Cybersecurity in the Age of AI: What Tech Leaders Need to Know Now
Operations Specialist Christopher Hughes unpacks why cybersecurity is no longer just an IT concern, but a CEO-level imperative.
At MTLC’s Innovation unConference on June 13th, one of the final sessions of the day featured cybersecurity in the AI era, which served as both a wake-up call and a blueprint for what comes next, not only for the sector, but for all enterprises and businesses. The takeaway was clear: AI is accelerating threats faster than most companies can respond, and many of the tools we rely on are outdated.
Here are the key takeaways and what they mean for tech leaders:
1. AI helps the attackers more than the defenders
AI adds fuel to the fire. Attackers are now using small, specialized language models trained specifically to exploit your systems. These models are paired with human expertise to generate adaptive, persistent, and highly targeted attacks. The volume, speed, and sophistication have all increased and traditional defenses are struggling to keep up.
2. Penetration testing needs to evolve
Most companies only do penetration testing once a year. That is no longer enough (if it ever was). Think of it like brushing your teeth or any other hygiene practice. Once a year doesn’t cut it. You need to implement continuous cyber hygiene, with tools that can monitor, test, and prioritize vulnerabilities in real time. A 128-page vulnerability report may look impressive, but if it doesn’t tell you what to fix first and how to fix it, it’s not actionable. Focus on and execute your top 3-5 priorities.
3. Automated and autonomous remediation is coming
With the rise in threats, companies will need to move toward systems that can not only detect vulnerabilities but fix them. Some solutions are already integrating recipes or “playbooks” for remediation. The next step is systems that execute fixes automatically, with a human reviewing and approving changes. Eventually, some responses may need to be fully autonomous, especially in high-stakes, high-volume environments.
4. Supply chain vulnerabilities are real, and widespread
Attacks are increasingly coming through the backdoor—often through third-party vendors, outdated components, or even hardware that looks benign but is quietly sending data overseas. Companies need to go beyond securing their own systems and start testing and securing their suppliers too.
5. Assume breach, and plan accordingly
Perhaps the most repeated piece of advice in this session: assume you have already been breached. Build systems and policies that reflect that mindset. Run exercises. Do tabletop simulations. Think through how you would respond to a major attack before it happens. Speed and clarity in those first moments can determine whether you recover or not.
6. Cybercrime is now a business model
Forget the image of a lone hacker in the basement. Today’s threats often come from state-backed groups working with criminal enterprises. Ransomware demands are now calculated as a percentage of your top-line revenue. These groups know your cyber insurance limits. They know your vendors. They may already be inside your systems, waiting for the right moment.
7. Policy and culture still matter
Technology alone is not enough. Internal policies, like requiring multi-person verification for financial changes, can prevent major breaches. Many recent attacks could have been stopped with basic procedural checks.
Cybersecurity used to be just an IT issue. It is now a leadership issue that impacts everyone from the CEO on down. If you’re not prioritizing it, you’re already behind and vulnerable.
These insights came from a session at MTLC’s 2025 Innovation unConference.