Close

Back to News

Stop playing whack-AI-mole

Speed is the Threat

One of the most uncomfortable realisations emerging in cybersecurity today is that AI implementation is happening faster than governance frameworks, security assessments, and oversight capabilities can keep up with.

Copilots are being built by employees using AI assistants, integrating them with software, automating tasks, and granting machine identities access to systems containing sensitive data without approval. In some companies there are now more machine identities than human ones.

This leads to new exposures. AI-powered workflows are holding on to permissions way beyond the life span of those projects, as internal automation tools steadily gain access across cloud systems, collaboration tools, and even customer environments. Some companies have found AI assistants accessing internal knowledge bases, exposing confidential information since access control mechanisms were geared toward human, rather than machine, interactions.

AI presents cybersecurity threats that go beyond deepfakes or phishing emails. It has more to do with seed, complexity, identity, decision making, and the challenge of achieving visibility across interconnected digital ecosystems.

Fundamentals are the Vulnerability

AI doesn’t seem to be creating entirely new security problems. More so, it is accelerating existing ones.

Issues that have challenged security teams for years, including excessive permissions, poor asset visibility, inconsistent identity management, and fragmented governance, become harder to manage when AI systems operate at machine speed. A process that once involved a handful of users can suddenly involve hundreds or thousands of automated interactions taking place across multiple environments.

As a result, many focus on AI-specific threats while overlooking the foundational controls that determine whether those threats can cause damage in the first place.

And Risk needs a rethink

This runs counter to how many businesses have traditionally approached security. The instinct is to respond to every new AI capability with additional reviews, policies, and manual approvals.

That approach does not scale anymore.

As AI adoption grows, security teams cannot realistically review every workflow, permission request, integration, or machine identity individually. It’s not about making better individual decisions, but building systems and processes that make mostly good decisions by default.

The move is towards automation driven by policies, visibility, and governance processes that run as quickly as the technology itself. Instead of trying to figure out which approval is needed for each and every AI activity, build guardrails so safe activities run without a hitch, and exceptions where human intervention is needed are flagged.

AI is forcing businesses to rethink cybersecurity, but there’s also an opportunity to build security operations that are more scalable, resilient, and effective than the manual approaches they replace.

Top trends

Automated attack chains are emerging: AI technology is getting better at combining multiple low-severity vulnerabilities into an attack path, reducing the time from reconnaissance to breach.

Identity exposure is becoming an attack vector: Overprivileged identities, non-human identities, API keys, and cloud access paths are now areas of focus for attackers, as their use of AI enables them to analyze credentials faster and more efficiently.

Governance is becoming a cybersecurity issue: The combination of long remediation times, lack of ownership, and complex decision-making processes is creating security risks as attack speeds increase.

AI regulatory watch

The European Commission has established a Scientific Panel and an Advisory Forum to assist in enforcing the AI Act. These bodies will provide guidance to the Commission’s AI Office and national watchdogs on applying the rules, and will advise them on general-purpose AI (GPAI) models, systemic risks, model classification, evaluation methods, and cross-border market oversight. The Scientific Panel consists of 60 independent experts drawn from AI research, engineering, technical audit, industry, and academia.

CISO voice

“If you are going to pretend threat actors are ‘getting faster with AI’, then the answer is to frontload proactive defenses via investment into detection engineering, zero trust, basic security hygiene, and cyber threat intelligence to inform and enable all of the above. Not playing whack-a-mole or cat-and-mouse with AI vs AI.” — Marcus Hutchins, Malware, Threat Intelligence, Ex-Hacker

Innovation spotlight

Zenity, an AI security company, is working to safeguard AI agents, AI co-pilots, and low-code automation platforms. In light of the rapid adoption of agentic AI technologies, Zenity is helping businesses to address evolving governance, identity, and data-exposure challenges related to autonomous operations. It was also named ‘the Company to Beat in AI Agent Governance’ by Gartner.

Barcelona Cybersecurity Congress update

The problem of protecting against AI-driven attacks is becoming more acute, and companies are under pressure to implement AI-based cybersecurity solutions. This topic is expected to dominate the agenda of the Barcelona Cybersecurity Congress. This year’s sessions will cover topics such as GenAI risk, attack-path analysis, governance, resilience, and machine-speed security operations.

Barcelona Cybersecurity Congress 2026

Dates: 3–5 November

Location: Barcelona

Co-located with: Smart City Expo World Congress

CONNECTING EUROPE’S CYBERSECURITY ECOSYSTEM

The Cybersecurity Brief

What cybersecurity leaders need to know — every month.

Curated insights, regulatory updates, and expert perspectives to help you stay ahead in an increasingly complex cybersecurity environment.
📩 Subscribe to our newsletter and keep your knowledge up to date.

Join the brief

Not following us yet? 👀

LinkedIn
YouTube