AI-Enabled Cybersecurity Governance Framework

The deployment of frontier artificial intelligence models in cybersecurity environments introduces a class of dual-use risk for which existing governance frameworks are inadequate. A model capable of autonomously identifying zero-day exploits is, by definition, also capable of enabling their exploitation. This paper presents the AI-Enabled Cybersecurity Governance Framework (ACGF), a comprehensive governance architecture that positions Identity and Access Management (IAM) as the primary — not supporting — security layer for frontier AI deployment. The framework integrates Separation of Duties, dual-layer access controls (RBAC + ABAC), Just-in-Time privilege elevation, non-human identity management, and a structured escalation protocol into a coherent operational policy for Red Team and Blue Team AI operations. Version 3.0, presented here, extends the foundational framework with ten additional governance domains: supply chain identity risk, federated identity, quantum cryptography readiness, insider threat detection, AI output integrity verification, regulatory and jurisdictional compliance, digital forensics, continuous compliance monitoring, human factors, and agentic AI controls. The central thesis — that IAM is not a module within AI governance but the architecture of AI governance — is developed through both theoretical argument and operational specification. This framework is designed to be directly implementable by organisations deploying AI in cybersecurity contexts, with applicability to banking and financial services sectors subject to regulatory identity and access mandates.