Notifications
Clear all
Topic starter
27/06/2026 1:07 pm
TL;DR: AI is simultaneously enabling more sophisticated attacks and serving as a primary defence tool, according to Abnormal AI and CrowdStrike’s Innovate 2025 webinar. The deeper issue is that identity and security programmes must now govern AI as both an attack amplifier and a defensive control plane, not a side topic.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern AI tools that participate in threat detection?
A: Security teams should treat AI detection tools as governed participants in the control plane, not as passive software.
Q: Why does AI-driven cybersecurity change the identity governance conversation?
A: Because AI systems can influence decisions that affect access, containment, and incident response, which means identity governance must cover both the operator and the tool path.
Practitioner guidance
- Map AI decision points to identity owners Identify every place AI influences triage, prioritisation, or response, then assign a named human owner for each decision boundary.
- Separate detection support from control authority Use AI to assist analysis, but keep privilege changes, containment actions, and exception handling under explicit policy and review.
- Review workload and analyst access together Check whether AI tools need access to telemetry, inboxes, ticketing systems, or identity platforms, and validate those permissions as part of the same governance review.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The fireside chat format and the speaker perspective from George Kurtz on current threat trends.
- The specific ways Abnormal AI and CrowdStrike describe using AI in their security workflows.
- The partnership framing and customer-success discussion that supports the webinar's strategic message.
- The ISC2 CPE eligibility and webinar access details for practitioners who want the recording.
👉 Watch Abnormal AI's on-demand webinar on AI-driven cybersecurity with George Kurtz →
AI-driven cybersecurity and identity risk: what teams must re-evaluate?
Explore further
27/06/2026 2:19 pm
AI-driven cybersecurity is now an identity governance issue, not just a detection issue. Once AI becomes part of the defence stack, it participates in decisions that affect trust, escalation, and operational response. That means security teams are no longer only managing tools, they are managing decision authority across human analysts, non-human workloads, and AI-assisted workflows. Practitioners should treat that shift as a governance boundary, not a tooling upgrade.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: What should security leaders evaluate in long-term AI security partnerships?
A: They should evaluate whether the integration supports continuous tuning, clear responsibility, and stable access governance over time. AI security tools become part of the operating model, so leaders should assess lifecycle fit, data boundaries, and how easily the programme can adapt as threats and telemetry change.
👉 Read our full editorial: AI-driven cybersecurity is reshaping attack and defence priorities
