Amid theclamor of AI advancement and cyber incursions, examining the thoughts of a Current Information Security Officer (CISO) as they navigate the mix.

Amid theclamor of AI advancement and cyber incursions, examining the thoughts of a Current Information Security Officer (CISO) as they navigate the mix.

In the rapidly evolving landscape of artificial intelligence (AI) and hybrid cloud environments, Chief Information Security Officers (CISOs) face unique challenges in safeguarding critical systems. A new report from GSpeech offers key strategies for CISOs to navigate this complex terrain.

First and foremost, CISOs are advised to adopt "secure by design" principles, ensuring that AI systems and hybrid cloud architectures are built with security at their core. This approach, emphasised in the federal AI Action Plan, encourages critical infrastructure providers to leverage AI while recognising its risks and building robust, resilient designs.

Another crucial strategy is the use of AI-enabled cyber defences. AI can provide faster detection, response, and mitigation of attacks, making it an effective tool against rapidly evolving cyber threats. CISOs are urged to deploy AI-driven security tools that can operate at scale and provide predictive threat insights.

Modernising and investing in infrastructure is also essential. Supporting AI workloads and hybrid cloud environments requires upgrades to network infrastructure to handle ultra-low latency and high throughput demands. With nearly all IT leaders viewing modernised networks as essential for deploying AI and cloud, increased investments are expected.

Collaboration across sectors is another vital component. As federal support for critical infrastructure cybersecurity reportedly diminishes, CISOs must collaborate closely with internal teams, industry partners, and local/state governments to share risk intelligence and coordinate resilience efforts.

CISOs also need to focus on operational technology (OT) security, as digitisation expands into OT systems in energy, healthcare, and other sectors, making these environments targets for AI-enhanced cyberattacks. Integrating OT security practices into the overall strategy is crucial to protect critical infrastructure.

Compliance and governance are equally important, as CISOs navigate evolving security regulations such as the EU’s Digital Operational Resilience Act and FTC rules, particularly in hybrid cloud contexts where data and workloads span multiple jurisdictions and platforms.

To regain control in an evolving environment, CISOs need to focus on gaining complete visibility into all data in motion, including lateral East-West traffic, encrypted flows, and AI-specific behaviours. The key to achieving this visibility lies in network-derived telemetry in the form of packets, flows, and metadata, when fused with log data.

However, the adoption of AI tools and language models (LLMs) in hybrid cloud infrastructure has led to an unprecedented spike in data volumes, with one in three organisations reporting a doubling of network traffic. This exponential data flow is overwhelming systems and exposing cracks in cloud visibility and threat detection.

Threat actors are exploiting these inconsistencies, with nearly half of organisations seeing a rise in attacks specifically targeting LLMs, and over half seeing an increase in AI-powered ransomware. Public cloud, once seen as an innovation champion, is now identified as the greatest security risk by 75% of CISOs.

The roadmap for CISOs in the AI-driven era includes making visibility foundational, not optional, and strategically shifting the approach to cloud and AI security. CISOs have a unique opportunity to lead the AI transformation by championing visibility, aligning cybersecurity with the evolving realities of AI, and translating risk into strategic language the board understands.

AI security is now a board-level priority, providing a powerful opportunity for CISOs to reframe their initiatives. Security leaders need to ensure security is embedded in AI initiatives from day one, account for shadow AI usage, and use AI to empower security teams, providing real-time visibility into all GenAI and LLM traffic and helping with incident investigation and automation.

The future of cybersecurity lies in simultaneously embracing and operationalising AI-responsibly, intelligently, and with purpose. CISOs should be involved in developing the framework for AI, working with teams to define acceptable use, risk thresholds, and governance policies. The shift in the threat landscape is leading CISOs to recalibrate their cybersecurity strategies and shift mindsets from "keeping up" to "leading."

1. With the expanding use of AI and hybrid cloud environments, it's essential for CISOs to deploy AI-driven security tools that can proactively detect, respond, and mitigate cyber threats, thereby utilizing AI technology to strengthen cybersecurity.
2. In the era of AI-driven technology, CISOs must prioritize gaining complete visibility into all data, including AI-specific behaviors, by leveraging network-derived telemetry and strategically shifting the approach to cloud and AI security, to address the unprecedented spike in data volumes and maintain control in an evolving landscape.

Read also: