Half the vendor pitches landing this quarter promise that some flavour of frontier AI will rewrite your cybersecurity stack. The federal government just told its own agencies, on the record, not to buy it. If that’s the call for a department with a nine-figure security budget, it’s an even sharper call for a 40-staff Melbourne SME.
The document driving this is the Department of Home Affairs’ Protective Security Policy Framework (PSPF) advisory 001-2026, published late May. Its headline finding: “Australian government entities do not need access to the most advanced frontier AI models to stay protected.” The advisory points agencies at the Australian Signals Directorate’s Essential Eight and the Information Security Manual instead, and sets out a six-step maturity model where AI for cyber defence only enters the picture after the basics are locked down.
This post unpacks what the advisory actually says, why it lands harder for SMEs than for Canberra, and what a Melbourne business should do about it this quarter. The short version is in the next paragraph if that’s all you have time for.
The short version
The federal government has just put its name to an argument many of us in the Australian managed services industry have been making for two years. Frontier AI — the GPT-5-tier and Anthropic Claude Mythos-tier models the consumer press calls “AI” — is not the binding constraint on your security posture. Patching, MFA on every account, application control, and EDR are. If you spend the next twelve months building out an AI security capability while your patching backlog grows and a third of your users still don’t have MFA on their privileged accounts, you will be less secure, not more. The PSPF advisory is the same argument with the Commonwealth coat of arms attached.
What PSPF Advisory 001-2026 actually says
The advisory is short, plain-language, and binding on Commonwealth entities. The core findings are worth quoting because the original is being filtered through vendor marketing and consultant commentary that often softens the edges.
First, frontier AI is collapsing the window between vulnerability discovery and active exploitation from days to hours. The advisory uses the phrase “vulnerability storm” to describe what’s coming — a sustained pace of new vulnerability discovery, accelerated by AI-assisted bug-hunting on both the attacker and researcher sides, that patching teams in their current shape cannot keep up with.
Second, the answer is not “buy a more advanced AI”. The answer is “fix the fundamentals so the storm doesn’t break the roof”. The advisory points entities to Essential Eight Maturity Level Two for user application hardening and patching, and to the broader ISM controls for the rest of the environment.
Third, AI is not banned. The Australian Cyber Security Centre’s companion guidance treats AI as a medium-term lever for reducing analyst workload, sharpening threat prioritisation, and accelerating detection and response — once the configuration baselines, attack surface reduction, and legacy system debt are dealt with. There’s a six-step maturity model that puts “AI used for cyber defence in a secure, controllable, human-supervised, ethical and accountable manner” at the top, not the start.
Fourth, and this is the line most vendors are quietly skipping in their summaries, the ACSC warns that poorly implemented AI can introduce more risk than it removes. A model with broad data access, weak authentication, and inadequate logging is a new attack surface — not a security capability.
The Australian National Audit Office has previously found that federal agencies are not yet meeting the Essential Eight obligations they already have. So the advisory is, in effect, telling agencies: finish the work you’ve already been asked to do before chasing the next thing.
Why this hits SMEs harder than Canberra
The Commonwealth has security teams, dedicated identity engineers, and panels of cleared SOC providers on retainer. A Melbourne SME with 25 staff has, in our experience, an outsourced helpdesk, one part-time internal champion, and a Microsoft 365 Business Premium tenant somebody set up in 2019 and hasn’t touched since.
If the federal government, with that depth of security capability, is being told that frontier AI is not the answer right now, the implication for an SME is sharper still. The marginal dollar spent on an AI security agent for a 25-person firm in Box Hill is a worse investment than the same dollar spent on closing the long tail of unpatched line-of-business applications, deploying conditional access policies that actually block legacy authentication, or moving the firm off the local-admin-for-all model that’s been sitting unaddressed since the original device rollout.
Three things make the SME case sharper.
One, blast radius. A federal agency with mature segmentation, monitored gateways, and a SOC on watch may be able to contain the consequences of an experimental AI tool with broad data access. A 25-staff Melbourne firm where the same person who answers the phone also has SharePoint admin cannot. A poorly configured AI agent on that tenant has the keys to the whole organisation.
Two, talent. AI security tooling does not deploy itself. It needs people who understand the threat model, who can write the playbooks, who can tune false positives, and who can read the model’s reasoning when it flags something. SMEs do not have those people. Buying the tool without the people is buying an expensive logging product that nobody reads.
