Cyber Security

Cybersecurity is designed for predictable systems. AI is changing the rules

Photo of pleasuremandarya@gmail.com pleasuremandarya@gmail.com Send an email 5 hours ago
0 0 6 minutes read
Cybersecurity is designed for predictable systems. AI is changing the rules

Every major technology change changes cybersecurity. I’ve spent most of my career working through major technological changes, from the rise of the commercial Internet to mobile phones and cloud computing. Each shift created new opportunities for innovation, but also created new security issues that organizations were not fully prepared for.

AI may be similar to previous technological changes in some ways, but it is different in one important way: it challenges one of the basic assumptions that modern security systems were built around: predictability.

For most of my career, security teams work in environments where systems behave deterministically. Applications are generally used in the same way every time. The infrastructure changed slowly enough for people to be able to identify dependencies, understand the limits of trust and implement controls around them. Even the transformation to the cloud has allowed us to apply standard security models to the new infrastructure.

AI is changing those ideas.

Agent systems make decisions dynamically. Major language models produce different results based on context. AI systems are increasingly interacting with external tools, APIs and environments in ways that their developers cannot fully predict in advance. When systems stop behaving consistently, the traditional “stop the bad stuff” approach to cybersecurity begins to break down.

Prevention is still important. But prevention alone is not structurally sufficient in an environment where risks are continuously emerging during operations.

Security is designed for deterministic systems

When I helped build security systems over the years, most of the focus was on hardening systems before deployment. Security teams try to identify vulnerabilities early, reduce exposure and prevent attackers from gaining access in the first place.

Even in the early years of cloud adoption, many organizations still approach security primarily through policy planning and management. We worry about permissions, exposed storage buckets and ownership spread while cloud security tools are more focused on identifying vulnerabilities and shutting down infrastructure.

Those controls remain relevant today. But the cloud era has also taught us that security failures are rarely static. They happen in live environments, where permissions change, APIs evolve and ownership finds unexpected access methods while systems interact in ways architects never fully anticipated.

By the time organizations map one ecosystem, it has already changed. The risk increases by emerging at runtime, when identities gain unintended access, APIs change behavior or AI agents interact with systems in ways that are not documented in the architecture.

In conversations I’ve had with companies, I’ve seen them go from producing hundreds of thousands of lines of code per month to millions. AI-assisted development tools are fundamentally changing the software engineering workflow. A Harvard Business School study found that after developers gained access to GitHub Copilot, coding activity increased by 12.4% while time spent on project management tasks decreased by nearly 25% — a shift that could leave less time for revisions and collaborative management depending on that.

From a business perspective, acceleration creates agility, but it also compresses the time security teams have to understand what goes into the product. Attackers are beginning to use AI to reduce the manual effort that was historically required to test and, exploit chain and validate vulnerabilities at scale.

Stealth is not a winning strategy. For years, organizations have tended to accept certain risks because exploits require too much time, expertise or effort from attackers.

Vulnerabilities that were once considered difficult to patch together are becoming easier to exploit at scale as attackers use AI to automate parts of the process. Security leaders must recognize that some of the organizational priorities built over the past decade may no longer reflect today’s reality.

Why prevention alone no longer works

As AI systems become more autonomous, runtime visibility becomes critical.

Many organizations have historically treated runtime monitoring as a second layer behind prevention, viewing it primarily as a safety net for edge cases.

That model breaks down when systems can evolve and interact faster than security teams can realistically verify in real time.

If an AI agent can interact with multiple systems, perform new actions independently or adjust its behavior based on context changes, organizations cannot rely exclusively on pre-deployment controls. Security teams need visibility into what these systems are doing while they are running.

That includes:

  • What AI data systems can access
  • How identity intersects with sensitive areas
  • What steps does the agent take?
  • Whether systems deviate from expected behavior
  • How quickly organizations can contain unintended consequences

In many ways, modern security is moving from trying to prevent all compromises to limiting how quickly unintended behavior can spread if systems become autonomous.

Security leaders must be careful not to get too caught up in this shift in fear-driven narratives. AI will create entirely new security challenges, but it also creates opportunities for defenders.

Security teams can no longer scale using human labor alone. The sheer volume of infrastructure changes, software development and risk management is beyond what most organizations can handle manually.

We’re already seeing organizations try to scale AI-assisted, automated investigative workflows and security agents that can help security teams move faster and manage growing operational complexity. Security products are beginning to evolve into functional extensions of security teams rather than passive alert systems.

