Today’s columnist, Mike Britton of Abnormal Security, reports on how industry leaders who spoke at the recent Innovate 2025 Conference say AI will change cybersecurity. (Adobe Stock)
COMMENTARY: Over the past year, the security industry has grappled with the widespread adoption of AI as an essential technology for protecting against cyberattacks and, in the hands of criminals, a formidable weapon disrupting traditional approaches to security.
At our recent Innovate 2025 conference, we brought together several renowned security and AI leaders to explain how AI will transform our industry and what we can expect in the months ahead. Knowledge sharing is one of the best exercises we can engage in as a cyber community to collectively fight against the evolving AI threat, and Innovate 2025 had no shortage of valuable and actionable perspectives.Here’s a roundup of some of the most interesting insights that came out of those discussions, especially for CISOs to strengthen their defenses in this AI era:
Stay ahead of weaponized AI
Security pros have become very concerned about how rapidly threat actors can evolve their tactics and deploy highly sophisticated attacks by weaponizing AI.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]“Humans can't really conceive of how quickly AI can make the technology advance,” says Sherrod DeGrippo, director of threat intelligence strategy at Microsoft. “They're going to be able to leverage AI to make their campaigns faster, and we have to leverage AI for better defense.”But staying ahead doesn’t look the same as it did before. While many organizations have focused considerable time and budget on teaching employees to spot potential threats, AI has given cybercriminals the ability to execute attacks that are virtually impossible to detect.
“It's always been this cat and mouse game where you figure out something, and they figure out how to circumvent it,” says Arsalan Tavakoli-Shiraji, co-founder and senior vice president of field engineering at Databricks. “AI has made things that we previously used as proof points for validation of identity less trustworthy,” he says, pointing to improvements in deepfakes and AI image generation as examples.What’s more, organizations that don’t understand the speed of AI advancement may underestimate its power as a weapon — or overestimate their traditional security tools’ ability to protect against it.
“Right now, we're dealing with very smart humans who are very well-funded and constantly looking at weaknesses in our networks,” says Michael Baker, Global CISO at DXC Technology. “When those humans are replaced with AI agents that can do it at speed, at scale, and at a quantity that we're not ready for, we have to meet that with testing and remediation.”
How AI can strengthen defenses and boost efficiency
Fortunately, while weaponized AI makes security leaders’ jobs more challenging, AI-powered defenses help teams anticipate threats with greater accuracy, speed up responses, and accomplish more in less time. This presents a welcome boon for security teams that have spent years feeling over-stretched and under-resourced.
“We can never have enough people, and that's because there's always more that our people can do,” says Ariel Weintraub, chief information security officer at Aon. “AI has allowed us to repurpose human time on tasks that matter. In some cases, upskilling the team members and giving them an opportunity to grow and develop in their careers.”Additionally, Lamont Orange, chief information security officer at Cyera, points out that AI can tackle more rote, repetitive tasks so security teams can make faster, more data-informed decisions.“The AI system doesn't need to sleep. It can produce a result for us, and then we can act on it,” Lamont says. “If we're logging into multiple consoles to grab information to understand what’s occurring in our environment — why don't we have AI grab all of that information and present it for us in a dashboard so that we can understand if it's normal?”
The future of cybersecurity
With so many rapid transformations in play, we have to keep an eye on the horizon. For example, Liz Morton, Field CISO at Axonious, said while we’re likely reaching the end of the AI hype cycle, we’re potentially entering a post-quantum computing and cryptography era.
“Quantum is something that was always in the future, and I think we’re getting closer to the future being today,” she says. “I think we'll see it follow a similar cycle to AI where we calm down eventually and get to the business of figuring out how to operationalize and harness that power.”
Regarding more imminent AI developments, George Kurtz, chief executive officer of CrowdStrike, warns that AI’s exponential advancement will likely create an entirely new taxonomy of attacks.“Cybercriminals are going to be able to throw this into a model, have a patch reverse-engineered, have the exploit made, and have it into one of the gray market operators,” he says. On a more hopeful note, Kurtz also acknowledges that with new challenges come new opportunities: “It's a great time to be in security,” he says. “I think it's pretty rewarding for folks getting into it.”Like my CISO peers, I’m optimistic about AI’s defensive potential – even against the backdrop of rapidly evolving malicious AI. Accuracy and speed are the name of the game when it comes to combating today’s – and tomorrow’s – threats.This is the promise of AI automation – and now’s the time to capitalize on it.Mike Britton, chief information officer, Abnormal Security SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Mike Britton, chief information officer at Abnormal Security, leads the company’s information security and privacy programs. Mike builds and maintains Abnormal Security’s customer trust program, performing vendor risk analysis, and protecting the workforce with proactive monitoring of the multi-cloud infrastructure. Mike brings 25 years of information security, privacy, compliance, and IT experience from multiple Fortune 500 global companies.
Increasing concerns regarding the potential utilization of Chinese artificial intelligence platform DeepSeek for foreign government surveillance have prompted New York Gov. Kathy Hochul to ban the AI chatbot's usage across all state-issued devices just days after Texas Gov. Greg Abbott issued a similar prohibition for DeepSeek and Chinese-owned social media apps.
Aside from integrating analytics and continuous monitoring to improve MSP management of customers' accounts, ThreatMate's solution has been touted to enable automated penetration testing, cybersecurity audits, risk scoring, asset discovery, and dark web tracking to facilitate less complex and costly security, compared with typical enterprise security platforms.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
