The rapid, mainstream adoption of generative AI is increasing security risks, resulting in “one of the most complex threat landscapes ever.”
So claims Microsoft's corporate vice president of security Vasu Jakkal, during her keynote speech at the RSA Conference in San Francisco this week.
"Identity-related attacks have increased by 10x just year over year. Cybercrime is both a nation-state and ransomware is a gig economy. If cybercrime was an economy, [or] a country it would be the third largest GDP in the world," Jakkal said.
Jakkal painted a grim picture of AI being a potent tool for attackers to "proliferate malware rapidly and quickly and create new variants, to password cracking more intelligently with more context."
What’s more, she warned that bad actors could abuse AI to "prey on what makes us human - our curiosity using phishing and new techniques there."
The security boss highlighted voice imitation attacks, noting "just a three-second voice sample can train a GenAI model to sound like anyone." She also flagged emerging threats like AI model poisoning, prompt injection attacks, and risks around AI training data.
Despite the dangers, Jakkal struck an optimistic tone about AI's potential benefits if secured properly, from healthcare breakthroughs to personalized education. "Imagine if we could use AI to reach the millions and billions around the world in rural corners in education," she posited.
To better protect AI systems, Microsoft recommends a three-pillar strategy, according to Jakkal:
- Discover all AI usages and map risks
- Protect by mitigating risks through measures like zero trust and data controls
- Govern AI through risk-based policies, compliance tracking, and user education
"Governance is about human agency. It’s making sure we put ethics, [and] we put humans at the front and at the heart of technology to understand how we should build this safely, deploy this safely, and use this safely," Jakkal stated. "We need to be really thoughtful about this."
RELATED WHITEPAPER
The security leader issued a call to arms for defenders to rise to the AI security challenge: "You are the heart of trust in the heart of an organization's trust in AI. You're the ones who provide a safe and secure space for exploration. You are the Yes for AI," she said.
"I invite you to join me fearlessly, bravely, keeping security at the heart, and with care together. I invite you to freely dream big, to make our world safer, and to work together because I think it's going to be a beautiful world."
-
How to implement a four-day week in techIn-depth More companies are switching to a four-day week as they look to balance employee well-being with productivity
-
Intelligence sharing: The boost for businessesIn-depth Intelligence sharing with peers is essential if critical sectors are to be protected
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