Three, sequencing. The Essential Eight controls compound. MFA reduces the attack rate, which reduces the volume of incidents the EDR has to respond to, which reduces the noise the SOC has to wade through, which reduces the need for AI triage. Skip the MFA layer and the AI tool inherits an unfiltered firehose of alerts it cannot meaningfully reason about. The advisory is essentially saying: do the upstream work first, because everything downstream becomes cheaper and more effective afterwards.
The Essential Eight, translated for an SME
Most SMEs we onboard have heard of the Essential Eight, can name two or three of the strategies, and have implemented somewhere between zero and three of them properly. The framework is from the Australian Signals Directorate and applies to any organisation, not just Commonwealth entities. Maturity Level One is the floor; Maturity Level Two is where insurers, larger clients, and now the PSPF want most organisations to sit. We’ve covered the framework in depth in our plain-English Essential Eight guide and our Essential Eight compliance guide; the short translation for an SME owner reading the PSPF advisory is below.
| Essential Eight strategy | What an SME actually needs to do | Why the PSPF advisory matters here |
|---|---|---|
| Application control | Allowlist what runs on staff endpoints. Block unsigned binaries from user-writable locations. AppLocker or Windows Defender Application Control on Business Premium. | Highest-impact control against AI-accelerated malware. Hardest to deploy without breaking workflows; budget the time. |
| Patch applications | Critical patches within 48 hours of vendor release for internet-facing apps. Everything else within two weeks. Track exceptions in a register, don’t just leave them. | This is the control the “vulnerability storm” hits hardest. Slow patching is now an open door, not a manageable risk. |
| Configure Microsoft Office macros | Block macros from the internet. Only allow macros that are signed or in trusted locations. Most SMEs can disable user macros entirely. | Office macros remain a top initial-access vector. AI-generated phishing makes the lure quality higher; the technical control still works. |
| User application hardening | Disable Flash, Java in browsers, ads in browsers where you can, web advertising as an admin policy. Block child processes from Office apps. | PSPF singles this out for Maturity Level Two. It’s tedious, has no marketing department, and works. |
| Restrict administrative privileges | No standing admin rights on user accounts. Separate admin accounts for IT staff. No daily-driver browsing on admin sessions. Just-in-time elevation where the platform supports it. | If an AI agent or AI-augmented attacker gets a foothold on an admin session, you’ve lost. If it gets a foothold on a standard user, you have time. |
| Patch operating systems | Critical OS patches within 48 hours of release. Within two weeks for everything else. Windows Update for Business or similar. | Same logic as application patching. Defender for Endpoint can monitor this; it doesn’t fix it. |
| Multi-factor authentication | Phishing-resistant MFA on every account that can access email, the practice or finance platform, file shares, or remote access. No exemptions for partners or senior staff. Move off SMS where you can. | Hardest single thing an SME can do to lower the chance of breach. Free with Microsoft 365 Business Premium licensing — only the configuration takes work. |
| Regular backups | Immutable backups that ransomware operators cannot delete with administrative credentials. Tested restores at least quarterly. The 3-2-1-1-0 rule, not “we have Veeam”. | If everything else fails, this is the line that keeps the business alive. AI-accelerated ransomware shortens the window to detect and respond; backups don’t care about the window. |
Working through this table is uncomfortable because most SMEs find they have one or two strategies covered, one or two half-done, and the rest left as “we’ll get to it”. The PSPF advisory is the most senior endorsement Australia has yet produced of the position that no AI-flavoured purchase fixes that gap. Only the work fixes it.
What the “vulnerability storm” looks like at SME scale
The advisory’s framing of a “vulnerability storm” is not abstract. The pattern we’ve watched accelerate since 2024 looks like this. A vulnerability lands in a widely deployed product — a Fortinet appliance, an Exchange server, a content management plugin, a remote access tool. Within hours, AI-assisted reverse engineering produces a working exploit. Within a day, scanning campaigns hit every IP that exposes the product. Within two days, opportunistic ransomware operators are inside the businesses that didn’t patch.
For SMEs the pattern is brutal because the patching pipeline has not shortened. A typical Melbourne SME without managed IT discovers a Fortinet patch when their MSP newsletter arrives, schedules a maintenance window for the weekend, and applies it on Saturday night. The vulnerability has been actively exploited since Tuesday morning. That gap is what the PSPF advisory is trying to close at the Commonwealth level.
