Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog

Why AI Isn’t Keeping Me Up at Night

Published 04/01/2025

Home
Industry Insights
Why AI Isn’t Keeping Me Up at Night

Written by John Kindervag, Chief Evangelist, Illumio.

 

Artificial intelligence is cybersecurity’s newest obsession.

With every advancement — like China’s recent DeepSeek AI announcement — comes fresh waves of alarm about AI-driven cyberattacks and the inevitable doom they’ll bring.

I understand the concern. The idea of AI-powered threats evolving faster than our defenses is unsettling.

But here’s the thing: I’m not losing sleep over it.

Zero Trust takes the fear factor out of AI-driven threats. Whether attackers leverage artificial intelligence, quantum computing, or a swarm of cybercriminals working in secrecy, Zero Trust significantly limits their chances of success.

 

Zero Trust neutralizes AI-driven threats

No matter how advanced an attack, it all hinges on one critical factor: access. Zero Trust ensures they never get it.

Traditional security models operate under the false assumption that everything inside a network perimeter is inherently trustworthy. That’s where the trouble starts. Breaches happen because implicit trust creates gaps that attackers exploit.

Zero Trust turns this model on its head. It denies all access by default, ensuring that only explicitly verified and authorized entities can interact with critical assets.

So even if AI supercharges attackers’ tactics, it still runs into the same roadblock: it has no permission to execute its plans.

 

AI can’t bend the rules of cyber physics

There’s a myth that AI can sidestep security controls with ease like some kind of digital sorcery. The reality is that AI still operates within the confines of established network protocols and cybersecurity principles.

Think of it like trying to play a game of chess with the same rules as checkers. AI can enhance a player’s strategy, but it can’t change the fundamental mechanics of the game.

Likewise, AI-driven attacks still rely on network access, lateral movement, and data exfiltration — all of which Zero Trust disrupts.

By enforcing strict access policies, Zero Trust acts like guardrails on a highway, keeping traffic in its designated lanes. Attackers can rev their AI engines all they want, but if the policy blocks their path, they’re stuck.

 

The real AI risk: unprotected AI systems

While AI-powered cyberattacks don’t keep me up at night, unsecured AI systems do.

Organizations rushing to integrate AI into their operations often overlook one crucial fact: AI is just as vulnerable as any other digital asset.

If left unprotected, AI models can be manipulated, poisoned, or outright stolen, turning a powerful security tool into a dangerous liability. That’s why AI itself must be secured within a Zero Trust framework.

Organizations must:

  • Treat AI models as critical assets and enforce strict access controls.
  • Monitor AI training data and outputs to prevent manipulation.
  • Segment AI systems to prevent attackers from exploiting them as entry points into broader networks.

 

Zero Trust makes AI just another tool

Attackers will always evolve. AI is simply their latest innovation. But it only gives them an advantage if organizations cling to outdated security models.

Zero Trust already changed the game. It removes implicit trust, limits attack paths, and ensures that no matter how sophisticated an attacker’s approach, they still hit a dead end.

So no, I’m not losing sleep over AI. With Zero Trust in place, I know the real advantage still belongs to defenders.

Artificial IntelligenceCloud ExperienceRisk ManagementZero Trust

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
AI-Generated Mapping Between CSA CCM v4.0 and FedRAMP
From Alert to Remediation: Millions of Alerts Analyzed to Shape Your Strategy
Help Shape AI Adoption with the Dynamic Process Landscape Framework
Unlock Cloud Security Insights

Subscribe to our newsletter for the latest expert trends and updates

Secure your cloud data with Zero Trust Training
Related Articles:
Best Practices for Deleting Information After Employee Offboarding

Published: 04/04/2025

What Is IT Compliance? Definition, Guidelines, and More

Published: 04/03/2025

Why Security Questionnaires Are a Familiar—but Ineffective—Norm for Assessing Risk

Published: 04/02/2025

MFT and AI: Why Secure Data Movement is Critical for AI Success

Published: 04/02/2025