‘Need to fight AI with AI’: IBM India VP on the future of cybersecurity

“AI can attack at scale, which is unprecedented. It can also attack with velocity, and therefore you need technology tools to counter that speed and volume capability that attackers have,” said Gaurav Agarwal, Vice-President of Technology for IBM India and South Asia, explaining how artificial intelligence (AI) is reshaping cybersecurity threats and what organisations must do to address them.

When people worked in offices and accessed company applications from controlled environments, protecting those systems was straightforward. Companies could set up a security perimeter, and it worked. For the uninitiated, perimeter security in cybersecurity stands for a digital wall or block that keeps hackers out of an organisation’s network. According to Agarwal, however, the shift to cloud services, remote work, and AI agents is forcing organisations to rethink traditional perimeter-based security models.

“Now, with applications going to the cloud, people accessing these from anywhere and everywhere, perimeter security protection does not hold true anymore,” Agarwal explained. This shift means that traditional firewalls and network boundaries are no longer enough. Instead, a new security frontier has emerged, which is, identity itself.

The new attack vector

When employees and systems access applications from anywhere using any device, attackers have found an easier way to make an inroad to steal credentials. Once they have valid login credentials, they look like legitimate insiders to the system. “Public-facing applications and use of valid credentials were the top two access vectors that led to this problem,” Agarwal says, citing IBM’s Threat Intelligence report.

According to him, it is no longer about hacking into systems; rather, it’s about walking through the front door with someone else’s keys.

The challenge gets even more complex with AI agents now entering the picture. AI agents are pieces of software designed to complete tasks autonomously, sometimes working across multiple applications simultaneously. Unlike traditional software, which does what it’s explicitly programmed to do, AI agents can be more flexible and often less predictable.

“Because they can do simultaneous work across multiple applications, it is important that we figure out clearly what they are supposed to do, what LLM models they can use, and what data sets they can have access to,” Agarwal said.

Story continues below this ad

Without these guardrails, an AI agent could inadvertently expose sensitive data or be manipulated through what’s called a ‘rogue prompt’, meaning an instruction designed to make the system behave in unintended ways.

Security framework for AI agents

If AI agents are to be deployed widely, Agarwal argued they should be treated like employees from a security standpoint. This means giving them only the access they absolutely need, a principle known as ‘least privilege’.

“You don’t want them to access what they’re not supposed to,” he explained. Beyond access control, the executive outlined what a robust security framework should include—clear governance policies on how agents should behave, continuous monitoring systems to track what they’re doing, sandboxing and input validation to contain potential damage, and detailed logging for auditing purposes.

The goal is to make sure that if an AI agent is compromised or hijacked by someone with malicious intent, it cannot damage the entire organisation. “You have to have continuous tracking and monitoring systems in place in terms of figuring out what happened, what was for auditability reasons or who did what, and what was the basis of those decisions,” he said.

Story continues below this ad

At a time when many Indian organisations are rushing toward AI deployment without fully understanding the risks, Agarwal identified several blind spots that he has observed.

Firstly, the use of personal AI tools. Just as ‘Shadow Cloud’ was a problem a decade ago, where employees used unauthorised cloud services, companies now face employees using public AI tools to process sensitive company data, he said. A senior executive might use a free, consumer-grade AI tool to prepare a presentation with proprietary information, unknowingly exposing it to unauthorised training or data collection.

Second is supply chain vulnerability, he pointed out. Open-source software and third-party components that power many systems can contain hidden weaknesses. IBM is investing heavily to address this, with initiatives like its $5 billion investment to help clients obtain clean software images without vulnerabilities.

Use AI to identify weaknesses

Perhaps the most striking insight from Agarwal is his answer on how organisations should use AI to defend against AI-driven attacks. The logic is compelling. If attackers can deploy AI to discover vulnerabilities, write exploits, and launch attacks at machine speed, human security teams cannot hope to respond fast enough manually. This means companies should be proactive by using AI tools to scan their own networks, test their defences, and identify weak points before attackers do.

Story continues below this ad

“Clean your house before somebody else forces you to clean it,” Agarwal advised.

As AI becomes more capable, a critical question emerges: how much decision-making should we let AI handle? Agarwal is clear on this. “For any critical function where a decision needs to be taken, a human in the loop needs to be involved, especially when it comes to important business processes. You cannot outsource important decisions,” he said.

The distinction he makes is between AI doing work and AI making decisions. AI is excellent at executing tasks within defined guardrails such as processing documents, analysing data, and running routines, he says. But strategic business decisions, especially those with significant consequences, should remain firmly in human hands.

“AI can give data points that can influence or help make the decision, but at the end of the day, decision-making still is a human prerogative for most enterprise-critical decisions,” he said.

Story continues below this ad

Asked for advice for organisations just beginning to adopt AI, Agarwal offered three essential practices – embrace hybrid deployment, prioritise digital sovereignty, and establish governance from day one.