In a fiercely competitive landscape, we are deploying AI systems faster than they can be security tested and defended. With developers under pressure to deliver on functionality and performance as quickly as possible, security is too often left as an afterthought. In response to emerging security challenges, we present a playbook to establish an AI blue teaming process for mitigating vulnerabilities before they can be exploited in the wild. By describing the process as part of a larger framework known as Build-Attack-Defend (BAD), we define an iterative and collaborative process between the AI system development and security teams, as well as various stakeholders. Our playbook contains the blue teaming historical context, process, lessons learned and hypothetical examples, serving as a starting point for embedding security at the heart of AI-enabled systems.