IT architecture models do not address AI security. Security frameworks to not include the unique aspects of AI. Standards guide AI systems design today but are not rich architecture frameworks needed for robust systems. CIOs, CTOs, and CSOs need a single, integrated approach for secure by design AI systems. To address this need, an executive framework of the integration of this trinity (IT architecture, security frameworks, and AI standards) is proposed and applied to a case study of C6 Bank.

Blessing, G., Azeta, A., Misra, S., Osamor, V., Fernandez-Sanz, L., and Pospelova, V. (2022), ‘The Emerging Threat of Ai-driven Cyber Attacks: A Review,’ Applied Artificial Intelligence, 36, 1-34.

C6 Bank (2025-1), ‘Know the C6 Bank Values’, c6bank.com.br, 10 June 2024.

C6 Bank (2025-2), ‘Secure Locations: more protection for your investments and transfers’, c6bank.com.br, 17 February 2025.

Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., and Materne, S. (2022), ‘Cyber risk and cybersecurity: a systematic review of data availability,’ The Geneva Papers on Risk and Insurance - Issues and Practice, 47(3).

Fortinet (2025), 'Types of Cyber Attacks', www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks, January 2025.

Guinn, J., and Jurgens, J. (2022), 'The Cyber Resilience Index: Advancing Organizational Cyber Resilience,' World Economic Forum, www3.weforum.org/docs/WEF_Cyber_Resilience_Index_
2022.pdf, July 2022.

IAPP (2020), ‘Brazilian General Data Protection Law (LGPD, English translation)’, IAPP.org, October 2020.

IEC and ISO (2023-1), ‘ISO/IEC 23894:2023 Information technology - Artificial intelligence - Guidance on risk management’, https://www.iso.org/standard/77304.html, February 2023.

IEC and ISO (2023-2), 'ISO/IEC 42001:2023 Information technology - Artificial intelligence - Management System', https://www.iso.org/standard/81230.html, February 2023.

ISACA (2025), 'COBIT: An ISACA Framework', ISACA, https://www.isaca.org/resources/cobit, January 2025.

LangChain (2025), 'Applications that can reason powered by LangChain', python.langchain.com/docs/introduction , February 2025.

MIT AI Policy Forum (2025), 'AI Policy Forum: A global collaboration moving from AI principles to AI practice', aipolicyforum.mit.edu, February 2025.

Neto, N., and Pearlson, K. (2024), ‘Understanding the Cyber Risks of Artificial Intelligence: An Ongoing, Comprehensive, Multi-Faceted Approach for CIOs, CTOs and CSOs’ Cybersecurity at MIT Sloan, cams.mit.edu/wp-content/uploads/AI-Security-Trinity-Framework-Paper-02112024.pdf, 11 February 2024.

NIST (2013), ‘Cybersecurity Framework’, NIST.gov, January 2025.

NCSC (2023), ‘Guidelines for secure AI system development’, www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development, 27 November 2023.

SABSA (2025), SABSA Enterprise Security Architecture, https://sabsa.org, January 2025.

Shukla, S., Parada, J. I., and Pearlson, K. (2022), ‘Trusting the Needle in the Haystack: Cybersecurity Management of AI/ML Systems.’ Advances in Information and Communication, 441-455.

Tabassi, E. (2023), Artificial Intelligence Risk Management Framework (AI RMF 1.0). NIST, www.nist.gov/publications/artificial-intelligence-risk-management-framework-ai-rmf-10, 26 January 2023.

The Open Group (2022-1), ‘Integrating Risk and Security within a TOGAF® Enterprise Architecture’, https://pubs.opengroup.org/togaf-standard/integrating-riskand-security/integrating-risk-and-security_0.html, April 2022.

The Open Group (2022-2), The TOGAF® Standard, 10th Edition. April 2022.

Viega, J., and McGraw, G. (2001), Building Secure Software: How to Avoid Security Problems the Right Way (#1 ed.). Addison-Wesley Professional.