With AI-powered attacks becoming faster and more sophisticated, organisations must rethink security strategies and deploy AI-driven defences, says Gaurav Agarwal
As Vice President of Technology at IBM India & South Asia, Agarwal has watched artificial intelligence quietly redraw the boundaries of what a cyberattack looks like. Speaking to The Indian Express, he was direct about what that means for companies still thinking in terms of firewalls and perimeter defence. “AI can attack at scale and with unprecedented velocity,” he said. When your attacker does not sleep, does not get tired, and does not need to guess passwords because it already has them, the idea of a secure boundary starts to look like wishful thinking.
Identity Is the New Battleground
With organizations embracing the cloud, remote work, and AI agents, the traditional notion of maintaining a perimeter or “defended” borders has lost relevance. Cyber criminals do not break into enterprises but enter with valid credentials. IBM’s Threat Intelligence Report confirms that the primary mode of cyber attacks (i.e., breaches) is through login credentials obtained through one of the two most commonly exploited vectors: stolen or compromised credentials and public-facing applications.
AI Agents Open a New Front
In an environment where identity is now a key factor of your security posture and does not simply represent one piece of the overall security puzzle, organizations must implement appropriate access and governance controls for autonomous AI agent (“agent”) software that operates independently and across an organization’s multiple applications/systems. They must ensure that all agents operate with sufficient access privileges as defined by their corresponding governance models and can also be monitored and controlled.
The Counterintuitive Answer
The solution to AI-powered attacks, Agarwal argues, is more AI — deployed defensively, before someone else forces your hand. “Clean your house before somebody else forces you to clean it,” he said. That means using AI tools to proactively identify vulnerabilities rather than waiting for a breach to reveal them.
Where Humans Must Stay in Charge
While this does not entail providing an agent with the keys to the castle, for any business-critical decision, human involvement must always be present. “Human decision-making must always be part of enterprise-critical decisions,” stated Agarwal. As Indian organizations pursue a rapid adoption of AI technology, Agarwal pointed out two major areas that require additional attention and focus — the use of consumer-oriented AI tools by employees on sensitive business processes and the hidden risks arising from supply chain vulnerabilities. Agarwal recommends three primary means to minimize these risks across an organization: deploy both hybrid technologies and governance frameworks in a manner that each is designed to be woven together, mitigate supply chain vulnerabilities, and establish the required four foundational elements of governance frameworks prior to implementing autonomy.



