At Security Edge, tech leaders explored how CTOs are securing AI adoption, managing identity threats, and balancing innovation with evolving cyber risks.

Pratima Singh, Security Specialist Solutions Architect at AWS, moderates a panel discussion on securing the next frontier of AI risk, featuring industry leaders Fabio Fratucello – Field CTO, Worldwide at CrowdStrike, Antonie Falco – APJ CTO at Zscaler, and Brett Winterford – Regional CISO at Okta.

The panel explores the emerging risks associated with generative AI from both an adversarial and operational perspective.

Fabio highlights two primary risks: social engineering and vulnerability exposure.

He explains how generative AI has made attacks more effective by enabling faster creation of sophisticated phishing and impersonation campaigns.

The ability of adversaries to scale their operations is also amplified, with AI helping them discover vulnerabilities and craft more targeted attacks, particularly against identities.

Fabio emphasises the need for faster detection and response, as well as improved telemetry management to identify threats early.

Brett discusses how generative AI has also empowered cyber criminals by enhancing reconnaissance and discovery, particularly through social engineering and identity theft.

He notes that less-skilled actors now benefit significantly from generative AI, which helps them scale fraud operations.

However, Brett reassures that while AI poses challenges in terms of phishing and impersonation, cryptographic protections such as passwordless authentication and machine-to-machine encryption, provide strong defences against AI-enabled threats.

He suggests that the key to defending against these AI-driven risks lies in limiting access and ensuring robust cryptographic relationships, particularly around authentication processes.

Antonie shifts the conversation to the operational opportunities of generative AI, particularly in the context of business productivity and profitability.

He points out that while the current economic climate presents challenges, AI can help organisations balance the need for productivity with the need for security.

ADAPT insights support this point.

One of the top themes is the challenge of balancing rapid business growth with cyber security readiness.

As organisations expand—whether through revenue, products or headcount—initiatives such as Identity and Access Management (IAM) and governance become essential.

Antonie highlights the tension many CTOs face between pushing forward with generative AI adoption and ensuring it is secure.

The challenge, he argues, lies in presenting a business case for AI’s potential while establishing appropriate guardrails to mitigate risk.

He calls for greater collaboration between CTOs and CSOs to create a shared vision that enables organisations to harness AI’s benefits while addressing security concerns.

 

Key takeaways:

  • Generative AI amplifies cyber threats: AI enables more effective social engineering and identity theft attacks, allowing adversaries to scale fraud operations and exploit vulnerabilities faster. Faster detection, response, and improved telemetry management are crucial to defend against these risks.
  • Cryptographic protections offer defence: While AI enhances the capabilities of cyber criminals, cryptographic techniques like passwordless authentication and machine-to-machine encryption remain strong defences against AI-driven threats, especially in protecting identities and sensitive data.
  • Balancing AI opportunities with security: CTOs face the challenge of adopting generative AI to boost productivity while managing security risks. Effective collaboration between CTOs and CSOs is needed to create a secure yet innovative environment, balancing AI adoption with necessary guardrails.
Contributors
Pratima Singh Security Specialist Solutions Architect at AWS
Pratima is a Security Specialist Solutions Architect with Amazon Web Services based out of Sydney, Australia. She is a security enthusiast who... More Less
Fabio Fratucello Field CTO, International at CrowdStrike
Fabio is a technology and security executive with over 25 years of international experience working for private companies and large multinationals, in... More

Fabio is a technology and security executive with over 25 years of international experience working for private companies and large multinationals, in a variety of leadership, technical and advisory roles.

Currently Fabio is the Chief Technology Officer for the Asia-Pacific & Japan region at CrowdStrike, working on accelerating growth and driving strategic direction, technology innovation and partnerships around the globe. Fabio is also responsible for developing and executing on CrowdStrike’s regional technology roadmap and helping customers developing cyber defence strategies aligned to their risk appetite and cyber journey.

Prior to this role, Fabio had a prolific career in the financial service industry, having held leadership roles at Insurance Australia Group, HP Australia, Westpac Banking Corporation, UBS Group and Banca Intesa Sanpaolo in Australia and in Italy. In addition, Fabio was also a member of the Financial Services Information Sharing and Analysis Centre (FS-ISAC) APJ Strategic Committee, setting the strategic direction within the region and coordinating the group threat research to identify threats that could affect the sector broadly.

Fabio has spoken at numerous conferences, customer and non-customer events across the Asia Pacific region and contributes to various government and industry associations’ initiatives on security. Fabio holds a Master of Management in Information Technology and several security and technical certifications, including CISSP, SABSA, CRISC and CPDSE.

Less
Antonie Falco APJ CTO at Zscaler
Less
Brett Winterford Regional CISO at Okta
Brett Winterford is the APJ CSO at Okta advising policy makers, business leaders and fellow security professionals on evolving threats and opportunities... More

Brett Winterford is the APJ CSO at Okta advising policy makers, business leaders and fellow security professionals on evolving threats and opportunities to improve their security posture. Prior to Okta, Brett held senior leadership roles in the security teams at Symantec and Commonwealth Bank. Yet, he’s best known for his work as a security journalist. In 2020, he was the founding editor of the Srsly Risky Biz newsletter, a companion to the Risky Business podcast, providing the cybersecurity, policy, defence and intelligence communities with a weekly brief of the news that shapes cyber policy.

Prior to working as a security practitioner, Brett was the editor-in-chief of ITnews Australia and has contributed extensively to ZDNet, the Australian Financial Review and the Sydney Morning Herald.

Less
security modernisation compliance cloud