Every major technological shift reshapes cybersecurity. Throughout my career, I’ve navigated significant transitions—from the emergence of the commercial internet to the rise of mobile and cloud computing. Each wave brought fresh opportunities for innovation, but also introduced new security challenges that organizations weren’t fully equipped to handle.
AI shares similarities with past technological shifts, yet it stands apart in a crucial way: it undermines a core assumption underlying modern security frameworks—predictability.
For most of my professional life, security teams worked within environments where systems behaved predictably. Applications typically ran the same way each time. Infrastructure evolved slowly enough for teams to map dependencies, define trust boundaries, and implement appropriate controls. Even during cloud migration, we could apply established security models to new infrastructure.
AI disrupts these assumptions.
Agentic systems make decisions on the fly. Large language models produce varying outputs depending on context. AI systems increasingly engage with external tools, APIs, and environments in ways their creators can’t always foresee. When systems no longer behave consistently, the traditional “keep threats out” approach to cybersecurity begins to falter.
Prevention remains essential. But relying solely on prevention is structurally inadequate in environments where risks continuously evolve during operation.
Security was designed for predictable systems
Years ago, when I helped build security programs, the primary focus was on fortifying systems before deployment. Teams aimed to detect vulnerabilities early, minimize exposure, and block attackers from gaining initial access.
Even in the early days of cloud adoption, most organizations approached security mainly through configuration and policy management. Concerns centered on permissions, exposed storage buckets, and identity sprawl, while cloud security tools prioritized identifying misconfigurations and securing infrastructure.
These controls remain vital today. However, the cloud era also revealed that security failures rarely occur in static diagrams. They emerge in live environments—where permissions shift, APIs evolve, and identities acquire unexpected access paths as systems interact in ways architects never fully anticipated.
By the time teams document one state of the environment, it has already changed. Risk increasingly surfaces during runtime, when identities inherit unintended access, APIs alter behavior, or AI agents interact with systems in ways no architecture diagram captured.
In discussions with various companies, I’ve observed a jump from generating hundreds of thousands of lines of code monthly to millions. AI-powered development tools are fundamentally transforming software engineering workflows. A Harvard Business School study showed that after developers adopted GitHub Copilot, coding activity rose by 12.4%, while time spent on project management tasks fell by nearly 25%—a shift that can reduce the time available for reviews and coordination essential to governance.
From a business standpoint, this acceleration creates leverage, but it also shortens the window security teams have to understand what’s entering production. Attackers are increasingly leveraging AI to automate reconnaissance, exploit chaining, and vulnerability validation at scale.
Security through obscurity is no longer viable. For years, organizations often tolerated certain vulnerabilities because exploiting them demanded too much time, expertise, or effort from attackers.
Vulnerabilities once deemed difficult to chain together are now easier to operationalize at scale as attackers use AI to automate parts of the process. Security leaders must acknowledge that some prioritization models developed over the past decade may no longer reflect current realities.
Why prevention alone is no longer sufficient
As AI systems grow more autonomous, real-time visibility becomes indispensable.
Many organizations historically treated runtime monitoring as a secondary layer behind prevention, viewing it primarily as a safety net for edge cases.
This model collapses when systems evolve and interact faster than security teams can validate in real time.
If an AI agent can engage with multiple systems, generate new actions independently, or adapt its behavior based on changing context, organizations can’t depend solely on pre-deployment controls. Security teams need insight into what these systems are doing while they operate.
This includes:
- What data AI systems can access
- How identities interact with sensitive environments
- What actions agents are taking
- Whether systems are deviating from expected behavior
- How quickly organizations can contain unintended consequences
In many respects, modern security is shifting from attempting to prevent every compromise to limiting how rapidly unintended behavior can propagate once systems start acting autonomously.
Security leaders should avoid overreacting to this shift with fear-driven narratives. AI will undoubtedly introduce new security challenges, but it also opens doors for defenders.
Security teams can no longer scale using human effort alone. The sheer volume of infrastructure changes, software generation, and vulnerability management surpasses what most organizations can handle manually.
