Sumit Dhawan

“The workspace has changed faster in the last two years than the previous twenty.” 

The agentic workspace is where people and AI agents work together across email, collaboration tools, SaaS, cloud, and data environments. AI agents do not just assist. They access data, make decisions, and execute tasks across systems. That expands both productivity and risk, which means security must now protect how work happens across people, agents, and data. 

“Security has to follow behavior and data, not infrastructure.” 

Agentic AI shifts cybersecurity from infrastructure-centric to identity, behavior, and data-centric models. Work now flows across users, agents, and systems, often outside traditional boundaries. Security must continuously verify access, monitor actions in real time, and enforce controls wherever data moves. 

“Attackers do not break systems. They exploit people, and now AI agents.” 

Human-centric security means protecting people as the primary attack surface. In an AI-driven environment, that extends to the behavior of both humans and AI agents. Security must focus on how users and agents interact with data, not just the systems they use. 

“You cannot secure the future of work without securing how people and AI interact with data.” 

The future of work is human and agentic. Security must protect both while maintaining control over how data is accessed, used, and shared. This requires a platform approach that unifies threat protection and data security across all channels. 

“AI is compressing time on both sides of the fight.” 

AI is accelerating attackers, enabling them to scale expertise and automate campaigns. It is also augmenting defenders by improving detection and response. At the same time, AI introduces agents as a new class of actors and increases data exposure. This shifts security from protecting infrastructure to protecting people, agents, and the data they interact with.

“Real-world threat intelligence is becoming the new competitive advantage.” 

Frontier AI models compress the time between vulnerability discovery and exploitation. Attackers can move faster, but defenders can also identify and fix risk earlier. The challenge is the shrinking window between discovery and response. The organizations that win are the ones that can see threats sooner and act faster. 

“Security is not being replaced. It is being redefined.” 

Traditional controls still matter, but they are no longer sufficient on their own. They must extend to identity, behavior, and data across humans, AI agents, and modern collaboration channels. 

“Signals tell you what happened. Intent tells you what happens next.” 

AI allows attackers to constantly change tactics, which makes static indicators less effective. Understanding intent requires analyzing behavior across users, agents, and data to detect when activity does not match expected patterns. That is how organizations move from reacting to predicting. 

“AI does not create new risk. It exposes the risk you already have.” 

The biggest gap is uncontrolled access to data. AI agents operate at speed and scale, often with broad permissions. Without strong data governance, they can expose sensitive information faster than traditional controls can respond. 

“Every AI system increases the surface area for data exposure.” 

The most urgent risk is data exposure. AI systems depend on access to large volumes of data, and each new agent expands the number of interactions with that data. Without strong controls, the risk of leakage and misuse grows quickly. 

“AI has made social engineering scalable.” 

Attackers can now generate highly personalized and convincing messages across email, voice, and collaboration tools at scale. What once required time and expertise can now be automated, increasing both the volume and effectiveness of attacks. 

“Prompt injection is social engineering for AI agents."

Prompt injection is a new attack vector that manipulates how AI systems interpret and act on instructions. It should be treated like phishing, with controls focused on validating inputs, limiting data access, and detecting abnormal behavior.

“If you do not understand your data, you cannot secure your AI.” 

Data governance becomes continuous and real time. Organizations need visibility into where data resides, who or what can access it, and how it is used across systems and agents. 

“If an agent can act for you, it must be secured like you.” 

CISOs should treat AI agents as high-speed, high-privilege identities. This requires strong identity controls, continuous monitoring of behavior, and strict governance of data access, along with the ability to detect when actions deviate from expected intent. 

“The goal is not to slow AI down. It is to make it safe to scale.” 

Organizations should enable AI with guardrails, not restrictions. That means embedding governance, data protection, and monitoring from the start so innovation can move forward without increasing unmanaged risk. 

“You cannot secure a modern environment with fragmented tools.” 

Fragmented security tools create blind spots and slow response times. Platform consolidation improves visibility, reduces complexity, and enables more effective defense across a rapidly expanding attack surface. 

“AI risk is business risk.” 

Boards should ask where AI is accessing sensitive data, how AI agents are governed, how quickly threats can be detected and contained, and whether controls prevent data loss before incidents occur. Clear answers to these questions indicate whether the organization is prepared to manage AI risk. 

“AI security is a leadership responsibility, not just a technical one.” 

The CEO must ensure that AI risk is treated as a core business issue. This includes setting priorities, aligning investment, and ensuring governance keeps pace with how quickly AI is being adopted. 

“AI security is a leadership responsibility, not just a technical one.” 

The CEO must ensure that AI risk is treated as a core business issue. This includes setting priorities, aligning investment, and ensuring governance keeps pace with how quickly AI is being adopted. 

“The SOC is shifting from alert management to intelligence-driven operations.” 

AI is automating triage, accelerating investigations, and improving response times across large volumes of alerts. This allows security teams to focus on higher-value analysis and proactive defense.