The artificial intelligence security zugzwang

Abstract

In chess, zugzwang describes a scenario where any move worsens the player’s position. Organisations face a similar dilemma right now at the intersection of artificial intelligence (AI) and cyber security. AI adoption creates an inevitable paradox: delaying it poses strategic risks, rushing it introduces poorly understood vulnerabilities, and even incremental adoption leads to cascading complexities. In this paper we formalise this challenge as the AI security zugzwang — a phenomenon whereby security leaders must make decisions under conditions of inevitable risk. Grounded in game theory, security economics and organisational decision theory, we characterise AI security zugzwang through three key properties: forced movement, predictable vulnerability creation and temporal pressure. Additionally, we develop a taxonomy to categorise forced-move scenarios across AI adoption, implementation, operational and governance contexts and provide corresponding strategic mitigations. Our framework is supported by a practical decision flowchart, demonstrated through a real-world example of Copilot adoption, thereby showing how security leaders can manage zugzwang positions balancing risk and innovation. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.