Enterprises Build Resilience and Strategic Hardening Frameworks for the AI Threat Era

Until recently, security strategies focused on detecting threats and shutting them down before they could spread. But that model is eroding as attackers deploy AI-powered automation, creating malware that evolves faster than conventional defenses can track. In response, organizations are shifting toward strategies built on strategic hardening and operational resilience, designing systems that can withstand attacks and recover more quickly when breaches occur.

One advocate of this approach is Rajeev Kumar, the Director of Security & AI at o9 Solutions, an AI-powered platform for integrated business planning. Kumar is also a Strategic Advisor to SINE IIT Bombay, where he mentors early-stage AI-security founders. For Kumar, the path forward requires a new way of measuring strength, one that prioritizes resilience over pure protection. His approach focuses on designing systems that assume intrusions will happen, and are built to withstand and recover from them.

"You can’t rely on detection alone anymore. When adversaries operate at machine speed, resilience and strategic hardening are the only ways to keep your business running," Kumar says. Attackers are building networked ecosystems to launch coordinated campaigns like Volt Typhoon and the SolarWinds supply chain compromise, meanwhile many defensive teams lag behind and remain in their organizational silos. New AI-enabled tools are only accelerating that mismatch.

• Malware gets a mind: "The way malware used to work is that once it got detected, it was neutralized. But now adversaries can create malware that, even if it gets detected, keeps self-learning and can adjust. You can imagine how the attack surface has increased multifold because of AI," Kumar explains. Countering this new class of adaptive threat requires rethinking defensive architecture.

For Kumar, the solution centers on strategic hardening, built on a five-pillar framework: supply-chain vigilance, identity and access management, multi-layer security architecture and governance, operational resilience, and the emerging mandate for AI security. But he notes this strategic pivot is happening too slowly. The reason for the delay, he argues, is the accelerated, enterprise-wide push to adopt AI, which has become an AI security wake-up call that creates business "chaos" and leaves security teams lagging.

• The AI distraction: While organizations rush to launch shadow AI pilots and unvetted plugins, security teams are often left in the dark. "The current challenge is that the enterprise-wide push to adopt AI has created a lot of chaos. Most organizations are so focused on tackling the business implications of AI that security has consequently been lagging behind," Kumar notes. Because speed is the priority, some teams are ignoring critical vulnerabilities like data leakage and blind third-party dependencies in favor of market momentum.

• Resilience is reality: Understanding the fourth pillar, resilience, is the key to understanding how mindsets must adapt in the AI age. Kumar's strategy is built on the premise that attacks should be treated as inevitable. Instead of trying to prevent every breach, he argues the true measure of a security program is how quickly the organization can restore core business functions. "Attacks are inevitable today, so the old mindset of trying to prevent everything simply won't work anymore," he reminds security leaders. "So the focus must shift to resilience and the speed at which we can restore business activity after an incident. That is the major change."

In an ideal world, solving this would involve industry-wide collaboration. Kumar candidly admits this is currently more "aspirational than realistic," and instead proposes a next-best approach. His vision involves re-imagining the Security Operations Center as an intelligent, risk-based nerve center that transforms threat intelligence from noise into actionable signals.

• Build 'self-intelligence': Central to this model is a departure from relying on isolated indicators that often lack the necessary context to properly identify threats. "A single indicator like a standalone malicious IP address, a specific file hash, or a known-bad domain won't work in isolation; you have to develop an ecosystem where signals from different sources are talking to each other," Kumar says. "When you have a centralized mechanism where all indicators communicate, they develop a 'self-intelligence' that converts data into clear risk levels."

• Boardroom visibility: Kumar argues that "digital risk," or the intersection of cyber and AI, must now be elevated to a core business discussion. "This should be the part of the boardroom overall," he says, noting that a lack of defined accountability for AI operations remains a dangerous blind spot. To bridge the gap, he suggests three priorities belong at the executive level: establishing a clear risk management strategy for digital assets, assigning specific accountability for AI incidents at runtime, and creating a formal AI incident classification framework.

The security landscape is evolving faster than many expected, and threats are on the rise. For leaders and practitioners on the ground, these structural changes are a step in preparing for what’s coming as the foundational principles of cybersecurity are tested by a challenge still in its early stages. "Going forward, attacks will become more frequent as AI is moved into production. From a defense perspective, both upskilling and the speed of your upskilling are very important, especially because 90% of enterprise AI has not even gone into production yet," Kumar concludes.