We’re already seeing organizations experiment with AI-assisted triage, automated investigation workflows, and defensive agents that help security teams move faster and manage growing operational complexity. Security products are evolving into operational extensions of security teams rather than passive alerting systems.
This evolution is logical. Attackers are harnessing automation and AI to boost speed and scale. Defenders must do the same to keep pace.
5 priorities for security leaders in the AI era
The organizations that adapt most effectively to AI-driven risk won’t necessarily be those with the largest security teams or biggest budgets. More often, they’ll be the ones that adjust fastest as software, infrastructure, and attacker behavior evolve more rapidly than traditional security operations were designed to handle.
This shift demands a different approach to managing risk, operations, and resilience.
1. Rebuild vulnerability management for AI-scale software development
Many vulnerability management programs were already overwhelmed before AI accelerated software generation and reduced parts of the attacker cost curve. This challenge is becoming exponentially harder.
Stop assuming old exploitability models will hold up in an environment
Attackers can now leverage AI to speed up tasks like identifying system weaknesses, combining vulnerabilities, and building exploits.
It’s time to rethink how you prioritize, confirm, and fix vulnerabilities. Many assumptions organizations have relied on for years about what attackers can and can’t do may no longer hold true.
Some forward-thinking organizations are already investing in model harnesses—tools designed to deploy new AI systems more efficiently and with better security controls.
2. Make runtime visibility a frontline defense
Runtime monitoring shouldn’t be an afterthought layered beneath prevention tools. Every team should invest in advanced tooling that delivers deep, real-time visibility into live systems.
However, you can’t just “vibe code” your way to effective runtime monitoring. Security vendors must be expected to deliver continuous, built-in visibility into workloads, user identities, APIs, and AI behavior in production.
Prioritize understanding which vulnerabilities are actually reachable, exposed, or actively being exploited. This becomes critical as AI systems interact with infrastructure and data in increasingly unpredictable ways.
3. Leverage AI to strengthen your defenses
Most teams simply can’t hire enough people to handle the growing operational load that AI creates.
Deploy automation and AI to cut investigation time, streamline repetitive tasks, and speed up incident response. Human expertise remains essential, but today’s security teams face alert volumes, infrastructure changes, and code generation rates that exceed what any manual process can handle.
AI empowers teams to focus on strategic, high-level decisions instead of drowning in operational noise.
4. Prioritize resilience and containment
Flawless prevention has always been a myth—and it’s even more unattainable in fast-moving AI-driven environments.
Shift your focus toward minimizing blast radius, enabling rapid containment, and building operational resilience. Your ability to quickly detect unexpected behavior and limit its downstream impact will be far more valuable as organizations roll out increasingly autonomous systems.
Many security leaders are still asking whether AI systems *can* fail, rather than preparing for how to operate safely when they inevitably *do*.
5. Make security a driver of innovation
One of the biggest missteps security teams can make today is treating AI purely as a threat to block.
Boards and CEOs are aggressively pursuing AI adoption because they see it as a strategic imperative. If security is seen only as a roadblock, you risk being sidelined during one of the most significant technology shifts in decades.
Executive leadership understands that AI transformation can’t succeed without strong security guidance on real-time risk decisions.
This presents a major opportunity: help your organization move faster *safely*, while building security programs designed for dynamic, evolving environments.
AI demands a new security operating model
The fundamental challenge AI poses for security teams isn’t just about scale—it’s about the breakdown of predictability. As AI becomes more deeply embedded in business operations, the pace of change will only accelerate.
To thrive in this landscape, build security programs that adapt quickly, contain risks in real time, and support innovation without sacrificing visibility or control. Drive this transformation through strategic hiring and vendor partnerships, with a strong emphasis on AI fluency and hands-on operational skills.
Only by prioritizing investment in both people and tools can you achieve deeper runtime awareness, faster incident response, and operating models that keep up with constantly evolving infrastructure and software.
This article is published as part of the Foundry Expert Contributor Network.
Interested in joining?
