As artificial intelligence reshapes the cybersecurity landscape, organizations find themselves caught in an escalating arms race—AI-enhanced defenses versus AI-powered threats. In this TechVoices interview, I spoke with Brian Rizman, Managing Partner, ServiceNow Risk and Security Solutions at Wipro, about the findings of Wipro’s latest cybersecurity report.
From the enduring vulnerabilities of human error to the absence of AI governance frameworks and underfunded security budgets, Rizman offers a grounded look at the challenges enterprises face in defending against modern cyber threats—and what must happen next to build resilience in the age of AI.
Key Points: AI is Used Both Responsibly and Maliciously
Brian Rizman detailed key trends in AI across various areas:
AI is transforming cybersecurity—on both sides of the battlefield
AI is increasingly embedded in both enterprise defenses and adversarial attacks. Enterprises are using AI to automate security operations and enhance threat detection, while malicious actors—including nation-states—are leveraging generative AI to craft sophisticated attacks. This results in an “AI vs. AI” cybersecurity landscape that demands faster, smarter defenses from already overstretched teams.
The human element remains the weakest link
Despite advanced tools, basic cyber hygiene lapses persist. According to Wipro’s report, 44% of breaches are now attributed to internal negligence, and phishing remains the top threat vector. Employees are increasingly falling victim to AI-powered social engineering campaigns, highlighting that technology alone can’t offset the risks of human error without robust training and awareness.
AI governance and responsibility are still immature
Most organizations acknowledge that AI deployment should be a shared responsibility, yet only 13% have a dedicated AI security team. This lack of ownership leads to fragmented risk management and echoes past patterns of shadow IT, where new tools are adopted without oversight. Enterprises need clear governance models to track, secure, and guide AI usage across departments.
Security budgets lag behind AI threats
Organizations are expected to defend against increasingly complex attacks with minimal increases in budget—often allocating only 10% of IT spend to cybersecurity. Rizman advocates for reinvesting cost savings from AI-driven automation into strengthening security postures, upskilling teams, and integrating legacy systems to meet modern threats head-on.
Key Quotes: “there’s still a lot of work to do embedding security into AI practices”
On the growing cost and complexity of securing enterprise AI:
“When we look at the trends from our security operation centers… three out of four of the things we’re focusing on are increased automation, use of AI, and evaluating AI threats as part of the SOC. But if you think about trying to do this with legacy technology, enterprise policies, and limited budgets, it’s a massive challenge. One of the biggest things we’re seeing… is the increased cost of managing AI at the enterprise level, while malicious actors operate nimbly and cheaply from a basement.”
On the persistent risk of human error:
“Phishing continues to be the number one threat. And what’s worse is that attackers are now using generative AI to make campaigns more convincing. Even smart people are falling for these, and internal simulations show colleagues getting tricked regularly. Between phishing and general cyber hygiene lapses—like shared passwords and sticky notes—we’re seeing that two of the top three threats are still people-related.”
On the lack of ownership and governance around enterprise AI:
“70% of companies believe AI implementation is a shared responsibility, but only 13% have a dedicated AI security team. What you end up with is departments—from HR to sales ops—using AI tools without centralized oversight. It’s reminiscent of the shadow IT problem. We’re seeing some clients stand up AI control towers, but overall, there’s still a lot of work to do embedding security into AI practices across the enterprise.”
