The AI revolution is entering a critical new phase. It’s not just about the promise of AI anymore, but also about the new vulnerabilities it introduces.
As a cybersecurity leader, I’ve seen AI streamline workflows, accelerate threat detection, and help teams scale faster than ever. The progress is real, but so are the risks. The same AI that fuels security innovation is also empowering and enabling attackers with unprecedented speed and scale. In fact, 85% of security professionals have already seen a sharp rise in AI-driven attacks. Today’s CISOs are navigating a high-wire act. They need systems able to keep pace with evolving threats while remaining transparent and trusted. Adopt too slowly, and they will fall behind. Adopt too quickly without safeguards, and trust and effectiveness erode.
This isn’t just a technical issue, it’s a strategic one. As AI reshapes the cybersecurity landscape, the primary challenge for CISOs is striking the right balance between speed, transparency, integrity, and resilience.
Identity as a Critical Battleground
AI is a double-edged sword. While we enjoy the benefits of AI in protecting our organizations, attackers do as well.
As digital infrastructure becomes more abstract and automated, identity emerges as a primary attack vector. That’s because AI raises the stakes by making it easier than ever to clone identities, create believable deepfakes, and automate the exploitation of credentials at scale. With AI, it’s never been easier to deploy sophisticated social engineering techniques and execute real-time impersonation attacks, which can have a major impact on people’s personal lives or critically damage an organization’s assets or critical infrastructure.
Take the $25 million heist at British engineering group Arup. Attackers used an AI-generated deepfake of the company’s CFO to manipulate employees during a Zoom call. With powerful AI tools so widely available, such attacks can now be an everyday occurrence.
These kinds of attacks show that static identity controls can’t keep up. To stay ahead, we need to treat identity as a living, adaptive perimeter. It’s no longer enough to manage who gets access to what. We also must understand why someone is acting and understand the intent of each action in real time. That means embracing tools like just-in-time permissions (JIT) and behavioral baselining to protect against AI-accelerated identity compromise and reduce the potential fallout in case of a successful attack. In a world where AI enables identity manipulation and misuse at scale, a new approach to identity is non-negotiable.
Getting a Complete Picture
Strengthening organizational identities is only one part of the equation. The next chapter in securing assets will be about real-time intelligence and AI-contextualization of the environment. Only then will teams be empowered to remediate continuously and proactively (also with the help of AI), while maintaining business continuity. As AI makes it easier to disguise malicious behavior as normal system activity and carry out attacks quickly, relying solely on periodic scans or configuration audits leaves too many blind spots.
To keep up, organizations need better visibility into how their systems behave over time. Monitoring activity in real time as it happens, rather than at scheduled intervals, can help security teams recognize subtle anomalies, respond more quickly, and minimize the impact of emerging threats.
To keep up, organizations need better visibility into how their systems behave over time. Monitoring activity as it happens, rather than not just in scheduled intervals—can help security teams recognize subtle anomalies, respond more quickly, and minimize the impact of emerging threats.
Traditional perimeter models have held up in the past. But in the age of AI, especially as cloud-native environments grow in scale and complexity, they’re no longer enough. Security strategies must shift from snapshot-based assessments to continuous runtime monitoring. Attackers don’t wait to attack, so security teams can’t afford to wait to protect themselves.
The AI Arms Race: Offensive Innovation vs Defensive Reinvention
AI arms both sides in the battle for cybersecurity. AI gives attackers tools to create adaptive malware, perpetrate hyper-personalized phishing, and evade traditional defenses with unprecedented speed and scale. But defenders who get creative and use AI strategically can turn it into a decisive battle advantage and are already leveraging it to accelerate incident triage, reduce alert fatigue, simulate attack trajectories, and use AI copilots as a force multiplier for analysts.
This future is already here. The organizations that hold their own against this new wave of attacks will be those who:
- Embed AI deeply into their detection and response operations instead of tacking it on as an afterthought.
- Build transparency into their AI models and rely on high-quality training data to build trust.
- Prepare security teams for effective human-AI collaboration in their SOC.
So, what does that mean practically?
AI is no longer just a tool. It is a strategic underpinning of the next generation of cybersecurity and will define whether organizations can stay ahead.
Smarter Security for Smarter Threats
AI is changing both sides of the cybersecurity landscape. As these tools become more accessible, with lower barriers to entry for both attackers and defenders, the stakes are rising for both sides, as well as the organizations caught in the middle.
This shift is already unfolding. The advantage won’t go to those with the most tools, but to the ones who apply them with a strategic focus, creativity, and speed. That means changing the way we approach cybersecurity, including foregone conclusions like treating identity as a static credential and building security strategies around continuous runtime visibility as opposed to traditional snapshot assessments. Organizations that embed AI across their security operations, train teams to collaborate with it, and prioritize transparency will be the ones to stay ahead. Rethinking strategy isn’t just optional. It’s survival.
About the Author
Rinki Sethi is a cybersecurity leader with executive experience at companies like BILL, Twitter, Rubrik, IBM, Palo Alto Networks, Intuit, and eBay. She currently serves on the board of Vaultree, and previously served on the boards of Women in CyberSecurity, One Prosper and ForgeRock. Rinki advises cybersecurity startups and is an active angel investor. She is also a frequent contributor to major publications like Fortune, Forbes, and WSJ and a keynote speaker at global conferences.
Rinki can be found on LinkedIn and at our company website https://www.upwind.io/
