Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreie5yzw3tkyszupdgrpsayiszbkkvs5s4huhtpu622sfyomhqexosa",
    "uri": "at://did:plc:qz6ohvpdsdvv5kniizyfz25y/app.bsky.feed.post/3mktampxzds42"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreig5edzoblcjlyxzvprgnfbzz246aa7piofwwrv7wbcdspggretc7a"
    },
    "mimeType": "image/jpeg",
    "size": 159524
  },
  "path": "/article/4166061/while-you-embrace-ai-fix-this-fast.html",
  "publishedAt": "2026-05-01T17:13:39.000Z",
  "site": "https://www.cio.com",
  "tags": [
    "Artificial Intelligence, Security",
    "blog",
    "here"
  ],
  "textContent": "AI is here, enabling tangible and real-world use cases.\n\nBoards are talking about it. Teams are experimenting & deploying it. Roadmaps are being rewritten around it.\n\nBut there’s a hard truth most organizations are not always paying attention to:\n\n**If your foundation isn’t secure, AI will amplify your risk, not just your capability.**\n\nMuch of the discussion around AI security focuses on models, data, and governance. That’s critical, but something foundational is often missed or brought to light too late\n\nBefore you fully embrace AI and become fully operational with it, you need to answer two questions:\n\n**What resources can be reached from the Internet?\nWhat can move laterally in your enterprise?**\n\nIf you don’t control those two things, you will always be exposed to breaches.\n\n## **1. If you’re reachable, you’re breachable**\n\nAI doesn’t just introduce new capabilities; it also introduces new and faster ways to discover and exploit your infrastructure, which can happen accidentally or maliciously.\n\nAgents, automation, and modern tooling can continuously scan and profile IT environments at machine speed. What used to take time, skill, and persistence now happens by default and is accessible to a very broad, skilled, and unskilled but motivated adversarial audience.\n\nIf your applications or infrastructure are exposed, public IPs, open ports, reachable services, they are not just available. They are **visible, profitable, and targetable**.\n\nThat means:\n\n  * You are continuously being mapped\n  * Your posture is being analyzed\n  * Your weaknesses are being identified and exploited faster than ever\n\n\n\nThe reality is simple:\n\n**If something can be reached, it can be profiled. If it can be profiled, it can be exploited and breached, and that includes your AI models.**\n\nReducing attack surface, making AI models and applications invisible unless explicitly accessed, is no longer a best practice.\n\n**It’s table stakes.**\n\n## **2. Lateral movement is where small problems become big ones**\n\nEven in well-defended environments, initial access is rarely the end goal.\n\nIt’s the starting point.\n\nIn traditional attacks, lateral movement is what turns a foothold into a breach. Once inside your environment, attackers move across systems, escalate privileges, and expand impact.\n\nWith AI, that risk doesn’t just remain; it accelerates.\n\nAI agents are dynamic. They connect to systems, interact across environments, and increasingly act with autonomy. Whether they’re running on endpoints, inside your infrastructure, or interacting with third parties, they create new and often unintended paths.\n\nIf an AI agent is compromised or simply behaves in an unexpected way, the ability to move laterally can turn a contained issue into a systemic one.\n\nThink of a **clinical AI agent** with access to patient Electronic Health Records, connected to labs, imaging systems, and billing platforms.\n\nNow imagine it gains access to more than it should, or simply takes a path no one anticipated, and starts touching records across patients, departments, or even external systems.\n\nPatient data doesn’t have to be “stolen” to be compromised. It just has to be exposed.\n\n**This is the risk most organizations underestimate.**\n\nEliminating lateral movement is not about improving detection.\nIt’s about removing the opportunity entirely.\n\n## **Zero Trust changes the equation**\n\nThis is where architecture matters.\n\nZero Trust is not a control layered on top. It’s a different way of designing connectivity.\n\nZscaler’s Zero Trust Exchange is built on this simple principle:\n**Nothing is trusted. Everything is verified. Access is explicit.**\n\nThere is no implicit network access like with firewalls or with flat networks. No broad connectivity to exploit.\n\nInstead:\n\n  * Applications are not exposed to and discoverable from the internet\n  * Users, workloads, and agents connect only to what they are explicitly allowed to, for example, the apps only.\n  * Every connection is verified, scoped, and continuously monitored and evaluated\n  * Crosstalk is visible, and even failed attempts to communicate are immediately brought to attention\n\n\n\nThe result is a fundamentally different security posture.\n\nEven if something goes wrong and an AI agent “finds a way,” the blast radius is drastically reduced:\n\n  * To a specific user\n  * To a specific workload\n  * To explicitly allowed connections\n\n\n\nThere is no network to traverse. No hidden paths to discover. Alarms are blaring, remediation immediate!\n\n## **This is the foundation for AI**\n\nOrganizations that are moving quickly and safely on AI are not starting with models.\n\nThey’re starting with architecture.\n\nThey are:\n\n  * **Reducing attack surface** by making your AI models invisible from the Internet, so there is less to discover and exploit\n  * **Eliminating lateral movement** in case your AI is compromised and behaves in an unexpected way, so issues cannot spread\n  * **Designing for containment by default,** just in case things go south\n\n\n\nThis doesn’t slow innovation. It enables it.\n\nBecause once the foundation is in place, teams can experiment, deploy, and scale AI with confidence without exposing the broader enterprise.\n\n## **Alibaba incident**\n\nWe are not just recommending you to protect your AI deployments; we are recommending it strongly, as such a case happened recently with Alibaba. Please read our blog here to know more about this incident.\n\n## **The bottom line**\n\nAI will explore.\nIt will connect.\nAnd it will find paths you didn’t expect or don’t know exist.\n\nThe question is not whether that happens.\n\n**The question is whether your architecture assumes it will vs you hope it won’t happen.**\n\nBefore you embrace AI at scale, address the foundation.\n\nReduce what can be reached.\n\nEliminate how things can move.\n\nEverything else builds on that.\n\nTo learn more, visit us here.",
  "title": "While you embrace AI, fix this fast"
}