Alex - stock.adobe.com
News brief: Gartner Security and Risk Management Summit recap
Check out the latest security news from the Informa TechTarget team.
The Gartner Security & Risk Management Summit took place this week in National Harbor, Md. Over three days, presenters covered perennial concerns and the industry's hottest topics, including security operations center optimization, AI, CISO strategy, AI, third-party risk management, AI, zero trust and a little more AI.
Monday's keynote kicked off the show with a discussion around "hyped technologies" -- ahem, AI -- and how CISOs face the unique challenge of protecting enterprise AI investments while simultaneously protecting organizations from AI risks.
"Cyberincidents associated with explorative technology are now hitting the bottom line, so executives are paying attention to cybersecurity," said Leigh McMullen, an analyst at Gartner. "Becoming students of hype can really help CISOs further their own agendas under this scrutiny."
McMullen and fellow keynote speaker and Gartner analyst Katell Thielemann offered advice on how CISOs can do this: be mission-aligned, innovation-ready and change-agile.
Read more on the keynote and other Summit presentations.
CISOs tasked with ensuring AI success and battling AI risk
In their keynote, McMullen and Thielemann noted that 74% of CEOs believe generative AI (GenAI) will significantly affect their industries, with 84% planning to increase AI investments. At the same time, 85% of CEOs said cybersecurity is critical to growth, and 87% of tech leaders are increasing cybersecurity funding.
The analysts recommended CISOs use "mission-aligned transparency" through protection-level agreements and outcome-driven metrics to facilitate fact-based conversations around security investments rather than fear-driven decisions.
McMullen and Thielemann said security teams should develop AI literacy, experiment with AI security applications and adapt incident response procedures for AI-specific risks.
Agentic AI is on the rise, and so are its risks
Interest in agentic AI is surging despite security concerns. A recent Gartner poll revealed 24% of CIOs and IT leaders have deployed AI agents, and more than 50% are researching or experimenting with the technology.
Agentic AI, which features agents with "memory" that make decisions based on previous behavior, is being integrated into security operations centers (SOCs) to handle repetitive tasks in vulnerability remediation, compliance and threat detection.
However, security experts warned of significant risks, including prompt injections and permission misuse. Rich Campagna, senior vice president of products at Palo Alto Networks, highlighted concerns about "memory manipulation" attacks, while Marla Hay, vice president of product management for security, privacy and data protection at Salesforce, said the company is focusing on implementing zero trust and least privileged access for AI agents.
In response, "guardian agents" are emerging to monitor other AI agents, with Gartner predicting they will represent 10%-15% of the AI agent market by 2030.
One major AI security fear thwarted -- for now
Gartner analyst Peter Firstbrook said during his presentation that while GenAI is enhancing adversaries' capabilities, it hasn't yet introduced novel attack techniques nor resulted in the expected explosion of deepfake threats -- yet, anyway.
Firstbrook noted that AI significantly aids in malware development -- for example, improving social engineering schemes and automating attacks -- and is now being used to create new malware, such as remote access Trojans. But to date, it hasn't resulted in entirely new attack techniques.
As it stands, AI's main threat lies in automating and scaling attacks, potentially making them more profitable through increased volume, though entirely new attack techniques remain rare.
Code provenance key to preventing supply chain attacks
GitHub Director of Product Management Jennifer Schelkopf highlighted how code provenance awareness can prevent supply chain attacks, which 45% of organizations will experience by year-end.
Referencing the SolarWinds and Log4Shell incidents, she emphasized the dangers of "implicit trust" in development workflows. She recommended using the Supply-chain Levels for Software Artifacts (SLSA) framework, which establishes standards for software integrity through artifact attestation -- documenting what was built, its origin, production method, creation time and authorization.
Schelkopf also discussed how open source tools help, such as Sigstore, which automates signing and verification processes, and OPA Gatekeeper, which enforces policies at deployment. The SLSA framework and open source tools create digital paper trails that might have prevented previous supply chain breaches.
AI agents complement, but don't replace, humans in the SOC
Experts discussed how AI is transforming SOCs while emphasizing that human oversight remains essential. AI agents can automate repetitive SOC tasks and help with information searches, code writing and report summarization, but cannot yet replace human expertise in understanding unique network configurations.
Hammad Rajjoub, director of technical product marketing at Microsoft, predicted rapid advancement, suggesting AI agents will reason independently within six months and modify their instructions within two years.
Anton Chuvakin, senior staff security consultant in the Office of the CISO at Google Cloud, and Gartner analyst Pete Shoard cautioned, however, that AI-generated content requires human review. Dennis Xu, Gartner research vice president, also proposed using "agents to monitor agents" as human oversight becomes increasingly challenging.
Columns from Gartner analysts
- Analyst Bill Dupre explains how to implement effective app and API security controls.
- Analyst Pete Shoard discusses how to create a compelling SOC narrative for executives.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of Informa TechTarget's SearchSecurity site.
