Securing AI in Australia's Public Sector: Cyber Security Readiness for the AI Era

Securing AI in Australia’s Public Sector: Cyber Security Readiness for the AI Era

After spending the last few years in public sector cyber consulting, we’ve been thinking about whether Australia’s public sector cyber security foundations are ready for AI.

In late 2025 the economics of AI deployment shifted. Models got dramatically cheaper, more capable, and agentic AI moved from concept to product. The public sector is responding accordingly. GovAI Chat expected from mid-2026. Chief AI Officers in every agency. DTA guidance on scaling from proof of concept to production. $19 billion in projected annual value by 2030. Four years sounds comfortable until you map it against public sector budget, procurement, and implementation cycles. There aren’t many modernisation windows left to get this right.

But this isn’t just about productivity. Every royal commission or inquiry into government service delivery, veteran suicide, disability services, aged care, reveals how legacy technology and institutional capacity gaps can contribute to the harm of Australians. If done right, AI can also help improve citizen services and we need AI to succeed.

A decade of ANAO cyber security audits documents persistent compliance gaps, gaps that continue under today’s more demanding baseline. If the public sector already has a security gap, AI will amplify it while introducing genuinely new threats current frameworks weren’t designed for.

Most cyber security practitioners in the public sector aren’t focused on AI security day-to-day yet. A substantial volume of security reform landed in 2025, including supply chain FOCI assessments, quantum readiness, and modernising network security, all of it with no publicly available indication of corresponding funding increases. AI security is one more thing on a list that continues to grow.

That’s why we researched this thoroughly. The result is Securing AI in Australia’s Public Sector: Cyber Security Readiness for the AI Era, research, analysis and 17 recommendations with implementation considerations and ownership mapped.

The paper focuses on generative and agentic AI in civilian Commonwealth government and draws only on publicly available information. Thus it won’t have the full picture, and opinions will vary across the cyber practitioner community, which is healthy and necessary. We hope it raises awareness and contributes to the debate, planning and capability development needed to help Australia realise AI’s benefits in the public sector.