Clyde Williamson, senior product security architect at Protegrity, agrees that it’s dangerous to assume attackers won’t exploit generative AI and agentic tools. “Anybody who has that hacker mindset when presented with an automation tool like what we have now with generative AI and agentic models, it would be ridiculous to assume that they’re not using that to improve their skills,” he tells CSO.
Jimmy Mesta, CTO and co-founder of RAD Security, says CISOs should be preparing their boards now for difficult budget decisions. “Boards will have to be presented with the options of being insecure or being secure, what it’s going to cost, and what it’s going to take,” he tells CSO. “CISOs aren’t going to be able to walk in and say we must do everything to 100%. There will be more trade-offs than ever.”
Even as CISOs prepare for the coming wave of AI-assisted attacks, they must maintain focus on cybersecurity fundamentals, Alexandra Rose, global head of government partnerships and director of CTU threat research at Sophos, tells CSO. “We come back to the basics so often because they’re the most effective at stopping what we see — from every level of sophistication, including threat actors experimenting with AI,” she says.