The control that defends against this is not AI. It is having someone, somewhere, whose job it is to watch the vendor advisories for the products you actually run and to ship the patches within the timeframes the Essential Eight specifies. For a 25-staff firm in Hawthorn, that someone is almost always a managed service provider with a NOC. For us, that NOC runs 24/7 from Tecoma and covers the patching pipeline as a baseline part of the managed agreement, not as a premium add-on.
“But the vendor said their AI tool reduces our risk”
It might. Read the PSPF advisory’s companion guidance carefully — the ACSC is explicit that AI can meaningfully reduce manual workload, sharpen threat prioritisation, and accelerate detection and response. The objection is not that AI is useless. The objection is that it sits at the top of a maturity ladder, not the bottom.
There are three honest tests for any AI security pitch landing in your inbox right now.
One, does it require capabilities you don’t yet have to be useful? An AI triage tool fed by a SIEM you don’t have, watching logs you don’t collect, against a baseline you haven’t built, will not produce signal. It will produce noise that costs money. If the answer to “what does this AI tool need to work?” includes “your existing telemetry”, and you don’t have existing telemetry, the prerequisite is the telemetry, not the AI.
Two, does it have the access it claims to need, and have you understood what that means? AI agents that read your mailboxes, your file shares, and your SaaS apps to “find risk” need credentials to do so. Those credentials become a target. The advisory’s warning about poorly implemented AI introducing risk is exactly this concern. Before approving the access, ask what happens if the model itself is compromised.
Three, does it replace a control or add a layer? An AI tool that replaces your existing EDR is a forklift. An AI tool that augments your existing EDR with better triage is a layer. For SMEs, layers are easier to roll back than forklifts. Forklifts during a vulnerability storm are how a firm ends up running two products at half-capacity through the period when the storm hits.
None of this means saying no to AI. It means saying “after” to AI for most SMEs in 2026, and meaning it.
What an SME should actually do this quarter
Take the advisory at face value and treat it as cover for postponing the AI pitch until next year. Spend the budget on the four moves below instead.
Move one: do an honest Essential Eight self-assessment. Not a vendor questionnaire. The ASD publishes the assessment guide; we publish a plain-English version in our Essential Eight guide. Walk through each of the eight strategies and grade your current state at Maturity Level Zero, One, Two, or Three. Be honest. Most SMEs land somewhere between Zero and One overall, with one or two strategies at Two.
Move two: pick the worst score and close it within 90 days. If MFA coverage is incomplete, finish it. If patching for line-of-business apps is ad-hoc, build the pipeline. If admin privileges are scattered across the user base, separate them. Closing the worst gap does more than closing three middle gaps because attackers find the worst gap first.
Move three: make sure your backup story holds. The PSPF advisory’s framing of accelerated attack timelines means the time from compromise to ransomware execution is shrinking. If your backups are reachable from the production domain, they will be encrypted alongside production. Immutable copies, offline copies, and quarterly restore tests are the difference between a bad week and a fatal one. The fundamentals are the same as we set out in our Essential Eight guide’s backup section.
Move four: write an AI acceptable use policy so staff don’t bring frontier AI through the back door. While the advisory is telling agencies not to chase frontier AI for security, staff are pasting client data into ChatGPT to summarise emails. The risk is the inverse of the one the advisory addresses, and SMEs need both sides covered. Our AI acceptable use policy template walks through the structure.
None of these four moves require buying frontier AI. All of them reduce the probability and impact of the next incident. That is what the PSPF advisory is asking Commonwealth entities to do; it is what SMEs should be doing too.
Where AI does belong in an SME security stack — eventually
The honest position is not “never AI”. It is “AI when the upstream work is done”. For an SME at Essential Eight Maturity Level Two, with EDR deployed, telemetry centralised, a working SOC relationship, and an identity platform that can reason about access, AI-augmented tooling starts to earn its keep. The places it earns it first are alert triage on a working SIEM, phishing analysis on email that already has DMARC at p=reject, and identity risk scoring on a tenant where conditional access already exists.
The pattern is the same as automation generally. AI amplifies whatever it sits on top of. On a mature stack, it amplifies signal. On an immature stack, it amplifies noise — and noise during a vulnerability storm is how incidents go undetected.
The PSPF advisory’s six-step maturity model puts AI at step six for a reason. The steps below it are the controls that make step six work. There is no shortcut.
