A Quantitative Adversarial Framework for Cybersecurity Risk Analysis of AI-Enabled Systems

Document Type : Original Article

Author
Department of Mathematics, Ardabil Branch, Islamic Azad University, Ardabil, Iran
10.22034/jcse.2026.590576.1088
Abstract
The increasing integration of artificial intelligence into safety-critical and large-scale digital systems challenges conventional cybersecurity risk analysis methods. Traditional approaches struggle to capture AI-specific characteristics such as emergent behavior, vulnerability to adversarial machine learning attacks, and the growing overlap between security, safety, and accountability concerns. At the same time, regulatory initiatives highlight the need for structured, quantitative risk analysis methods for high-risk AI systems. This paper proposes an enhanced cybersecurity risk analysis framework tailored to systems that incorporate AI components. Building on adversarial risk analysis, the framework explicitly models AI-related impacts, learning-based assets, intelligent security and recovery controls, and AI-enabled targeted attacks. System architectures are decomposed into hierarchical blocks, enabling probabilistic simulation of attack entry, propagation, defensive failure, and both local and systemic impacts. Strategic attacker behavior is captured by modeling adversarial decision-making under uncertainty and integrating it into Monte Carlo based risk estimation. The applicability of the framework is demonstrated through a case study involving automated driving systems. The results show that incorporating AI-specific defenses and strategic attacker modeling leads to substantial reductions in tail risk and can induce measurable deterrence effects. The proposed approach supports risk-aware cybersecurity investment decisions and provides an analytical foundation for managing and accessing high-risk AI systems in regulated environments.
Keywords


Articles in Press, Accepted Manuscript
Available Online from 12 July 2026