Synapsed at MERIT: Building Trustworthy AI Beyond Traditional Cybersecurity

On 7 May 2026, Synapsed participated in the MERIT International Industry Engagement Workshop on Cybersecurity, held in Trento in a hybrid format. The event brought together industry, academia, research organizations and European Digital Innovation Hub representatives to discuss emerging cybersecurity challenges, AI, compliance, privacy, cyber defence and digital skills. The keynote by Matteo Meucci, CEO of Synapsed, focused on “Building Trustworthy AI in Industry: Beyond Traditional Cybersecurity.” (Digital Merit)

The main message was simple: AI systems cannot be governed, secured or tested as if they were traditional software systems.

For more than two decades, the software industry has worked to improve secure development through secure coding, threat modeling, secure code review, SAST, DAST, penetration testing and secure SDLC practices. These practices remain essential. But they are no longer sufficient when software systems include machine learning models, large language models, RAG pipelines, autonomous agents, external tools, probabilistic outputs and continuous behavioral change.

A secure application may still produce unsafe, unreliable, biased or non-compliant AI outcomes. This is the key shift: in AI systems, behavior matters as much as code.

Traditional cybersecurity focuses primarily on vulnerabilities in code, infrastructure, configuration and access control. AI introduces additional dimensions of risk: model behavior, training data, prompt manipulation, hallucinations, data poisoning, model leakage, bias, excessive agency, misuse and unpredictable outputs. These risks are not always visible through traditional application security testing.

This is why trustworthy AI requires a broader lifecycle approach. Organizations need to move from a narrow view of “is the software secure?” to a more complete question: can this AI system be trusted in its real operational context?

That question involves security, but also privacy, reliability, fairness, transparency, accountability, human oversight and continuous monitoring.

The MERIT discussion highlighted four major changes for industry.

First, AI expands the attack surface. Prompt injection, indirect prompt injection, data poisoning, model extraction, sensitive information disclosure and agentic abuse are examples of threats that emerge from the interaction between users, models, data sources and tools. These are not just code-level bugs; they are system-level and behavior-level risks.

Second, AI changes development practices. AI development involves data engineers, model engineers, software engineers, security teams, domain experts, legal and compliance functions. The lifecycle includes data preparation, model training, testing, application development, deployment, monitoring and retraining. A traditional SDLC is not enough to manage this complexity.

Third, AI requires continuous validation. Testing once before go-live does not work for systems whose behavior may change over time because of model updates, prompt changes, data drift, user interaction or new integrations. Trustworthy AI requires continuous testing at inference, monitoring of behavior and periodic reassessment.

Fourth, AI governance becomes an operational capability. Companies need AI awareness, AI policies, AI inventory, impact assessment, risk assessment, threat modeling, testing evidence, human oversight, monitoring and auditability. Without these elements, AI adoption can quickly become fragmented and unmanaged.

At Synapsed, we believe the next phase after digitalization is not simply “AI adoption.” It is trustworthy AI adoption.

This means helping organizations redesign how they build, test and govern AI-enabled products. It means connecting engineering practices with governance requirements. It means translating principles into concrete activities: AI inventory, impact and risk assessment, AI threat modeling, trustworthy testing, monitoring, evidence collection and continuous improvement.

The MERIT workshop reinforced a point that is becoming increasingly clear across European industry: the challenge is no longer whether companies will use AI. They already are. The real challenge is whether they will be able to use AI responsibly, securely and with enough evidence to trust it.

Secure software is still necessary. But secure software is not the final goal.

The final goal is building AI systems that are secure, private, reliable, accountable and aligned with human and organizational objectives.

That is the meaning of Trustworthy AI.

Synapsed helps organizations move from AI experimentation to trustworthy AI adoption.