The Real "We" in AI Security Today: A Taxonomy of Actors Operating at the Substrate Where AI Risk Is Created, Measured, and Controlled

When AI security practitioners invoke ‘we’ in the context of defending against AI-enabled threats, they typically mean the traditional cybersecurity community: defenders, SOC analysts, incident responders, and the certification and training organizations that serve them. This paper argues that ‘we’ is the wrong referent. The actors who operate at the substrate where AI risk is actually produced—model weights, training data, agentic behavior, eval pipelines, and substrate governance—constitute a fundamentally different coalition than the traditional cybersecurity community. This paper maps that coalition across six groups: frontier labs, AI-native security research organizations, government AI safety institutes, open-source AI security communities, enterprise AI governance teams, and independent governance practitioners. It then characterizes the structural reasons why legacy security institutions are downstream of this coalition and cannot address substrate-layer AI risk regardless of curriculum updates, and argues that closing the gap requires not better training but genuine upstream engagement with the substrate where AI risk originates.