{"id":5207,"date":"2026-04-24T21:38:45","date_gmt":"2026-04-24T21:38:45","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/04\/24\/ai-rush-is-reviving-old-cybersecurity-mistakes-mandiant-vp-warns\/"},"modified":"2026-04-24T21:38:45","modified_gmt":"2026-04-24T21:38:45","slug":"ai-rush-is-reviving-old-cybersecurity-mistakes-mandiant-vp-warns","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/04\/24\/ai-rush-is-reviving-old-cybersecurity-mistakes-mandiant-vp-warns\/","title":{"rendered":"AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The rush to adopt AI in enterprise environments is not only creating new security vulnerabilities, but is also reviving old security failures, a top Mandiant executive has warned.<\/p>\n<p>Speaking to <em>Infosecurity<\/em> during Google Cloud Next 26, Jurgen Kutscher, VP of Mandiant Consulting, part of Google Cloud, said that AI deployment in enterprises is often accompanied by a neglect of basic security controls.<\/p>\n<p>\u201cA lot of the old problems are new again,\u201d Kutscher said. \u201cWe\u2019ve seen enterprises really worried about new AI threats like large language model poisoning while forgetting the most basic security controls.\u201d<\/p>\n<h2><strong>Mandiant Red Team Reveals Cybersecurity Failings\u00a0<\/strong><\/h2>\n<p>Kutscher said Mandiant\u2019s red team has uncovered real security failures caused by this mismanagement during simulated real\u2011world attacks, in which testers adopt the tactics of genuine adversaries to probe organizations\u2019 defenses.<\/p>\n<p>During red-team engagements, he has seen AI-enabled environments where an attacker could change data classifications, allowing them to bypass protections like data loss protection (DLP) solutions.<\/p>\n<p>Furthermore, Kutscher was \u201csurprised\u201d to find even simple mistakes such as unencrypted communication streams.<\/p>\n<p>\u201cFor instance, we observed an unencrypted communication stream between the AI and\u00a0the browser when working with a financial company,\u201d he said, underscoring how basic hygiene was being overlooked.<\/p>\n<p>In multiple engagements, Mandiant red teamers were able to social-engineer initial access and then rely on the AI to perform follow-on actions, including exfiltration and policy changes.<\/p>\n<p>\u201cOnce we&#8217;re inside, we&#8217;ve had the AI do the rest for us, including data theft and everything. And I\u2019m talking about authorized AI deployments, not event shadow AI cases, where employees have deployed AI workflows without the company\u2019s oversight,\u201d Kutscher said.<\/p>\n<p>Organizations should build AI security governance processes as soon as possible. \u00a0<\/p>\n<p>He emphasized that creating policies and governance is easier than cleaning up uncontrolled AI usage after the fact. He recommended revisiting secure architecture and performing red-team validation to ensure critical assets are truly segmented.<\/p>\n<p>While recognizing AI\u2019s power for defense, Kutscher urged CISOs not to assume AI adoption absolves them of basic cybersecurity responsibilities.<\/p>\n<p>\u201cIt\u2019s possible that these mistakes partly come from the fact that CISOs aren\u2019t always involved in the deployment of AI workflows, among many other reasons, I don\u2019t want to speculate, but the lack of basic security controls around AI workflow deployments is there and it\u2019s a significant risk,\u201d he concluded.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The rush to adopt AI in enterprise environments is not only creating new security vulnerabilities, but is also reviving old security failures, a top Mandiant executive has warned. Speaking to Infosecurity during Google Cloud Next 26, Jurgen Kutscher, VP of Mandiant Consulting, part of Google Cloud, said that AI deployment in enterprises is often accompanied<\/p>\n","protected":false},"author":2,"featured_media":5208,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5207","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/04\/5207-2406ae0d-e6d4-4f47-8155-7b3576ca9ace-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5207"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5207\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5208"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}