An Anti-Sherif Artificial Intelligence-Driven Cybersecurity Audit Model: Beyond Artificial Intelligence Adoption in Cybersecurity Auditing

The increasing adoption of artificial intelligence (AI) in cybersecurity has introduced new opportunities to enhance detection, response, and automation capabilities; however, applying AI within cybersecurity auditing remains constrained by traditional compliance-oriented approaches that rely profoundly on binary, checklist-based evaluations. Such approaches often reinforce a policing or “sheriff-style” perception of auditing, emphasizing enforcement rather than enablement, risk insight, and organizational improvement. This study proposes an Anti-Sherif AI-driven cybersecurity audit model that integrates AI-based analytics with human expert judgment to support a more adaptive, risk-informed auditing process. Grounded in design science research, the model combines conventional binary compliance checks with AI-derived intelligence and governance-based maturity assessments to evaluate cybersecurity controls across technical, operational, and organizational dimensions. The approach aligns with established standards and frameworks, including ISO/IEC 27001, the National Institute of Standards and Technology (NIST), and the Center for Internet Security (CIS) benchmarks, while extending their application beyond static compliance. A fictional case study is used to demonstrate the model’s applicability and to illustrate how hybrid scoring can reveal residual risk not captured by conventional audits. The results indicate that combining AI-driven insights with structured human judgment enhances audit depth, interpretability, and business relevance. The proposed model provides a foundation for evolving cybersecurity auditing from periodic compliance assessments toward continuous, intelligence-supported assurance.