.
Image: Getty Images
Over the past few decades, I’ve watched technology evolve through several defining eras, from client-server to cloud, from manual processes to automation, and now from data-driven insights to AI-driven action. Each wave brought incredible gains in speed and capability, along with a new class of risks.
Today, we’re at another inflexion point. Artificial intelligence is being woven into how businesses operate, how we code, make decisions, manage supply chains, and serve customers. But as AI transforms productivity and creativity, it’s also transforming the threat landscape.
The reality is simple but urgent: AI will require intelligent defences that think and act as fast as the technology itself. Traditional, human-speed cybersecurity can’t keep up.
We need security for AI, and we also need AI for security.
For decades, organisations have focused on protecting data, users, and applications. But AI doesn’t behave like any of those. Autonomous models and agents make their own API calls, generate credentials, and interact with systems in unpredictable ways.
The problem, at its core, is that a new, autonomous workforce runs on the same fragmented, multi-cloud infrastructure as our decades-old applications.
Simultaneously, “shadow AI” is spreading as employees experiment with publicly available tools on sensitive data, often outside corporate oversight. A recent IBM report found that most enterprises still lack formal policies governing AI use, creating significant blind spots for attackers to exploit.
This means building the right guardrails for AI adoption—so innovation happens safely—at the infrastructure level, where AI systems touch data, networks, and other workloads.
A few core principles matter most:
Embedding these fundamentals into your cloud infrastructure ensures that AI accelerates growth without introducing new vulnerabilities.
If the first challenge is protecting AI, the second is using AI to assist in that protection.
The dirty secret of enterprise IT is that security complexity already exceeded human scale, even before agentic AI. The real problem is fragmentation.
A typical example is an enterprise running a “lift-and-shift” virtual machine VM from 2010, a Kubernetes (K8s) cluster from 2020, and a serverless function from yesterday—all on different clouds. This hybrid, multi-generational mess has created a security gap that is impossible for humans to manage. Traditional tools are fragmented, and so are the teams that run them.
That’s where AI becomes indispensable. Properly trained, AI can:
Still, AI for security isn’t a “set it and forget it” solution. Machine speed must always be balanced with human judgment. As I often tell CIOs and CISOs: Speed without oversight is dangerous, and oversight without automation is too slow.
Enterprises are rapidly adopting agentic AI—autonomous systems that can act on their own behalf. These tools can initiate actions across networks, databases, and APIs. That autonomy creates extraordinary business value, but it also exponentially accelerates the problem of fragmentation.
Suddenly, you have 10 million agent-created ephemeral workloads, introducing an extraordinary level of complexity. Without intelligent defences that can understand and respond in real time, organisations may lose visibility into their AI systems’ behaviour.
In short, AI is changing both sides of the cybersecurity equation. Attackers will use it to identify and exploit vulnerabilities faster than humans can respond. Defenders must use it to match and eventually outpace that speed.
1. Start with the fundamentals. Focus on the Zero Trust Triad of Workload Identity, Network Containment, and Endpoint Behaviour. The basics still matter most.
2. Map and monitor every AI system. Know where your models live, what data they access, and who, or what, they talk to.
3. Prioritise network intelligence. See the network for what it is: the primary path for lateral movement. You can’t defend what you can’t see, and you can’t contain what you can’t control.
4. Unify your defences. Your security tools cannot be as fragmented as your workloads. You need a single control plane that can see and enforce one security intent across your old VMs, your new K8s clusters, and your future AI agents.
5. Combine human insight with AI automation. Machines provide scale; humans provide context. Both are essential.
6. Embrace speed responsibly. Move fast on AI innovation, but bake in compliance, encryption, and observability from the start.
Cybersecurity’s defining year may prove to be 2026. The technology reshaping business operations is also rewriting the rules of defence. Companies using AI to secure their AI will find a true competitive advantage.
Executives should start by asking a simple question: Do our defences move as fast as our AI?
Those answering “yes” will not only protect their organisations but also position AI as a multiplier of innovation, trust, and resilience. Those who hesitate risk being overwhelmed by the very tools meant to propel them forward.
The next era of cybersecurity won’t be human versus machine. It will be a unified human-and-machine defence, working together to keep the fragmented digital world safe.
ABOUT THE AUTHOR
Doug Merritt is Chairman, President, and Chief Executive Officer at Aviatrix. Read Douglas’s Executive Profile here.