BUSINESS STRATEGY
Faced with this escalating threat, the role of defenders is undergoing radical transformation. Haider Pasha, Chief Security Officer for EMEA and LATAM at Palo Alto Networks, believes the only way forward is through strategic consolidation, automation and a fundamental shift in how cybersecurity is understood.
“ This is no longer a tools issue – it’ s a mindset issue,” Pasha said in a recent conversation as part of the CXO Vision Series. He went on to discuss what AI means for both attackers and defenders:“ Cybersecurity can’ t be managed with 80 siloed tools. Defenders need unified, AI-powered platforms that think and act faster than the threats they’ re facing.”
He explained that most people believe AI benefits attackers more than defenders, however, he disagrees. He believes this could be the case if we change how we approach security.
AI is accelerating the attacker’ s playbook
From phishing to deepfakes, AI is proving to be a multiplier for threat actors – enhancing speed, scale and sophistication in equal measure.
“ On the attacker side, they’ re using AI,” Pasha explained.“ Take phishing: a perfectly crafted email dramatically increases success rates. Now, attackers can scale those campaigns to thousands, quickly and efficiently.”
Pasha also highlighted deepfake threats, citing the growing concern surrounding video and voice impersonation.“ We’ ve seen this already – voice deepfakes being used to impersonate executives. People are asking,‘ Can we even stop these attacks?’ The answer is yes, but we need the right capabilities and mindset.”
Another key concern is AI-enhanced social engineering, where attackers aren’ t just sending emails – they’ re using cloned voices or audio prompts to manipulate victims via phone calls.“ It’ s not just deepfake anymore. It’ s real-time, interactive deception. You get a call, you hear a voice you recognise – and it’ s not who you think it is.”
Adversarial AI: Bypassing detection and poisoning models
Among the more advanced threats, adversarial AI stands out as a notable example. This refers to the use of AI to bypass or mislead existing detection systems.
“ If you use AI the right – or wrong – way, you can evade AI-based security controls,” said Pasha.“ Attackers can quickly analyse vulnerabilities and develop exploits designed to slip past even AI defences.”
He also highlighted the risk of automated, adaptive malware, explaining that attackers can now generate unique variants for each target – what he calls‘ 100 different zero-day malware for 100 victims’.
“ This level of personalisation wasn’ t feasible before. Now it’ s possible at speed – and that’ s the game-changer.”
Why platformisation is the only way forward
For defenders, the traditional model – managing dozens of disparate security tools – is no longer sustainable. Pasha cited a recent joint study revealing that mid-to-large organisations run, on average, 83 security tools across 29 vendors.“ You can’ t plug every hole with a different product,” he said.“ You need to consolidate, integrate and move towards a platform-based approach – one that is natively intelligent, AIpowered and outcome-driven.”
Pasha outlines what this looks like in practice: not just stitching tools together but embedding Machine Learning and GenAI into a unified system that can analyse, prevent and respond in real-time.“ It’ s about autonomous cybersecurity – real-time decisions, not reactionary workflows. The AI must be part of the platform, not an add-on.”
He references customers using Palo Alto Networks’ XDR and XSIAM platforms, particularly a major healthcare provider that reduced its mean time to detect and respond from days to just 14 minutes while drastically cutting operational overhead.
SOC modernisation and the skills gap
The challenge is not only technological but human. Security teams are overwhelmed, short-staffed and often fighting yesterday’ s battles.
“ Most traditional SOCs are still working through alerts manually, across too many tools,” said Pasha.“ That doesn’ t work when threats are automated.”
The key, he says, is to use AI not just for detection but across the full incident lifecycle
26 www. intelligentcxo. com