AI’s growing footprint in cybersecurity and explains why principles like Zero Trust and robust identity frameworks are essential in today’s security strategies highlighted Praveen
Artificial intelligence (AI) is reshaping the cybersecurity landscape in profound ways. As much as it’s empowering defenders, it’s equally enhancing the capabilities of cyber attackers. Praveen Patil Kulkarni, Global Director, Cybersecurity, Identity, and Access Management at OpenText, shares a balanced perspective on AI’s growing footprint in cybersecurity and explains why principles like Zero Trust and robust identity frameworks are essential in today’s security strategies.
Attacker’s New Weapon
AI is no longer just a buzzword. Its real-world application in cybersecurity is visible on both sides of the spectrum—defence and offence. Kulkarni elaborates on how cyber attackers are increasingly weaponising AI.
Targeted Phishing: Traditionally, phishing relied on casting a wide net—thousands of emails sent with the hope that a few recipients would take the bait. But now, attackers are using AI to make phishing more targeted and believable. By harvesting publicly available data, including from social media, and using AI models trained to mimic writing styles, attackers craft personalised, authentic-looking messages that are far more effective.
Polymorphic Malware: Attackers are also using AI to generate sophisticated, polymorphic malware—code that constantly changes its signature to evade traditional detection systems. “What used to take an attacker six months can now be done in a matter of days,” warns Kulkarni. AI accelerates every phase of a targeted attack, from reconnaissance and weaponisation to lateral movement and data exfiltration.
Automated Reconnaissance and Exploitation: AI enhances automation in the attacker’s kill chain. It assists with passive and active reconnaissance, vulnerability exploitation, and crafting malware that adapts and evolves on the go—making it increasingly difficult for defenders to detect and respond in time.
Defensive Use Of AI: Speed, Intelligence, & Prioritisation
Fortunately, the same capabilities that empower attackers can also be harnessed by defenders.
Threat Detection & Anomaly Identification: AI-powered systems now profile user and network behaviour over time to detect anomalies—potential indicators of zero-day attacks or internal threats. These systems consider contextual patterns and peer behaviour to reduce false positives and improve detection accuracy.
Vulnerability Management: One of the biggest applications of AI in cybersecurity is in vulnerability assessment. AI not only identifies technical weaknesses across networks, endpoints, and applications but also helps prioritise which ones need immediate attention—based on risk context and asset criticality.
Reducing SOC Overload: Security Operations Centre (SOC) teams face an avalanche of alerts daily. AI helps triage alerts, dramatically reducing false positives and enabling analysts to focus on high-priority incidents on high-value systems.
Incident Response & Threat Hunting: AI also speeds up incident response. Instead of following a static playbook, AI systems can automatically recommend or initiate actions such as isolating devices or blocking IPs. In threat hunting, AI identifies artefacts that have slipped through defences, such as suspicious files, processes, or lateral movement activity.
The OpenText Edge: OpenText’s cybersecurity solutions, including the AI-powered Aviator platform and ArcSight ESM, offer a NextGen SOC framework. The platform integrates real-time correlation engines, behaviour analytics (UEBA), MITRE-based threat mapping, and a SOAR system for automated response—enabling holistic security coverage from detection to remediation.
Zero Trust: No Longer Optional
Kulkarni is a strong advocate of the Zero Trust approach—an essential framework in the post-Covid, perimeter-less business world.
“Zero Trust is not a solution. It’s a design approach built around one fundamental principle: never trust, always verify,” he says.
The End of Perimeters: Pre-pandemic, network perimeters provided a clear line between trusted and untrusted zones. That’s no longer viable in an era where users access systems from everywhere. Identity has become the new perimeter.
Continuous Authentication: Zero Trust demands verification at every stage—not just at login but throughout the session. If a session drops or appears suspicious, re-authentication is mandatory. Additional layers like Multi-Factor Authentication (MFA), step-up authentication, and risk-based access controls are fundamental to this model.
Least Privilege and Geotagging: Minimising access is key. Employees should only be able to access the applications and data necessary for their role. Technologies like geotagging allow organisations to restrict access based on location—adding another layer of control against credential misuse.
Ransomware Defence: Zero Trust doesn’t just protect credentials. By severely limiting unauthorised lateral movement, it becomes a powerful tool against ransomware and other sophisticated attacks. OpenText’s identity and access management suite, integrated with Aviator, enables dynamic, AI-informed access governance and least-privilege enforcement.
Identity: New Battleground
As network-based attacks become harder due to layered defences like firewalls, proxies, DLPs, and segmentation, attackers are increasingly shifting focus to identity-based breaches.
Why Identity Is a Prime Target: “It’s simpler,” says Kulkarni. “Instead of navigating complex network defences, attackers look for compromised credentials or misconfigured access controls.” This makes robust identity management systems crucial.
The Holistic Identity Security Framework:
Kulkarni outlines the layered strategy businesses must adopt:
Authentication Controls: Including MFA, step-up, and risk-based authentication.
Access Management: Implementing role-based access, least privilege, and privileged access management (PAM).
Identity Governance: Tools for continuous access review, role mining, and compliance certification.
AI-Powered Risk Prediction: OpenText’s Aviator integration allows organisations to predict risk and automate access decisions using AI-driven analytics.
AI in cybersecurity is a double-edged sword. While it enables attackers to move faster and more stealthily, it also offers defenders tools to detect, prioritise, and respond to threats with greater efficiency. The key, as Praveen Kulkarni emphasises, is not to fear AI, but to match it—strategically, intelligently, and proactively.
Organisations that combine AI with a Zero Trust mindset and strong identity governance will be best positioned to withstand the evolving threat landscape.
