As we navigate the post-hype era of artificial intelligence, moving from experimentation to widespread implementation, the cybersecurity landscape is being reshaped at an unprecedented speed. To make sense of this new frontier, we’re joined by Chloe Maraina, a Business Intelligence expert whose work at the intersection of big data and data science gives her a unique perspective on the emerging threat matrix. Today, she’ll help us understand how organizations must adapt their incident response for autonomous attacks, rethink identity verification in the age of deepfakes, navigate a fractured global regulatory environment, and govern the very AI tools designed to protect them. Chloe will also underscore why, in the face of such advanced threats, mastering the fundamentals of security is more critical than ever.
Experts predict that autonomous and agentic AI will soon enable fully automated attacks, from phishing to lateral movement. How should an organization’s incident response strategy evolve to counter threats that require little or no human engagement, and what specific metrics should they track to measure their readiness?
That’s the core challenge we’re facing as we look toward 2026. The threat is no longer just a person behind a keyboard; it’s an “exploit-chain engine” operating on its own. Incident response can no longer afford to be a purely reactive, human-led process. Teams must shift to a proactive, machine-speed defense posture. This means investing heavily in automated threat detection and response platforms that can identify and neutralize these agentic attacks without waiting for human approval. The key metrics to track should shift from “time to respond” to “time to contain” and, even better, “rate of automated neutralization.” We need to measure how many of these attacks our systems can handle autonomously before a human analyst ever has to get involved.
With AI-generated business email compromise and deepfake impersonation scams increasingly targeting departments like HR and finance, how must organizations rethink their workforce identity verification? Please describe some practical, step-by-step processes to ensure the right human is behind a high-stakes digital interaction.
The days of relying on a simple email or even a video call for verification are over, especially for high-stakes transactions. We’ve seen the consequences, like the $25 million scam that hit the British firm Arup. Organizations must implement a multi-layered verification process. First, for any significant financial transfer or data access request, there should be a mandatory out-of-band confirmation using a pre-established, secure channel, like a dedicated app or a phone call to a registered number. Second, for internal communications, especially from leadership, we need to move beyond trust-by-default and implement cryptographic signatures on emails. Finally, training is vital. We have to drill into our HR and finance teams that with 40% of business email compromise attempts now being AI-generated, skepticism is their most valuable tool. They must be empowered and required to challenge and verify any unusual request, no matter how convincing it seems.
Given the contrasting AI regulatory approaches in the EU and the U.S., what are the biggest compliance and security challenges for multinational corporations? Can you provide an example of how conflicting domestic priorities could create a significant vulnerability for a global company’s operations?
The fragmented regulatory landscape is a minefield for global companies. The core challenge is creating a unified, global security policy when the rules of the road are different everywhere you operate. The EU is moving toward coordinated, stringent frameworks like the Network and Information Security Directive, while the U.S. approach has been to scale back or delay similar efforts. Imagine a multinational tech company developing a new AI-powered defensive tool. In the EU, they might be required to undergo rigorous, transparent third-party auditing and data processing reviews. In the U.S., they might be able to deploy it much faster with fewer checks. This creates a critical vulnerability: an attacker could exploit the less-regulated U.S. deployment to find a weakness, then use that knowledge to attack the entire global network, bypassing the stronger EU protections. These conflicting domestic priorities force companies into a compliance patchwork that is inherently less secure than a unified global standard.
While AI-powered defenses are seen as essential, they can also introduce unpredictable new risks and vulnerabilities. What does strong, practical governance for defensive AI tools look like, and how can CISOs balance the need for these tools against the risks of their deployment?
This is the central paradox for every CISO today. You absolutely need AI-powered defenses to fight AI-powered attacks, but deploying them without robust governance is like releasing a guard dog you haven’t trained. Strong governance starts with a “red team” approach to your own tools—actively trying to trick, poison, or bypass your defensive AI before you even deploy it. It involves continuous monitoring not just for external threats, but for unpredictable or anomalous behavior from the AI itself. A CISO must balance the equation by insisting on radical transparency from vendors about their models and establishing clear protocols for human oversight and intervention when the AI’s behavior is unclear. The goal isn’t just to plug holes; it’s to ensure the tool you’re using to plug them doesn’t create new, even more dangerous ones.
Considering that nearly 90% of CISOs see AI-driven attacks as a major threat, what are the most critical foundational security practices to reinforce right now? Please explain why measures like zero trust and MFA are so vital as a first line of defense against these evolving threats.
It’s easy to get mesmerized by the sophistication of AI attacks, but we can’t forget that they still exploit fundamental weaknesses. That’s why reinforcing the basics is the most critical action any CISO can take right now. Adopting a zero-trust architecture is non-negotiable; it assumes no user or device is inherently trustworthy, which is the perfect mindset for an environment where deepfakes can impersonate anyone. Multi-factor authentication (MFA) is just as vital because it provides a powerful barrier against credential theft, which is often the first step in a more complex attack chain. These measures are so crucial because they disrupt the attack before it can even gain a foothold. An AI might craft the world’s most convincing phishing email, but if the stolen password alone isn’t enough to get in, the attack fails at step one. For sectors like healthcare, which saw 275 million patient records exposed in a single year, mastering these fundamentals isn’t just a best practice—it’s an absolute necessity for survival.
What is your forecast for the evolution of AI-driven cyber threats beyond 2026?
Beyond 2026, I foresee the lines blurring completely between the attacker and their tools. We will see the emergence of fully autonomous offensive AI platforms that can independently discover vulnerabilities, develop novel exploits, and execute entire campaigns from reconnaissance to exfiltration without any human operator. These “agent-based attacks” will learn and adapt in real-time, making traditional signature-based detection obsolete. The threat will no longer be a specific piece of malware but a persistent, intelligent adversary that lives within a network. This will force a fundamental shift in defense, moving away from perimeter security and toward a model of constant internal vigilance, where we assume the adversary is already inside and focus on resilience and rapid, automated response.