That evolution makes sense. Attackers are using automation and AI to increase speed and scale. The defenders will have to do the same to maintain balance.

5 priorities for security leaders in the AI ​​era

The organizations best adapted to AI-driven risk will not necessarily be those with the largest security teams or the largest budgets. Often, they will be the ones that adapt more quickly as software, infrastructure and attacker behavior change faster than traditional security operations are built to handle.

That change requires you to think differently about how you manage risk, performance and resilience.

1. Reinvent risk management for AI-scale software development

Many risk management systems were already overwhelmed before AI accelerated software production and lowered parts of the attacker’s cost curve. That challenge becomes extremely difficult.

Stop assuming that old exploitation models will hold up in an environment where attackers can use AI to speed up detection, vulnerability containment and exploit development.

You need to re-evaluate how risks are prioritized, validated and remedied because some of the assumptions organizations made over the last decade about the limitations of attackers may no longer reflect reality.

Some organizations are already investing in model harnesses to deploy new AI models efficiently and securely.

2. Manage runtime visibility as a primary control

Runtime monitoring will no longer be treated as a secondary skill after blocking. Every team needs to invest in new types of tools to achieve this visibility.

That said, runtime monitoring is not something that security organizations can turn code into. We need to expect our security vendors to build continuous visibility into workloads, identities, APIs and AI system behavior in production environments.

Prioritize a clear context in which risk is accessed, exposed or leveraged. This becomes increasingly important as AI systems interact with infrastructure and data in less predictable ways.

3. Use AI to augment defense operations

Many organizations cannot hire enough people to keep up with the operational demands presented by AI.

Use automation and AI to reduce investigation time, automate repetitive workflows and improve response speed. Human judgment is still important, but security teams work in environments where the volume of notifications, infrastructure changes and software production exceeds what humans can handle manually.

AI can help teams focus on high-level decisions instead of operational noise.

4. Focus on strength and endurance

Absolute prevention is never there, but it becomes even less realistic in the most powerful AI environments.

Consider reduced blast radius, faster handling and increased performance. Your ability to quickly detect unintended behavior and limit the downstream impact will become increasingly important as organizations deploy more automated systems.

I think many security leaders are still too focused on whether AI systems can fail instead of preparing how to operate safely when they do.

5. Put safety as a means of making a change

One of the biggest mistakes security organizations can make right now is approaching AI as something to be stopped.

Boards and CEOs are pushing hard on AI adoption because they don’t see it as a strategic imperative. If you position security as a preventive function, you risk losing momentum during the most important technological change in decades.

Senior teams understand that AI transformation will not be successful without strong security leadership that guides risk decisions in real time.

That creates an opportunity to help your business move faster and more securely while building security systems better equipped for changing environments.

AI is forcing a new model of security operations

The main challenge that AI poses for security teams is not just scaling. Predictive erosion. The pace of change will accelerate as AI systems are integrated more deeply into business operations.

To be effective in this environment, focus on building security systems that can quickly adapt, contain threats in real time and innovate without losing visibility or control. Drive this innovation through both recruitment and vendor investment, with a strong focus on AI and operational expertise.

Only with a significant investment in personnel and tools can you achieve strong uptime awareness, rapid response capabilities and operating models that are compatible with continuously changing infrastructure and software environments.

This article was published as part of the Foundry Expert Contributor Network.
Want to join?

Photo of pleasuremandarya@gmail.com pleasuremandarya@gmail.com Send an email 5 hours ago
0 0 6 minutes read
Photo of pleasuremandarya@gmail.com

pleasuremandarya@gmail.com

Related Articles

Fidelity is launching a stablecoin reserve fund under the framework of the GENIUS Act

Fidelity is launching a stablecoin reserve fund under the framework of the GENIUS Act

6 hours ago
Kentucky is testing the CFTC’s powers with a case against Kalshi, Polymarket

Kentucky is testing the CFTC’s powers with a case against Kalshi, Polymarket

9 hours ago
Kalshi starts a multi-billion dollar conflict with the US gaming industry

Kalshi starts a multi-billion dollar conflict with the US gaming industry

14 hours ago
Trump is closing in on an Iran deal but the crypto market is ignoring the news

Trump is closing in on an Iran deal but the crypto market is ignoring the news

15 hours ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button