Did you know? Some reports say the first ransomware attack happened in 1989 and demanded payment by mailed check.
AI Strategy Without Infrastructure Is Like a Supercar in a Snowstorm
Insights from Richard Bird
Launching an AI strategy without the right infrastructure is like putting a supercar on a narrow, icy, congested road.
The car can move — but it can’t perform anywhere near its true potential.
In other words: AI capability is only as strong as the foundation supporting it. Without the right data confidence, compute, memory, governance, and operational maturity, AI initiatives will underperform — or introduce new risk.
Other Key Takeaways:
AI governance is not purely a technical problem — legacy controls alone won’t solve it.
AI will fundamentally reshape Identity & Access Management (IAM).
Least-privilege models become harder with Agentic AI, increasing the risk of over-permissioning.
Rather than only defining what AI can do, teams should define forbidden outcomes and use those as hard guardrails.
Bottom line:
Don’t treat AI like a bolt-on feature. Treat it like a platform that requires infrastructure, governance, and intentional design.
“Assume Breach” as an Operating Model
Rishi Joshee reinforced a mindset many mature security programs are adopting: Stop assuming perfect defense. Start assuming breach.
The premise is simple — we will never eliminate all vulnerabilities, and adversaries operate with low risk and high persistence. So resilience, detection, and response become just as critical as prevention.
Practical Recommendations
Strong security hygiene matters more than flashy tools (patching, secure configs, baseline hardening)
→ This alone reduces significant alert noise and SOC fatigueRefine post-breach evidence collection and forensic readiness
Assume breach — and actively HUNT for adversary activity
Automate wherever safely possible to scale response and reduce human overload
What I’m Reading: Rethinking Cloud Defenses in the Age of AI
Bad weather has me spending more time indoors lately — so I’ve been channeling that energy into reading smart, forward-leaning work on modern defense strategy.
I recently came across a cloud security report that I expected to skim. Instead, I ended up reading every page.
This isn’t a vendor fear piece. It’s thoughtful, strategic guidance on how defenders need to evolve as threat actors become faster, more adaptive, and increasingly AI-enabled.
The insight that stuck with me most:
Adversaries are compressing attack cycles using AI — so defenders can’t respond linearly.
Hiring more people or incrementally adding tools won’t keep pace. We need to rethink how we operate and leverage capabilities that, not long ago, felt theoretical.
If you’re responsible for shaping or modernizing security strategy, this is worth your time. The concepts here can help guide meaningful transformation in cloud defense.
🔗 Read it here:
https://sysdig.pathfactory.com/c/your-blueprint-to-cloud-security-the-right-way?x=0sNi_I
Quick Insightful Reads
🔗 Agents aren’t People – what the ServiceNow vulnerability Reveals about Agentic AI Access Control – This category of access failure will probably rear it’s head again. A good article in your AI journey to understand some of the unique risks one may face.
🔗 JWT vs OAuth – Understanding the Difference – I get into these discussions (debates?) all the time. A great 2 minute read to ensure you’re armed to have the same inevitable discussion
Help us keep sharing real stories
▶ Know someone who’d love this? Forward it their way.
▶ Did you receive this newsletter? Click here to subscribe.
Views expressed are informational only and not official advice. No warranties are made; readers assume all risk and should consult authoritative sources before acting.