 02
Academic Velocity
Ch 03
Builder Ecosystem
Ch 04
Media Coverage
Ch 05
Threat Disclosure
Ch 06
ATLAS / Adversary
Ch 07
Citation Library
Ch 08
Convergence
Engine
The argument.
Directional
confidence
Live stack
8 signal channels
ATLAS / benchmark
170 techniques · 85+ signals
How this supports clients
Research supports the consulting method.
Intelligence Channels
Eight sources. One thesis. Zero redundancy.
Each channel is independently collected and classified against the same AI security taxonomy. No single source is authoritative - the value is in triangulation. A finding that appears across job postings, papers, builder activity, media coverage, and vulnerability feeds is no longer a hunch; it is signal convergence.
01
Research Channels
8 independent monitoring channels - academic velocity, open-source velocity, press coverage, threat disclosure, concept maturity, MITRE ATLAS, controls crosswalk, and convergence.
02
Annual Report
The State of AI Security Engineering 2026 distills labor-market, survey, and external signal data into named findings and role archetypes.
03
Intelligence
Named findings and market intelligence synthesized from job corpus analysis, practitioner surveys, and signal convergence.
04
Citation Library
Verified citations with quotes, statistics, source provenance, dates, and claim traces.
05
Threat Disclosure
CVE, NVD, GHSA, OSV, and CISA KEV records classified for AI/ML relevance and disclosure lag.
06
Convergence
Composite scoring where independent channels agree. The argument is in the convergence, not any single layer.
07
Academic Velocity
Paper velocity, bucket-share composition, and term acceleration across classified AI security research papers.
08
MITRE ATLAS Navigator
Tactics, techniques, mitigations, and case studies organized for practitioner use and cross-referenced against report findings.
Flagship Publication
The annual report is the distilled output of the research program.
2026 Edition
The State of AI Security Engineering Report
aisecurity.llc
The State of
AI Security Engineering
2026 Report
signal convergence
The State of AI Security Engineering 2026 is not a vendor survey or a trend roundup. It is a structured analysis of the AI security labor market: who employers are hiring, what skills they require, what gaps persist, and what the signal layers say about where the field is heading.
300K+ job descriptions. Practitioner survey data from four role cohorts. External corroboration across arXiv, GitHub, media, and vulnerability feeds. 15 flagship findings. 9 role archetypes.
Report scope
- 300K+ AI security job descriptions analyzed
- 4 practitioner survey cohorts
- 8 external signal layers cross-corroborated
- 15 named findings with evidence chains
- 9 role archetypes mapped to skill clusters
- MITRE ATLAS and OWASP LLM Top 10 crosswalk
Evidence spine
Built for briefing, not browsing.
The report sits on top of the intelligence stack, not beside it. Channels feed findings, findings feed the report, and the citation library keeps every public claim tied to provenance and date.
Executive briefings
Board-ready summaries with claim-to-control traceability.
Sponsor-safe public research
Published findings sponsors can reference without restriction.
Findings traceability
Every finding links back to channel evidence and source citations.
Claim-ready citations
Verified quotes and statistics with dates and provenance.
Named Findings
Intelligence you can act on, not observations you already knew.
Each finding is a named, evidence-backed claim about the AI security market - its talent dynamics, skill gaps, emerging threat patterns, or structural shifts. Findings are derived from the full signal stack, not extracted from a single dataset.
Talent and role-design crisis
The Frankenstein Role
AI Security Engineer role language often bundles five historically separate capability families into one requisition.
Role breadth signal
Flagship thesis
Title/substance mismatch
Skill Washing
AI-labeled security titles often outpace AI-specific control, testing, and evidence language.
Specificity gap
Cross-vertical signal
Team-shaped requirements
The Unicorn Index
The market prices one role while frequently describing team-level capability breadth.
Requirement compression
Compensation pressure
Systems reasoning shift
The Probability Pivot
AI security language reflects a shift toward probabilistic systems reasoning and ambiguity tolerance.
Mindset signal
Role-language shift
Governance-to-execution gap
The Evidence Gap
Governance language often appears before engineering evidence language such as eval outputs, telemetry, and remediation proof.
Evidence readiness
Execution hinge
Delegated action risk
Agentic Anarchy
Agent security is delegated action security; chatbot framing is insufficient.
Control architecture gap
Action authorization
Methodology
How the research program works.
Data collection
- Job description corpus: public ATS postings, classified by role and skill signal
- Practitioner surveys: structured instruments across four cohorts
- arXiv: metadata slices, paper velocity, and term acceleration
- GHArchive: open-source activity across AI security repos
- Vulnerability feeds: NVD, GitHub Advisory, OSV, CISA KEV, filtered for AI/ML relevance
- Media/news coverage: public narrative signal and concept maturity
Taxonomy & classification
- Unified AI security taxonomy across all channels
- MITRE ATLAS crosswalk for adversarial technique alignment
- OWASP LLM Top 10 mapping for product security coverage
- NIST AI RMF alignment for governance and compliance signals
- Citation verification with source, date, quote, and provenance
- Convergence scoring across independent sources
Operating Outputs
Research that feeds engagements, not just PDFs.
Assessment Domains
The diagnostic scorecard and assessment domains are grounded in the research taxonomy.
Take diagnosticEngagement workshops
Working sessions use report findings and field-guide controls to produce artifacts.
View workshopsPublic proof surfaces
Scenario catalogs translate adversary and failure patterns into public demos and evidence-navigation surfaces.
Explore labsWorkbench-backed assessments
Assessments and evidence packs use the same language, controls, and citation base.
Scope a ReviewResearch Program
Use the signal stack behind the report.
Explore the channels, read the findings, or bring the research into your AI security program through diagnostic scorecards, workshops, and Workbench-backed assessment work.