How TechAssist is thinking about this with clients
We’ve been running managed IT for Melbourne SMEs since 2014. Thirteen Australian engineers, two offices — Tecoma and Melbourne CBD at 575 Bourke Street — and a 24/7 NOC at Tecoma covering response under fifteen minutes on P1 issues. Our delivery is Essential Eight aligned and ISO 27001 capable, which is the table-stakes posture the PSPF advisory is asking everyone to reach.
The PSPF advisory has not changed our roadmap with clients. It has, helpfully, given us a Commonwealth-level reference for the conversation we were already having when a director forwards a frontier-AI vendor pitch and asks whether to take the meeting. Our standing answer has been: take the meeting next year. Read the advisory, run the gap assessment, close the worst gap. The advisory is now the citation at the bottom of the email.
The broader picture of how we approach security for SMEs is in our Melbourne cybersecurity services page; the operational layer underneath is in our managed IT services page. If you want help reading the PSPF advisory against your own environment, get in touch via our contact page or call 1300 028 324. Mention the advisory; we’ll structure the conversation around your Essential Eight position rather than running a generic discovery.
Frequently asked questions
Is the PSPF advisory binding on private businesses?
No. The PSPF is binding on Commonwealth non-corporate entities only. Private businesses, including SMEs, are not legally required to follow it. The reason it matters anyway is that the underlying control set — Essential Eight and the ISM — is what insurers, larger clients, and most state-government procurement processes now expect, and the PSPF advisory is the most authoritative recent statement of what good looks like. Treat it as the strongest available reference, not a regulation.
We already use Microsoft Copilot. Does the advisory say we should stop?
No. The advisory is about frontier AI for security operations — large language models used to detect and respond to threats in a security operations centre. Copilot for productivity is a separate question with separate controls. The controls that matter for Copilot are data classification, sensitivity labels, conditional access, and an AI acceptable use policy that staff have read. Our AI acceptable use policy guide covers the SME side.
How quickly can a 25-staff Melbourne SME reach Essential Eight Maturity Level Two?
For a firm starting at Maturity Level Zero across most strategies, a realistic timeline is 90 to 180 days with a managed service provider doing the work. The fast wins are MFA rollout (two to four weeks), patching pipeline (four to six weeks), and admin privilege separation (four to eight weeks). The slower ones are application control and application hardening, both of which require workflow testing to avoid breaking staff productivity. We’ve described the staged approach in our 90-day Essential Eight compliance roadmap for Melbourne.
What’s the difference between Essential Eight and the ISM?
The Essential Eight is a small set of high-impact mitigation strategies — eight of them — designed as a baseline. The Information Security Manual is the comprehensive ASD control catalogue covering everything else: cryptography, gateways, system administration, personnel security, supply chain, physical controls, and the rest. The Essential Eight is the prioritised starting set; the ISM is the full reference. For most SMEs, getting to Essential Eight Maturity Level Two is the goal; the ISM becomes relevant if you’re tendering for Commonwealth or large-enterprise work.
Will my cyber insurance cover this?
Cyber insurance does not pay for Essential Eight implementation; it pays out after an incident, and only if you can demonstrate the controls you said you had at the time the policy was written. The trend in 2025 and 2026 has been steeper questionnaires, lower limits where controls are weak, and tighter exclusions on ransomware where backups are not immutable. The PSPF advisory accelerates this — underwriters cite ASD frameworks in their underwriting and will price your renewal accordingly. Closing your Essential Eight gaps reduces both the probability of a claim and the cost of the premium that covers it.
If frontier AI is bad for cyber, why are vendors selling so much of it?
The advisory does not say frontier AI is bad. It says it is not the binding constraint on most defenders’ security posture right now, and that buying it before fixing fundamentals creates more risk than it removes. The vendor incentive to sell AI is unrelated to whether you should be buying it this quarter. Read the pitch, ask the three honest tests we set out above, and put the answer in writing for the file.
Where can I read the PSPF advisory myself?
The advisory is published on the Department of Home Affairs Protective Security Policy Framework website, listed as advisory 001-2026. The companion guidance from the Australian Cyber Security Centre is published on the cyber.gov.au site. Both are public documents. Read them in that order — the PSPF advisory sets the obligation, the ACSC guidance sets the technical detail.
���������������������������������������������������������������������������������������������������������������������������������
