The Expert View: Securing the hyperconnected enterprise in the age of AI

Conversations about artificial intelligence (AI) are hardly unusual these days. But a conversation among people who work at the sharp end of this technology quickly narrowed to the question of how to deploy technology that is probabilistic and fast-moving inside organisations built to govern deterministic software.

 

The TEISS briefing at the House of Lords in London brought together security and technology leaders from a range of sectors, who shared experience of where AI is already delivering value and where it is creating new exposure.

 

Opening the session, Nadine Anderson, Head of Construction and Utilities Vertical at BT, welcomed the room in anticipation of a frank discussion. Charlotte Wilson, Head of Enterprise Sales at Check Point, set the framing. “AI is a tech revolution that none of us is on top of,” she said. No one had all the answers, she added, which made it essential for practitioners to compare notes on sovereignty, privacy and security.

 

AI is already embedded, and the pressure is mounting

 

Attendees described AI embedded deeper than headline use cases might suggest. One organisation was using it to assess the risk profile of every change request, approving low-risk ones automatically and escalating the rest. Another spoke about industrial deployments: a robot dog carrying out predictive-maintenance inspections at a US plant; a wind-farm data combined with LiDAR weather readings to optimise turbine performance.

 

A banking participant described the use of AI in their consumer app to help customers navigate the product and manage their budgets. At a personal level, participants said AI had become a quiet productivity tool; one likened the experience to “having your mum over your shoulder” as it nudged them towards productivity. The bigger shift, several noted, is the move from generative to autonomous agentic systems, which are harder to manage.

 

LLMs have evolved faster than security practice, and the pressure to adopt is coming from two directions at once. Boards want evidence that the organisation is getting value from AI, and employees who already use it at home want equivalent tools at work. Responses vary widely. “We see everything from a very locked-down system to a fully agentic system put in the hands of users,” Wilson observed.

 

Banning public tools rarely works: if a secure internal alternative is slower or less capable than ChatGPT, attendees agreed, employees will ignore it. A positive counterexample came from a regulated industry, where one organisation had built an AI tool to flag “red words” in customer interactions that might indicate gambling addiction. It went live in seven weeks, enabled faster escalation to support teams, and showed the regulator that the company was taking responsible gambling seriously.

 

Governing probabilistic tools

 

Several attendees stressed that traditional security assumptions no longer translate cleanly. AI is probabilistic, one said, which makes securing it “more like dealing with people” than with code. Another extended the analogy: “We’re trying to govern a computer, but AI is more like raising a kid: you set boundaries and hope they do the right thing.”

 

The risk is compounded by “automation bias” – the tendency for humans to believe what a computer tells them – and AI can produce wrong answers with confidence. Whatever the system does, the group agreed, the output still must be owned by an accountable human. Hiring illustrated both the problem and the opportunity. At one organisation, 40 to 50 per cent of candidates had been caught reading from a screen during interviews. But the same underlying technology, well-trained, could be used to identify and remove biases that human recruiters miss.

 

Conversation turned to Mythos, Anthropic’s forthcoming AI tool that, the company claims, can quickly identify vulnerabilities in the software organisations rely on. Is that marketing hype, or a real capability? The group was split. If it is genuine, legacy code and technical debt become an immediate liability, because almost every organisation carries more of both than it would like. Even if Mythos’s capabilities are exaggerated, at least it focuses attention on technical debt.

 

Either way, LLMs are already good at working with code, which makes zero-day discovery plausible – and if Mythos cannot do it, another tool soon will. However, one attendee pushed back on the framing. Zero days are a relatively small slice of real-world cyber-risk, they said. Around 90 per cent comes from human error or malicious action. Agents that can find vulnerabilities can also help fix them, and in time should support developers in writing more secure code from the outset.

 

A pragmatic consensus

 

The wider concern aired in the room was that society is not keeping pace with the technology. Education, government and regulators all need to adapt faster than they currently are, attendees said, and the gap is widening.

 

Closing the session, Wilson reflected on how far the discussion had ranged. Anderson was not surprised by the generosity of the exchange: her vertical, she noted, had always had a strong culture of sharing, and that same spirit had been on show at the discussion.

 

The prevailing view from the evening was pragmatic. AI in the enterprise is now a given. But trust must be earned through accountability, and through governance that can keep up with a technology built to move faster than the rules around it.

---

To learn more please visit: www.checkpoint.com and www.bt.com