The corporate integration of artificial intelligence has entered a new era. On May 14, 2026, AIQA Global, the first independent AI governance rating firm, and SecureSky, a leading cybersecurity provider, announced a strategic cooperation agreement. The core message of the announcement is that the risks and requirements of two domains—AI governance and cybersecurity—have become inseparably intertwined.
AIQA and SecureSky will launch joint research and coordinated client education programs while maintaining their independent assessment methodologies and separate deliverables. This partnership is not just an alliance between two companies; it is a crystal-clear signal of an industry trend: trustworthy AI cannot exist without an integrated approach to security and governance.
Do you have a question about AI security? You can reach us here:
The Inevitable Convergence: Why AI and Security Are No Longer Separate
The statements from the partners clarify the driving forces behind this shift. According to Chase Malackowski, Head of Product for AIQA Global: “Every serious conversation about AI governance now includes a cybersecurity dimension, and every serious conversation about enterprise cybersecurity now includes AI.” This is reinforced by Michael Hrabik, Chief Executive Officer of SecureSky, who states that AI only delivers true value when it is well-governed and well-protected. Governance and security controls are not optional; they are the foundation of trust, employee expectations, and regulatory compliance.
The firms share the belief that insurers, regulators, and enterprise boards will increasingly evaluate AI governance quality and cybersecurity resilience in tandem.
From an AIQ standpoint, this trend is not merely a U.S. phenomenon but is exponentially more relevant in the European market, especially in the context of the EU AI Act and GDPR. The EU AI Act is a risk-based framework that mandates governance and security obligations across the entire AI lifecycle. A company can have a perfect AI ethics code on paper, but if the databases feeding its models are not properly secured, or if the security risks of third-party AI components are not assessed, its governance is worthless.
Beyond the OWASP LLM Top 10: Addressing Structural Risks
The announcement explicitly mentions modern AI-specific threats such as model poisoning, prompt injection, shadow AI adoption, third-party AI risk, and the security of training data. These risks are directly linked to vulnerabilities listed in the OWASP LLM Top 10.
In a corporate context, this means that technical vulnerabilities like Prompt Injection (OWASP LLM-01) or Model Poisoning (OWASP LLM-03) are just the tip of the iceberg. The real, deep-rooted risks lie within the organization’s governance structures. Who is responsible for the integrity of training data? What is the process for auditing external AI vendors? How do you ensure that developers are not using unapproved, “shadow” AI tools?
AIQA’s AIQ™ score, based on 250 data points across five dimensions, is designed to answer precisely these types of structural questions. SecureSky’s cybersecurity expertise, in turn, enables the verification of the technical implementation. This dual approach is essential for holistic risk management.
What This Means in Practice: Audit Lessons for the EU Market
A key element of the cooperation is that the parties will maintain their methodological independence. According to Maria Ross, COO of AIQA Global, the goal is to build an ecosystem of trusted partners that creates the infrastructure for “scalable trust.” This model carries a crucial message for Hungarian and European companies.
Based on AIQ’s audit experience, a successful AI compliance preparation rests on two pillars:
- A Robust Internal Governance Framework: Documented processes, responsibilities, risk assessment matrices, and decision-making mechanisms covering the entire AI lifecycle. This is AIQA’s area of expertise.
- Independent, Objective Technical Validation: Testing the technical effectiveness of implemented controls, conducting vulnerability assessments of systems, and reviewing the security architecture. This is SecureSky’s profile.
A company preparing for the EU AI Act or an external audit cannot afford to focus on only one of these areas. Regulators and frameworks like the EU AI Act or the NIST AI Risk Management Framework require both documented governance procedures and functioning technical safeguards. The alliance between AIQA and SecureSky signals to the market that, in the future, expertise from both domains will be necessary for success. Corporate AI strategies must reflect this integrated approach from planning and implementation through to continuous operation.