/ Generative and agentic AI is changing how attackers behave faster than the frameworks meant to contain them. Assessing twelve ISO/IEC 27002:2022 controls against seven documented AI-enabled cyberattacks, this thesis finds that AI rarely exploits a control that is missing. Instead, it quietly erodes the empirical assumptions on which
