Collaboration Critical As Geopolitical Pressures, AI Reshape Cybersecurity
I’ve been thinking a lot about collaboration and how important it is—at many different levels—to cybersecurity. And now a study by the World Economic Forum (WEF) tracks that way underscores just how powerful—and necessary—collaboration is.
What Is Address Poisoning
I’ve been thinking a lot about collaboration and how important it is—at many different levels—to cybersecurity. And now a study by the World Economic Forum (WEF) tracks that way underscores just how powerful—and necessary—collaboration is. Despite the current geopolitical fragmentation and the pivot toward sovereignty as well as “a widening technological divide,” collaboration has become more important than ever, particularly as AI transforms cyber for both defenders and bad actors. The WEF’s Global Risks Report explores the “intersection of AI adoption and cyber readiness, and the emerging disparities that innovation creates.” As “unequal access to resources and expertise continues to widen cyber inequity,” WEF contends that “strengthening collective cyber resilience has become both an economic and a societal imperative.” Even amid fragmentation, economic strain and uncertainty, the researchers say, “collective action can drive progress for all.” Not surprisingly, AI is expected “to be the most significant driver of change in cybersecurity in the year ahead, according to 94% of survey respondents.” More importantly, it’s not just talk—that recognition “is translating into concrete action across organizations” with 64% of respondents currently assessing the security of AI tools, up from 37% in 2025. But respondents know that bad actors are serious about AI as well. Nearly nine of 10 (87%) say that AI-related vulnerabilities were “the fastest-growing cyber risk” in 2025. “Cyber technology is particularly susceptible to atrophy if it isn’t cared for and fed properly. AI-powered threat actors and machine-on-machine cyber warfare is now a reality,” says Hank Thomas, co-founder and CEO at Strategic Cyber Ventures. Calling it an “imperative that cyber tactics, techniques, procedures, and technology quickly innovate, collaborate with, and if needed, merge with other technologies to fill gaps in our defenses,” Thomas says, “if you wait too long to do this, the value of your security solution could quickly plummet towards zero. Going forward, “AI failures are poised to blur the line between technical and business risk in ways we haven’t seen before,” says Diana Kelley, CISO at Noma Security. Noting that “when an AI system confidently fabricates information or a chat agent insults a customer, organizations will need CISOs who understand both the technical failure mode and the potential business catastrophe it triggers,” Kelley says, “creating an entirely new security function just for AI doesn’t make sense, since AI will be woven throughout the entire business and separating IT security and AI security could lead to mis-matched policies and gaps in governance.” However, although “AI is powering a new generation of defensive tools, it also makes the types of attacks that were once the domain of only very experienced threat actors much more accessible,” says Seth Spergel, partner at Merlin Ventures. “As a result, organizations are seeing both nation-states and criminals probe their defenses at a significantly higher volume than we have seen in years past. Combine that with the geopolitical tensions we are witnessing around the world, and there is a clear driver for investing in the cybersecurity market,” Spergel says. As attackers shift from email and SMS into trusted environments like mobile apps, collaboration tools, and voice interfaces, “defenders are responding with behavioral biometrics, device-level and app-level anomaly detection, and cross-channel intelligence sharing to flag campaigns early,” says Dan Butzer, senior solutions architect at Zimperium. “To effectively mitigate increasingly sophisticated AI attacks, it is crucial to establish a high level of confidence that a genuine, fully legitimate, and untampered app is running on an authentic, unbroken device (not a hacked or emulated one), over a secure communication channel, and operated by a trusted human user (not an AI),” says Butzer. To meet the changes brought by AI, Kelley expects that most organizations “will integrate AI and IT security under the Global CISO who will augment capability by building specialized teams” and “we’ll see the continued rise of BISOs (Business Information Security Officers), TISOs (Technical Information Security Officers) and the addition of dedicated AI Security Officers leading domain-expert teams, all unified under one Office of the CISO with shared mission and accountability.” Geopolitics is also exerting influence on cybersecurity; in fact, it is a top factor affecting cyber risk mitigation strategies. Nearly two-thirds of organizations—64 percent—”are accounting for geopolitically motivated cyberattacks, such as disruption of critical infrastructure or espionage.” And even more, 91% of the largest entities have changed cybersecurity strategist as a result of geopolitical volatility. But as geopolitical volatility has increased, the confidence level in national cyber preparedness is on the decline. Nearly one-third (31%) have “low confidence in their nation’s ability to respond to major cyber incidents,” a modest but significant rise from the 26 percent who said the same last year. As can be expected, that confidence fluctuates according to region, with more (85%) in the Middle East and North Africa expressing a high degree of confidence that their country can protect critical infrastructure, compared to a paltry 13% in Latin America and the Caribbean. The C-Suite, CISOs, and CSOs must “look beyond siloed views of obviously privileged identities in individual systems and take a holistic view of the combinations of privileges, entitlements and roles that could be exploited by an attacker to elevate privilege, move laterally and inflict damage,” says James Maude, field CTO at BeyondTrust. The identity security debt accumulated by many organizations, Maude says, “represents a far greater risk than any other area as it only takes the attacker to login using the right identity and all is lost because of the paths to privilege that abound in their environment.”Tim Callan, chief compliance officer at Sectigo, expects the imminent death of “legacy technology stacks, forced upon organizations by post-quantum cryptographic preparations.” Those systems “rely on cryptographic algorithms, such as RSA and ECC, however, as the push for PQC standards is adopted, these older systems will struggle to integrate new algorithms, leading to obsolescence or requiring a significant overhaul of existing technology.” Those organizations that insist on “holding on to legacy technology infrastructures will be forced to confront the limitations of their outdated infrastructures,” he says. “Organizations need to act now to carefully plan and execute their transition – while challenging – to ensure they remain secure and compliant in the quantum era.”
About Author
