Cyber risk has evolved as fast as any technology change in the internet era.
Once upon a time, enterprise cybersecurity was built around a clear perimeter of corporate networks, data centres and internally managed applications. It was an organisation’s own private kingdom, and the task of IT security was to keep attackers out.
Then cloud came along. Enterprises began running all manner of applications and storing critical data on external cloud platforms, often using multiple cloud providers at once. Cloud was revolutionary, but it did bring many extra points of risk which had to be managed, including SaaS tools, APIs and remote access points.
Now, we have agentic AI systems. Without a doubt, they represent an extraordinary leap forward for technology with huge potential for businesses. But agentic AI must be managed carefully. These are highly capable tools which can access and interpret all kinds of information and, critically, take action across connected environments. That is why so much emphasis is put on AI governance.
Evolving security for agentic AI
As AI agents can act semi-autonomously, decide what steps to take, work with external cloud or SaaS tools, retrieve data and act on behalf of others, security must now treat these new agents as potential threats.
Beyond the risks created by AI agents inside the organisation, there is also the external threat: this powerful technology can and will be used by malicious actors against you. In practice, AI is speeding up cyberattacks: Google Cloud has shown the time between an initial breach to the next stage has reduced from eight hours to 22 seconds. In the past, there might have been several hours before the attack escalated, giving security teams some time to detect, investigate and contain it. That luxury of time is disappearing.
Together, then, cyberattacks are faster than ever, the ‘battlefield’ on which attacks could take place is bigger than ever and the deployment of AI agents makes the cyber defence realm more complex than ever.
The only logical conclusion is that cybersecurity must evolve, and fast. Traditional security models simply did not anticipate the kind of technology environment in which we now live, and the high speed of AI adoption creates an additional urgency.
Cybersecurity strategy for the agentic AI age must be built on the fundamental idea that we move away from one-off checks and towards security being watched and managed throughout the whole AI development process. In this way, governance comes into AI projects from the start and is checked throughout, so development teams can spot the biggest risks early and fix them before they become real problems.
Partnering for secure defence
Our partnership with Wiz focuses on exactly that. By working with Wiz, we can help give customers a clearer, more joined-up view of security across their cloud and AI environments. Instead of relying on separate checks at different stages, teams will be able to spot the biggest risks earlier, understand which ones matter most and fix them before they become bigger problems.
This means we can help customers quickly assess their cloud environments to find vulnerabilities. We can also support teams with ongoing monitoring and response, helping them review alerts, work out what needs urgent attention, and investigate serious issues.
Working together, Endava and Wiz will support our customers with a strategy and a methodology to adopt AI across their business and across multi-cloud environments in a secure and properly governed way.
Managing AI and cloud cyber risk might seem like a daunting challenge, but we’re confident that our joint approach will provide the strongest possible defence for whatever attacks enterprises might face.
