The CEO of Nokia, on the eve of being purchased by Microsoft, said “we didn’t do anything wrong but somehow, we lost.” These words describe the reality businesses face: embrace change or get left behind. The same is true for CISOs, particularly in the rapidly evolving AI economy.
The Roots of an AI-First Strategy in Cyber
Let’s look at the digital (r)evolutions that brought us to the AI economy. Each evolution brought benefits, including new efficiencies, capabilities, and competitive advantages. The underlying technologies also brought new security risks and threats:
- Software & SaaS Era (1990s–2010s): This period saw automation, increased productivity, and scalable cloud services. However, it also introduced large-scale data breaches, mobile malware, and new attack surfaces.
- Cloud-Native Era (2010s–2020s): The rise of cloud computing accelerated time to market and operational agility, while bringing API attacks, supply chain threats, and mobile fraud.
- AI-Native Era (2020s–Present): AI is booming, delivering the biggest impact yet. AI is revolutionizing decision-making, automation, and hyper-personalization. However, it is also fueling AI-powered fraud, deepfake scams, and automated cyberattacks.
Despite these shifts, cybersecurity remains stuck in the cloud-native and software era. Cyber functions have not yet declared 2025 to become AI-native – but they should.
AI-Native Threats are Real & Growing
AI introduces threats more sophisticated than ever. Some of the most pressing concerns include:
- AI-Powered Cyberattacks: Attackers use AI to automate social engineering scams, generate malware that adapts, and even mimic user behaviors for phishing campaigns.
- Deepfake and Synthetic Fraud: AI-generated deepfakes manipulate voice, video, and text to deceive facial recognition, trick executives, and spread disinformation.
- Autonomous Hacking Tools: AI-driven attack engines test for vulnerabilities, exploit them, and adapt faster than human attackers.
- AI-Made Bias and Manipulation: AI manipulates financial markets, spreads political propaganda, and interferes with decision-making through fake data.
Attackers have embraced AI as their weapon of choice. Defenders must do the same. AI-driven threats magnify existing risks, increasing attack speed, variety, and impact.
CISO’s cannot afford to treat AI as an “LLM” or “data leakage” problem. To counteract AI-powered threats, cyber functions must embed AI into their core operations, using AI to code, build, measure, and mitigate threats in real time. They must embrace AI-native platforms to stay ahead of rapidly evolving threats.
The Big Difference with AI Threats
Unlike previous digital evolutions, AI is not just another attack surface—it is now the attack platform itself. In other words, AI is the source of attack more than it is the target. Secondly, cyber functions remain understaffed and rely on manual work and external teams to deliver defense. This dependency conflicts with the business teams that are racing to embrace AI.
Starting in 2025, cyber needs an AI-native strategy that includes:
- Hyper Automation of Cyber Delivery: Cyber teams rely on IT, DevOps, and external security vendors for implementation and enforcement – creating delays. AI-native solutions enable hyper automation, faster deployment and better control. They also extend security across mobile, VR and other digital spaces.
- Pre-Emptive Threat Management: AI already enhances fraud detection, but its true potential lies in preventing threats before they emerge. Manual defenses can’t keep up with AI-driven attacks. AI-native security automates threat detection, fraud prevention and real-time incident response.
- Combating AI-Generated Threats: Organizations must match the attacker’s AI-driven assault. AI-native defense can protect every attack vector—users, apps, authentication, networks, and systems better and faster than any manual approach. Static defenses cannot keep pace. Security updates must occur at AI speed.
- Eliminating Friction in SecOps & DevSecOps: AI optimizes security workflows, reducing manual work, decision making, and validation. AI should fully automate security in software development and decision-making, compliance, detection, and response in production. Security must keep pace with AI adoption across the enterprise.
Final Thoughts: Don’t Fight AI—Embrace AI
As cyber threats scale exponentially, cybersecurity teams across all functions must leverage AI’s efficiency and adaptability. AI amplifies cyber threats, creating new attack vectors at unprecedented speed. Cyber teams that resist AI-Native defenses risk being outpaced by AI-driven adversaries, butting the business at substantial risk.
Cyber teams must move past AI and LLM risk evaluations and transition to AI-native cyber defense models. The lesson from Nokia’s downfall is clear: move too slowly, and obsolescence is inevitable.
About the Author
Tom Tovar is the co-creator and CEO of Appdome – the industry’s first platform to automate mobile app protection. A growth entrepreneur and technology leader, Tom has a passion for building products that dramatically improve life and work. At Appdome, his mission is to secure the mobile app economy from the ground up while pioneering a new era of DevSecOps platforms designed to deliver more protection with less work and protect mobile apps, mobile customers, and mobile businesses faster and easier for everyone. Tom can be reached at the Appdome company website, www.appdome.com.
