Michael Bargury

Security research, hacking, AppSec, primarily focused on AI agents.

8 minute read

The Edge Logo

Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Move Fast and Break the Enterprise With AI

The tantalizing promise of true artificial intelligence, or at least decent machine learning, has whipped into a gallop large organizations not built for speed.

Picture of Michael Bargury

Michael Bargury, CTO & Co-Founder, Zenity

January 23, 2024

4 Min Read

Jockeys race four horses down a racetrack, crops raised

Source: Michael Turner via Alamy Stock Photo

LinkedinFacebookTwitterRedditEmail

COMMENTARY

Working for a large enterprise for many years often leaves you with a strong feeling that everything will forever stay the same. Sure, some things change, even drastically. There are ups and downs, reorgs on a regular cadence, and sometimes companies even reinvent and rejuvenate themselves like Satya Nadella’s Microsoft did in recent years. But most things stay the same, and culture runs deep. There is an inherent unwillingness to change; after all, these are large, successful enterprises — why change?

Security professionals often reach a point in their careers where they look back and ask: Have we made any progress? Are organizations really more secure today than they were 20 years ago? Sure, the threat landscape is different, but so is the amount of money and, more importantly, mindshare being spent on security throughout the industry. Even with all of that, some things never change. We have evergreen sayings, like “developers don’t care about security,” “you can’t secure the perimeter,” “x is the new perimeter,” and my personal (un)favorite, “users are the weakest link.”

Securing a large enterprise means having to deal with the problems of a large enterprise, which, as stated above, has a basic unwillingness to change.

Until it does.

Changing at the Speed of AI

Enter artificial intelligence (AI). Emboldened by the technology’s promise of changing all industries, large enterprises are mobilizing their AI initiatives at lightning speed. It’s been incredible (and frightening) to see how fast Microsoft and others, including Salesforce, Google, and Amazon, have pushed AI directly into their core enterprise offerings. They do this despite knowing that AI has serious problems that no one can really solve yet, like alignment with human values and safety risks. They do this because their customers — the entire enterprise market — are eager to adopt the bleeding edge to get one up on their competition.

Whether you are an AI enthusiast or an AI skeptic doesn’t matter at this point. The winds of change are blowing, and an opportunity has opened up in which enterprises are willing to risk their core competencies to reap the rewards of AI before their competitors do.

Breaking the Enterprise

The most significant advancement in enterprise AI is business Copilots. Every large Microsoft shop is looking into Microsoft 365 Copilot to seek fulfillment of the promise of a huge productivity boost. Google, AWS, and Salesforce have released their own versions: Duet AI, Amazon Q, and Einstein, respectively. They’re doing this because they see a huge value to be gained. This idea of a Copilot also completely breakskey assumptions about how an enterprise operates.

  • Breaking permissions. To service my requests, my personal corporate AI needs to munch through all of the data I can access in order to index it so that it’s available for query. Pretty soon we can expect it to train on the previous conversation I had with it. Now let’s consider what happens when I move to a different role in the company or somebody removes my access. Can we remove that knowledge from the AI’s neural network? That does not seem to be an existing capability of models today. Maybe tomorrow?

  • Breaking data boundaries. If a single AI can answer questions across all of my corporate data access, it is difficult to see how data boundaries could be maintained. Every control we put in front of data becomes meaningless, when the AI can read the data and write it infinite times from its “memory.”

  • Breaking activity monitoring. We’re used to monitoring user activity to find snooping employees or distinguish between human and scripted behavior. When AI works by user impersonation and has to touch every piece of data to which I have access to build an index, does anomalous access mean anything anymore?

These problems might have solutions right around the corner, or they might be insurmountable in AI’s current form and require a fundamental rethink. But one thing is clear: The problems have not been solved, yet we’re moving forward anyway. And that is bound to be interesting.

LinkedinFacebookTwitterRedditEmail

About the Author

Michael Bargury

Michael Bargury

CTO & Co-Founder, Zenity

Michael Bargury is an industry expert in cybersecurity focused on cloud security, SaaS security, and AppSec. Michael is the CTO and co-founder of Zenity.io, a startup that enables security governance for low-code/no-code enterprise applications without disrupting business. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC, Dynamics, and confidential computing. Michael holds 15 patents in the field of cybersecurity and a BSc in Mathematics and Computer Science from Tel Aviv University. Michael is leading the OWASP community effort on low-code/no-code security.

See more from Michael Bargury

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

More Insights

Webinars

More Webinars

Events

More Events

You May Also Like

Cyber Risk

How CISOs Can Effectively Communicate Cyber-Risk

Cyber Risk

Ransomware Gangs Pummel Southeast Asia

Cyber Risk

India’s Critical Infrastructure Suffers Spike in Cyberattacks

Cyber Risk

NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

Edge Picks

thumbnail Cyber Risk

Browser Extensions Pose Heightened, but Manageable, Security Risks Browser Extensions Pose Heightened, but Manageable, Security Risks

URL bar of a browser showing part of a website address Endpoint Security

Gartner: Secure Enterprise Browser Adoption to Hit 25% by 2028 Gartner: Secure Enterprise Browser Adoption to Hit 25% by 2028

Icons for Chrome, Edge, and Firefox browsers on a screen Endpoint Security

ClickFix Spin-Off Attack Bypasses Key Browser Safeguards ClickFix Spin-Off Attack Bypasses Key Browser Safeguards

Stream of 0s and 1s running alongside padlock icons Endpoint Security

Extension Poisoning Campaign Highlights Gaps in Browser Security Extension Poisoning Campaign Highlights Gaps in Browser Security

Latest Articles in The Edge

5 Min Read

5 Min Read

6 Min Read

2 Min Read

Read More The Edge

Cookies Button

About Cookies On This Site

We and our partners use cookies to enhance your website experience, learn how our site is used, offer personalised features, measure the effectiveness of our services, and tailor content and ads to your interests while you navigate on the web or interact with us across devices. By clicking “Continue” or continuing to browse our site you are agreeing to our and our partners use of cookies. For more information see Privacy Policy

CONTINUE

Company Logo

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

More information

Allow All

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.    You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

Always Active

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.    All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Functional Cookies

Always Active

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.    If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

Always Active

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Back Button

Search Icon

Filter Icon

Clear

checkbox labellabel

ApplyCancel

ConsentLeg.Interest

checkbox labellabel

checkbox labellabel

checkbox labellabel

Confirm My Choices

Powered by Onetrust

Updated:

You May Also Enjoy