Security at the edge of autonomy: Why AI and geopolitics are forcing a reset

Rethinking security in an AI-driven environment

AI is changing the nature of enterprise risk, and it is doing so faster than most security models can adapt.

At Google Cloud Next 2026, a central theme emerged: systems are becoming more autonomous. AI is no longer just supporting decisions; it is becoming an empowered decision-maker in a growing number of contexts.

At the same time, the external environment is becoming more volatile. Geopolitical tensions are driving an increase in state-aligned cyber activity, while advances in AI are lowering the barrier of entry to access and execute sophisticated attacks. Emerging capabilities, including AI-assisted vulnerability discovery, exploit generation and attack chain execution such as Mythos, are accelerating both the scale and speed of threats.

These forces are not incremental. They represent a fast moving and structural shift in risk, requiring a corresponding change in how security is designed and operated.

The urgency of this shift is reflected in our 2026 CGI Voice of Our Clients global research: cybersecurity resilience and data protection now rank as the top IT priority globally for executives.

Leading organizations are already responding by strengthening cybersecurity fundamentals, embedding security more deeply into system design, enhancing governance over AI-driven decisions and investing in greater transparency across automated processes.

Expanding the scope of security

For years, enterprise security has focused on protecting infrastructure, applications and data and equipping employees to make sound risk-driven security decisions.

That foundation is still critical, but it is no longer sufficient.

When systems can now act as independently as an employee, security must also extend to how those actions are defined, constrained and governed. The question is no longer just what is being accessed, but what is being decided.

This creates a new set of requirements.

How are decisions made? What data is influencing them? What guardrails are in place? And critically, how do we intervene, quickly and reliably, when systems behave in unintended ways?

In an environment where adversaries are also using AI to automate reconnaissance, generate exploits and scale social engineering, these are not future concerns. They are immediate operational risks that must be addressed to empower AI to both support and protect the business safely and responsibly.

The role of automation

AI-enabled automation that combines human judgment with intelligent agents is now a central cybersecurity strategy for both defense and attack.

On the attack side, the same technologies are being used by threat actors to increase speed, precision and scale of attacks.

On the defensive side, AI can identify patterns, compress response time and manage volumes of activity that are no longer possible at human-scale. Developing and refining that capability in all layers of cyber-defense is essential.

But equipping your organization to defend with AI comes with trade-offs; unlike cyber-attackers, enterprises cannot afford the fragility introduced by automation without strong governance.

Systems that are not observable, explainable or controllable can be manipulated, misdirected or exploited in ways that are difficult to predict.

The question now is how to scale automation without compromising control. The organizations that will be the most resilient will ensure human oversight is built into processes to ensure automated actions align with business priorities, risk tolerance and ethical standards.

Applying zero trust more broadly

One way to achieve this is leveraging zero trust, which remains one of the most effective security principles. However, it must adapt to meet the new challenges AI brings.

Its scope can no longer be limited to users, devices and networks. It must now extend to services, systems and AI-driven processes.

Every interaction must be verified. Every decision path must be traceable.

In an environment where both defenders and attackers are leveraging autonomous capabilities, trust cannot be implicit at any layer. It must be continuously established and enforced.

In practice, this means extending identity, policy enforcement and monitoring consistently across both human and AI machine-driven actions and interactions.

For example, we leverage zero trust principles across our networks to ensure both human and AI-driven accesses have the same identity verification, policy enforcement and monitoring controls applied to help maintain traceability, accountability and operational resilience.

Building confidence in autonomous systems

Trust is now a strategic issue.

Organizations are being asked to rely on systems that they often do not fully understand, operating in environments that are becoming more unpredictable.

Beyond technical controls, building confidence in AI-driven systems demands transparency, auditability and clear governance models within your own organization and throughout your supply chain.

Security’s role is expanding beyond protection to enabling the safe, reliable adoption of systems that will increasingly run the business.

By developing the frameworks, policies, processes and tools to both address AI-driven threats and safely adopt AI, security is now positioned to help organizations scale AI with confidence, rather than constraint.

Securing the future of autonomous operations

The goal is not to slow down AI adoption; that is neither practical nor desirable.

It does, however, require a fundamental shift in how security is designed, operated and governed.

As autonomous systems become embedded into core business operations, security must evolve from a reactive control to a core design principle. Organizations need continuous visibility across their environments, strong governance over AI-driven decisions and clear traceability across automated actions, decision paths and operational controls, while retaining the ability to intervene at machine speed when conditions change.

The organizations that adapt fastest will be those that combine strong security fundamentals with operational agility: reducing unnecessary exposure, accelerating remediation, automating intelligently and strengthening resilience across both modern and legacy environments. As AI compresses the time between vulnerability discovery and exploitation, disciplined execution and recovery confidence become increasingly important.

According to our 2026 Voice of Our Clients research, 65% of organizations cite security and cyber risk mitigation as a top objective in optimizing cloud adoption and value delivery.

Success will depend on more than preventing attacks. Organizations must be able to sustain operations, recover quickly and maintain trust in environments where disruption, autonomy and adversarial AI are becoming permanent conditions of doing business.

In the age of autonomous operations, security will increasingly define an organization’s ability to be a trusted partner and to operate, recover and compete with confidence.