The CISO Brief

Artificial intelligence (AI) is rapidly reshaping the cybersecurity landscape, redefining both the nature of threats and the tools available for defense. While AI creates opportunities for automation, threat detection, and resilience, it simultaneously arms adversaries with sophisticated techniques—ranging from autonomous attacks to hyper-realistic and personalized social engineering.

CISOs now need to manage AI-driven threats, shape risk decisions, and set AI controls across the business. Because AI changes how attacks work, cyber capabilities need a rethink from the ground up. Traditional detection and app security may not keep up with AI attackers that generate new patterns and write malware at speed. The cyber organization needs to be more predictive, agile, and autonomous.

This issue focuses on what’s changing for CISOs—and what to do now to get ahead of AI-enabled attacks.

1. AI is accelerating attacks. More convincing social engineering, faster vulnerability discovery, and more scalable credential and identity abuse are raising the baseline threat level.
2. The blast radius is bigger. AI-powered attacks can move laterally more quickly by dynamically exploiting a wider range of vulnerabilities to access sensitive data across employees, third parties, and AI-enabled workflows.
3. The CISO mandate is widening. When the entire business runs on AI, protecting the AI models and processes is top priority.
4. Cyber leaders are asking: “What should we do in the next 30–90 days to reduce exposure to AI-enabled attacks, and how do we begin the AI journey to enable the cyber function?”

AI-driven threats change the CISO’s job in three practical ways:

1. You need controls that travel with the workflow. When work happens inside chat tools, co-pilots, agents, and integrated software-as-a-service (SaaS) platforms, controls can’t be limited to traditional endpoints and networks.
2. Identity becomes the control plane. Many AI-enabled attacks ultimately target identity—stealing credentials, bypassing authentication, or manipulating trusted interactions. Agent-based AI will likely become the main way to coordinate workflows and automate work. That means you will need controls to manage each agent’s lifecycle and access.
3. You’re shaping secure AI adoption, not just secure systems. CISOs are increasingly expected to influence how AI is approved, deployed, monitored, and governed across the enterprise—especially where sensitive data, regulated processes, or customer outcomes are involved.

There are several ways AI accelerates cyberattacks. It’s important to be familiar with the latest innovations and how to counter them.

What’s changing: Video and voice manipulation can make impersonation and social engineering more scalable and believable.

Countermeasures: Solutions that use AI to identify deepfakes, continuous identity verification, and anti-fraud tools.

What’s changing: Attackers target highly privileged agents to steal data, perform malicious activity, or sabotage operations.

Countermeasures: Strong access controls, least privilege, human oversight for privileged actions, and monitoring to detect unusual or unauthorized behavior.

What’s changing: AI can increase the success rate of credential harvesting and enable faster targeting at scale.

Countermeasures: Stronger password policies, improved identity and access management (IAM) monitoring and detection, and faster identity threat detection and response.

What’s changing: Attacks can introduce data that reduces the effectiveness of machine learning operations (MLOps) and trust.

Countermeasures: Secure MLOps practices, stronger access controls for AI-related data stores, and protections for retrieval-augmented generation (RAG) data sources.

What’s changing: Techniques can cause AI assistants to disclose private data. These techniques include persona switches, extracting conversation history, and fake completion.

Countermeasures: Implementing IAM context and authentication for user interactions, session monitoring, and controls.

What’s changing: Neural networks trained on password data can now crack passwords faster than brute force techniques. AI-enabled password cracking can be 51% to 71% more effective than current brute-force techniques.¹

Countermeasures: Stronger password policy and rotation, monitoring for password-cracking activity, and detection for password-cracking malware.

What’s changing: Model context protocol (MCP) services let AI agents talk to each other and let people or other apps interact with AI tools. By default, they do not require sign-in. That can be risky because attackers could access these services and potentially trick them into revealing sensitive data.

Countermeasures: Establish authentication for MCP services, leverage application programming interface (API) security or data tagging and classification to reduce sensitive data exposure and help ensure MCP services are not running with excessive privileges. 

Use this as a short-cycle plan to reduce exposure while longer-term programs mature.

• Inventory where AI is being used (enterprise tools, developer tooling, “shadow AI,” third parties).
• Identify the highest-risk data paths (customer data, IP, credentials, regulated data) and where they touch AI-enabled workflows.
• Establish accepted architecture patterns, standards, and policies to shape practices that foster AI adoption at reduced risk.
• Define monitoring standards to collect evidence and monitor AI activity.

• Define what must be true before launching AI-enabled features and workflows (access controls, logging, testing, data handling rules, third-party requirements).
• Set expectations with product and business leaders. A deployment that is secure-by-design now avoids an expensive retrofit later.

• Prioritize stronger authentication and continuous verification for high-risk roles and workflows.
• Improve identity monitoring and detection for anomalous access patterns and rapid credential abuse.
• Establish controls for agentic AI and put controls into secure software development life cycle (SSDLC) processes to reduce security vulnerabilities.

• Update and define incident response patterns for social engineering and deepfake attacks.
• Update security operations center (SOC) playbooks for voice and video impersonation and fraud scenarios.
• Align fraud, security, and communications teams on rapid verification procedures for high-risk requests.

• Monitor data exfiltration patterns tied to AI tools and AI-enabled workflows.
• Put basic controls around privileged automation and agents: who can create them, what they can access, and how actions are logged.

To combat the rapid pace of change, CISOs need to start maturing and evolving capabilities that keep their organizations ahead of the evolving AI arms race. CISOs are being asked to move from reactive controls to proactive, business-aligned defense against AI-enabled attacks. The goal is not just better tools—it is stronger decisioning, clearer accountability for high-risk actions, and controls that reduce exposure as AI-driven threats evolve.

¹Ramesh RV, “How cracking passwords can be easier in the age of AI/ML,” Okta, February 12, 2025.