As enterprises accelerate artificial intelligence (AI) adoption, cybersecurity is undergoing a structural reset. No longer confined to a defensive layer, security is now emerging as a core architectural pillar shaping how organisations design networks, deploy applications, and govern data. In an interaction with Dataquest (DQ), Ninad Katkar, Leader – Security, Cisco India & South Asia, unpacks how this shift is unfolding across enterprises and why identity, AI-native security, and platformisation are becoming foundational to the next phase of digital transformation.
From the convergence of networking and security to the rise of AI-driven threat landscapes and agentic systems, the discussion highlights a critical inflection point: enterprises must move beyond fragmented, reactive models towards unified, predictive, and AI-ready security architectures.
As AI systems become deeply embedded into enterprise infrastructure, how should organisations rethink traditional boundaries between networking and security? Is this convergence truly architectural or still incremental? What is your perspective?
I would say this is a very burning question, and let me explain why. Whenever I meet CXOs, for example, a CIO, they often bring in the CTO and the CISO into the same discussion. One unique difference I have observed is that these leaders are now working together. That is a clear indication that networking and security are no longer separate thought processes; they are a combined strategy.
Let me give you an example. Consider a pharmaceutical company where many plants have migrated to OT and IoT systems. These devices need to access SAP HANA and ERP systems. Now imagine it is month-end or quarter-end, and there is system slowness. At that moment, you cannot classify whether the issue is networking, connectivity, or security. You need a system that identifies the problem proactively rather than reactively.
This includes the network layer, the security layer, and the digital experience layer. What this means is that there has already been a fundamental architectural shift. Companies are no longer thinking about security in isolation; they are treating it as an embedded layer within the network itself. When they connect a plant to a data centre, security is built into that connection.
That is why, in discussions with CIOs or boards, both security and infrastructure teams are aligned. This architectural shift is already happening, and we will see even more of it in the coming years.
Enterprises are increasingly using AI for threat detection, but attackers are also leveraging AI. Are we entering a phase where cybersecurity becomes an AI-versus-AI battleground? How prepared are organisations for this escalation?
This question comes up frequently in discussions with CIOs. Earlier, most applications were hosted in data centres, with perimeter security protecting them. Users operated primarily from offices or branch locations, and security was designed around that.
Over time, this has changed significantly. Applications have moved from data centres to the cloud. Users have moved from offices to branches and then to homes. The pandemic introduced a new way of working work from anywhere. Today, very few organisations do not support remote work in some form. This has fundamentally altered the security posture.
Now, when applications move to the cloud, traditional perimeter security designed for data centres is no longer sufficient. Even if cloud security is implemented, the question remains, are these solutions integrated, or are they operating in silos?
At the same time, users are accessing systems from unknown networks and devices, especially with Bring Your Own Device (BYOD) policies. This significantly expands the attack surface. There are multiple endpoints, unknown workloads across data centres and cloud environments, and varying levels of control over devices.
Identity has therefore become critical. Earlier, identity was primarily about authentication. Today, if a single identity is compromised, it can lead to widespread access across systems, resulting in significant damage. Attackers are also evolving. With AI, they are discovering new attack vectors, including zero-day threats, which are becoming increasingly common. Agility in security is no longer optional, it is essential.
At the same time, organisations and OEMs are responding. Security is becoming more integrated across data centres and cloud environments. There is a shift towards platform-based security architectures powered by AI and machine learning, enabling better threat detection and response.
Another emerging challenge is the security of AI applications themselves. Visibility into which applications are being accessed is critical. Without that, organisations cannot ensure data protection. In summary, AI for security and security for AI has become a fundamental principle. Organisations must adopt both, or they risk falling behind.
In an agentic AI world, where autonomous systems can access data and make decisions, does identity become more critical than perimeter security? Are current identity frameworks equipped to handle non-human actors?
I recently spoke with a CXO from a pharmaceutical company who raised concerns about identity. Over the next 18–24 months, they plan to deploy multiple AI-driven applications and processes. Consider their dealer network. Today, dealers log into a portal and place orders, and the process flows through ERP, planning, finance, and dispatch systems. The organisation is now building agentic AI systems to automate this entire workflow without human intervention.
These agents will operate on dealer devices, which are not part of the organisation’s network. They will trigger orders based on inventory thresholds, interact with multiple systems, and make decisions autonomously. This changes the nature of identity completely. Traditional identity models focus on authentication, verifying who a user is. But in this scenario, we need continuous authorisation, context validation, and decision control.
One must know:
-
How many agentic AI systems exist.
-
Which human they are associated with.
-
What level of authorisation they have.
-
What context they operate in.
-
What decisions they are allowed to make.
This is not a one-time activity; it requires continuous monitoring. Identity is no longer static, it is dynamic and central to security in an AI-driven world.
As organisations accelerate AI adoption, are they underestimating security risks within models themselves, such as data leakage, model manipulation, or supply chain vulnerabilities?
The answer is yes. Any transformation or innovation inherently carries risk. While organisations focus on building AI capabilities, attackers are simultaneously exploring ways to exploit them.
For example, when developers download large language models (LLMs), the risks begin at that stage. The integrity and security of those models must be validated. Once data is fed into these models, organisations must conduct rigorous testing, including red teaming.
Further, when deploying AI applications across networks, infrastructure security becomes critical. Risks exist at every stage of the AI lifecycle, from model acquisition to deployment. Organisations must also consider whether rapid expansion is compromising security. The drive for consistent user experience across locations can sometimes introduce vulnerabilities. AI innovation is powerful, but it comes with significant security responsibilities. Ensuring robust protection across the lifecycle is essential.
Many enterprises still operate with fragmented security stacks. How realistic is it to move towards unified, AI-ready security architectures without overhauling legacy systems?
This is a common challenge. Transformation does not happen overnight. Organisations must first assess their current infrastructure and define their target state.
Typically, this is an 18–24 month journey with three phases:
-
Immediate actions to stabilise existing infrastructure and security.
-
Integration of new and legacy systems, while gradually retiring outdated components.
-
Full platformisation, where security is managed through a unified interface.
Today, organisations often have multiple security tools across data centres and endpoints. This creates complexity and impacts performance. The goal should be to reduce this fragmentation by consolidating solutions into a unified platform.
One critical area that requires immediate attention is identity. Historically overlooked, identity is now central to security. Without addressing identity, the entire security framework is at risk.
With increasing automation in security operations, how can organisations ensure that human oversight remains meaningful rather than becoming a checkbox in high-speed AI-driven environments?
In security operations, SIEM (Security Information and Event Management) systems collect and analyse data from multiple security tools. Traditionally, this process has been reactive—events occur first, and then teams respond.
However, in today’s environment, this is no longer sufficient. Organisations must adopt proactive, AI-driven approaches that can predict and prevent threats. While automation plays a key role, human intelligence remains critical. Humans design the systems, define response strategies, and validate outcomes.
In the future, AI systems may predict potential attacks based on patterns and data. However, ensuring the accuracy and reliability of these predictions will require human oversight. The balance between AI-driven automation and human judgement will define the next phase of cybersecurity.
Click Here For The Original Source.
