Agentic AI is changing how organizations handle identity and security.

AI agents act like humans but operate with machine speed and scale.

They are decentralized, easy to create, and can access multiple systems without human oversight.

Why identity matters

Identity is the top cause of security breaches.

AI agents often get broad access to work quickly.

Many are never reviewed or removed, leaving high-risk accounts.

Attackers can target these always-on, overprivileged identities easily.

Legacy tools fall short

Traditional identity and access tools assume humans or predictable workloads.

AI agents don’t fit these models, creating blind spots and false security.

Relying on vendors alone is risky because they do not solve enterprise identity risk.

A lifecycle approach works

CISOs can manage AI agents like workforce identities.

Each agent needs clear ownership, a defined purpose, and access that matches actual duties.

Activity must be monitored, and access revoked when agents go idle or projects end.

Data correlation is key

Risk is defined by what an agent can reach, including cloud roles, apps, and data.

Monitoring across platforms and layers allows proper audits and incident response.

Preventive measures

Guardrails during agent creation can limit unnecessary privileges and reduce inherited risk.

Without this, AI adoption may cause breaches, compliance failures, and slow innovation.

Secured agentic AI makes AI sustainable, agile, and safe.

CISOs will decide whether AI scales securely, and early governance ensures it benefits the enterprise.

AI is reshaping cybersecurity, creating both powerful defenses and new threats for organizations.

Faster attacks

AI allows attackers to automate tasks that used to take skilled humans weeks.

Self-modifying malware can adapt in real time, making detection harder.

Examples include PROMPTFLUX and PROMPTSTEAL, which use AI to generate code or reconnaissance commands dynamically.

Rising espionage

State-sponsored groups are using AI models to run autonomous cyber espionage campaigns targeting multiple organizations simultaneously.

This shows that AI is now a tool for large-scale, automated attacks.

Defensive advantages

Security teams can also use AI to speed up threat detection, analyze anomalies, and improve response times.

The key is balancing automation with oversight to avoid blind spots.

Strategic shift for CISOs

Security leaders must now consider AI-augmented attacks as the baseline threat.

Human adversaries remain, but AI-driven attacks require new strategies, monitoring, and rapid adaptation.

Conclusion

AI acts as a double-edged sword in cybersecurity, empowering defenses while enabling more sophisticated and automated attacks, making proactive planning essential for leaders.

When we hear "attacks on Operational Technology (OT)" some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s.

Is this space always so spectacular or are there less "kaboom" style attacks we are more concerned about in practice?

Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to integrate cloud services for things like data analytics or remote monitoring?

How is the shift to cloud connectivity - for things like data analytics, centralized management, and remote access - changing the security posture of these systems?

What's a real-world example of a positive security outcome you've seen as a direct result of this cloud adoption?

How do the Tactics, Techniques, and Procedures outlined in the MITRE ATT&CK for ICS (https://attack.mitre.org/matrices/ics/) framework change or evolve when attackers can leverage cloud-based reconnaissance and command-and-control infrastructure to target OT networks?

OT environments are generating vast amounts of operational data. What is interesting for OT Detection and Response (D&R)?

Corporate cloud file-sharing platforms are under attack, raising concerns for data security across multiple industries.

Rising theft risk

A threat actor called Zestix is selling data stolen from companies using ShareFile, Nextcloud, and OwnCloud.

Access is often gained through malware like RedLine, Lumma, and Vidar on employee devices.

These malware programs steal credentials and other sensitive information.

How attackers exploit gaps

Without multi-factor authentication, stolen credentials let attackers log in to cloud services easily.

Some credentials have been exposed for years, showing weak rotation and session management practices.

Scope of exposure

Victims span sectors including aviation, defense, healthcare, utilities, mass transit, telecom, legal, real estate, and government.

Stolen files may include aircraft manuals, engineering documents, health records, ERP source code, and government contracts, posing risks to security, privacy, and national interests.

Systemic issues

Many breaches highlight poor security hygiene across organizations.

Thousands of infected computers have been identified, including at large companies like Deloitte, KPMG, Samsung, Honeywell, and Walmart.

Prevention steps

Organizations need strong access controls, routine credential rotation, multi-factor authentication, and monitoring to prevent unauthorized access and protect sensitive data.

The wave of cloud file-sharing attacks underscores the urgent need for consistent and robust security practices.

European security teams are facing challenges turning compliance rules into daily practices, creating gaps between policy and operations.

AI incident response falls behind

Many organizations struggle to detect and respond to AI anomalies. Adoption of AI-specific monitoring and training data recovery is lower in France, Germany, and the UK compared to global averages.

Teams often lack processes for investigating AI behavior, data drift, or model issues.

Supply chain visibility is limited

Tracking software components and using secure development practices is uneven.

Many organizations cannot fully see third-party libraries or APIs, increasing risk across development pipelines.

Third-party coordination is weak

Joint incident response with vendors is rare.

Few organizations maintain formal playbooks to handle incidents involving suppliers, making collaboration during breaches inconsistent.

Compliance remains manual

Automation of compliance tasks is limited.

Manual processes slow evidence collection during audits and regulatory checks, making it harder to demonstrate adherence to GDPR and AI regulations.

Cross-border AI risks under-addressed

Mechanisms for managing AI vendor risk across borders are underused.

Adoption rates for cross-border data handling are far below global leaders, leaving organizations exposed.

Conclusion

Strong policies exist, but operational gaps leave European security teams vulnerable.

Closing these gaps requires AI-aware incident response, better supply chain oversight, coordinated third-party plans, automated compliance, and dedicated cross-border risk management.

Manufacturers face rising cyber risks as AI and cloud systems become central to production.

Production Disruptions Highlight Risks
In August, Jaguar Land Rover halted production for a month after a cyberattack, costing over $900 million when combining operational losses and cybersecurity expenses.

The shutdown also threatened suppliers and workers dependent on the factory’s output. Such incidents are becoming more frequent as manufacturing processes move online.

AI and Cloud Increase Vulnerabilities
Many manufacturers adopt AI and cloud systems for efficiency and reduced labor needs.

However, legacy infrastructure often lacks built-in cybersecurity, leaving gaps that attackers can exploit.

Experts warn that AI and cloud adoption broadens the attack surface, especially with interconnected machines, third-party software, and vendor data access.

Data Protection and Cyber Hygiene
Manufacturers are urged to treat AI datasets as sensitive assets.

Key strategies include encryption, strict access controls, vendor monitoring, and clear guidelines on what data can be uploaded.

Segmentation between IT, operational, and cloud systems helps prevent breaches from cascading across facilities.

Balancing Cost and Security
High costs deter full security implementations, but spending alone doesn’t guarantee safety.

Manufacturers must weigh the risk of attacks against investments in security, ensuring measures grow alongside technological adoption.

Strong cybersecurity practices are now essential to protect manufacturing operations as digital systems become deeply integrated.