At Security Edge, tech leaders explored how CTOs are securing AI adoption, managing identity threats, and balancing innovation with evolving cyber risks.
Pratima Singh, Security Specialist Solutions Architect at AWS, moderates a panel discussion on securing the next frontier of AI risk, featuring industry leaders Fabio Fratucello – Field CTO, Worldwide at CrowdStrike, Antonie Falco – APJ CTO at Zscaler, and Brett Winterford – Regional CISO at Okta.
The panel explores the emerging risks associated with generative AI from both an adversarial and operational perspective.
Fabio highlights two primary risks: social engineering and vulnerability exposure.
He explains how generative AI has made attacks more effective by enabling faster creation of sophisticated phishing and impersonation campaigns.
The ability of adversaries to scale their operations is also amplified, with AI helping them discover vulnerabilities and craft more targeted attacks, particularly against identities.
Fabio emphasises the need for faster detection and response, as well as improved telemetry management to identify threats early.
Brett discusses how generative AI has also empowered cyber criminals by enhancing reconnaissance and discovery, particularly through social engineering and identity theft.
He notes that less-skilled actors now benefit significantly from generative AI, which helps them scale fraud operations.
However, Brett reassures that while AI poses challenges in terms of phishing and impersonation, cryptographic protections such as passwordless authentication and machine-to-machine encryption, provide strong defences against AI-enabled threats.
He suggests that the key to defending against these AI-driven risks lies in limiting access and ensuring robust cryptographic relationships, particularly around authentication processes.
Antonie shifts the conversation to the operational opportunities of generative AI, particularly in the context of business productivity and profitability.
He points out that while the current economic climate presents challenges, AI can help organisations balance the need for productivity with the need for security.
ADAPT insights support this point.
One of the top themes is the challenge of balancing rapid business growth with cyber security readiness.
As organisations expand—whether through revenue, products or headcount—initiatives such as Identity and Access Management (IAM) and governance become essential.
Antonie highlights the tension many CTOs face between pushing forward with generative AI adoption and ensuring it is secure.
The challenge, he argues, lies in presenting a business case for AI’s potential while establishing appropriate guardrails to mitigate risk.
He calls for greater collaboration between CTOs and CSOs to create a shared vision that enables organisations to harness AI’s benefits while addressing security concerns.
Key takeaways:
- Generative AI amplifies cyber threats: AI enables more effective social engineering and identity theft attacks, allowing adversaries to scale fraud operations and exploit vulnerabilities faster. Faster detection, response, and improved telemetry management are crucial to defend against these risks.
- Cryptographic protections offer defence: While AI enhances the capabilities of cyber criminals, cryptographic techniques like passwordless authentication and machine-to-machine encryption remain strong defences against AI-driven threats, especially in protecting identities and sensitive data.
- Balancing AI opportunities with security: CTOs face the challenge of adopting generative AI to boost productivity while managing security risks. Effective collaboration between CTOs and CSOs is needed to create a secure yet innovative environment, balancing AI adoption with necessary guardrails.