---
type: "synthesis"
clusters: ["C7", "C10"]
id: "meta-ai-weapon-and-shield"
sources: ["cross-day"]
---
Governance and Tail2 treat AI as simultaneously offense, defense, and attack surface. Governance: AI democratizes attack capability, hitting SMBs hardest ([[concept-ai-fueled-threat-escalation]], [[concept-smb-cyber-risk-asymmetry]]); the answer is *relative* security ('faster than the bear', [[concept-relative-cybersecurity]], [[framework-dobrygowski-smb-cyber-defense]]) and AI-assisted defense ([[concept-ai-assisted-penetration-testing]]) — but AI is itself hijackable ([[claim-ai-vulnerable-to-hacking]], [[cross-ai-double-edged-sword]]). Tail2: security is an infrastructure and supply-chain problem, not an application one ([[concept-deterministic-security-mismatch]], [[contrarian-application-security-insufficient]], [[framework-four-imperatives-ai-security]]). Both reject compliance-as-security ([[concept-compliance-security-conflation]]) and warn that off-the-shelf/Chinese AI adoption must pass the security lens. Boards are under-equipped ([[framework-board-cyber-engagement]], [[contrarian-recruiting-cyber-directors]]). This is the do-it-safely layer under every offer ([[meta-service-line-playbook]]).