CISOs Must Take Charge Amid Rising AI Threats, Warns Sumit Dhawan
In early 2026, the cybersecurity landscape has evolved significantly compared to previous years, with an alarming increase in sophisticated threats. Sumit Dhawan, CEO of Proofpoint, highlights that the volume of these threats has surged, with social engineering tactics becoming more intricate and prevalent. The barriers of language and customer size have diminished, making it easier for attackers to exploit vulnerabilities. The rise of generative AI is suspected to be a key factor in this trend, as attackers leverage new technologies to enhance their strategies.
Insider risks are also on the rise, with individuals within organizations increasingly becoming conduits for information theft. This shift marks a departure from traditional external threats, as both state-sponsored actors and criminal networks exploit insiders to gain access to sensitive data. The digitization accelerated by the COVID-19 pandemic has made these risks more pronounced, as organizations become more interconnected and reliant on digital systems.
Another concerning trend is the exploitation of trust within supply chains. Attackers are targeting low-privileged users or suppliers, using lateral movement through communication channels rather than traditional network pathways. This tactic poses a significant challenge for organizations, as it complicates the detection and prevention of breaches.
The need for sophisticated protection has never been more critical. Dhawan emphasizes that basic security measures are no longer sufficient. Organizations must adopt advanced security solutions to defend against the evolving threat landscape. The recent cyberattack on a poultry producer in Australia, which resulted in production halts and supply shortages, underscores the real-world implications of these threats.
The emergence of initial access brokers complicates matters further. These brokers advertise access to networks with existing security measures, allowing threat actors to deploy malware that can circumvent endpoint protections. Even when endpoints detect threats, it may be too late, as the damage could already be done.
Concerns regarding agentic AI are also growing. Autonomous AI agents capable of executing social engineering attacks without human intervention present a new class of threats. The risk landscape expands as AI mimics human decision-making processes, which are inherently indeterministic. Dhawan notes that while humans apply context and analytics to solve problems, AI operates similarly, relying on language models to infer conclusions based on available data.
As AI systems become more sophisticated, the potential for error increases. The more AI interacts with other agents, the greater the risk of compromised decision-making. This indeterministic nature of AI poses challenges for traditional security measures, which are often based on deterministic protocols.
To address these challenges, Dhawan advocates for a protective framework akin to safeguarding human decision-making. Organizations should restrict access to AI systems, ensuring that only trusted individuals can interact with them. Additionally, AI activities must be monitored and governed by strict protocols to prevent unauthorized data access and manipulation.
Proofpoint has developed strategies to mitigate AI threats and risks, extending its platform to provide comprehensive protection against these emerging challenges. This approach includes treating AI as an insider risk, recognizing the unique vulnerabilities associated with AI systems.
CISOs face the daunting task of communicating these risks to their organizations’ leadership. Dhawan stresses the importance of CISOs taking charge of AI governance, as many are losing control to CIOs. Building AI governance programs that focus on data policy and technology enablement is essential. As organizations rapidly adopt AI technologies, CISOs must ensure that their strategies evolve to address the unique risks posed by AI.
The urgency for CISOs to act is compounded by the rapid pace of AI development. Organizations must adapt their security measures faster than they did for cloud technologies, as AI is advancing at an accelerated rate. The timeline for implementing security measures has drastically shortened, necessitating immediate action to safeguard against the evolving threat landscape.
As reported by www.cyberdaily.au.
