The debate about who owns AI red-teaming usually gets settled by org chart proximity: the AI team built the system, so the AI team should test it. That logic produces the wrong answer. AI red-teaming belongs to the security team. Not because security practitioners know more about machine learning, but because they already have what is hardest to teach: an adversarial mindset built around finding how systems fail when someone actively tries to break them. What AI Red-Teaming Actually Is AI red-teaming is adversarial testing with a different target surface. The question isn't whether the system performs well. It's what an attacker can make the system do that the developer didn't intend. That framing is identical to any red team engagement. Find the trust boundaries. Identify inputs the developer assumed would be well-formed. Submit inputs they didn't anticipate. Probe the gap between "this system should never do X" and "here is the condition under which it does." The vocabulary is different.…