As AI becomes more embedded in security operations, software development and identity environments, CISOs are having to separate practical value from assumptions that are moving faster than many security teams can validate. At InfoSec Europe 2026, Cyber Security Tribe asked industry leaders which AI myths security teams can no longer afford to believe.
Which Assumptions Are Beginning to Create Problems?
Artificial intelligence is now part of the everyday cybersecurity conversation, but the discussion is not always helped by the way AI is presented to security leaders. For CISOs and heads of cybersecurity, the more useful question is not whether AI is important, but which assumptions about it are beginning to create operational, governance or risk management problems.
So as a result, to get answers for our community, we asked a group of thought leaders and industry experts a straightforward question: what is the AI myth that CISOs can no longer afford to believe? Their responses point to a more grounded reality compared to some of the market hype: AI is changing the speed, scale and shape of cyber risk, but it is also exposing long-standing weaknesses around visibility, identity, software development, data governance and control assurance.
AI is not a single technology problem to be solved by buying another tool, nor is it a reason to abandon the fundamentals of cyber resilience. As the UK National Cyber Security Centre notes in its guidance on AI and cyber security, AI systems need to be developed, deployed and operated securely, with AI-specific risks considered alongside standard cybersecurity threats. For CISOs, that means challenging the myths before they become embedded in strategy, procurement and board-level expectations.
This builds on a wider theme we have explored recently at Cyber Security Tribe. In AI Is Reducing the Margin for Error in Cybersecurity Controls, we looked at how AI is compressing the time available for defenders to respond and making incomplete security coverage harder to tolerate. In What Security Leaders Are Really Worried About in the Age of AI Agents, the focus was on the governance, visibility and data access challenges created as AI agents begin to operate across enterprise environments.
| Jon Abbott, CEO and Co-founder, ThreatAware |
Alex Weinert, Chief Product Officer, Semperis |
| Rob Demain, CEO, e2e-assure |
Merlin Gillespie, Director, Cybanetix: |
| Azi Cohen, Co-Founder and CEO, Mend.io |
Andy Hornegold, Chief Security Technologist, Intruder |
| Yossi Altevet, CTO and Co-founder, DeepKeep |
Dan Deeney, Head of Strategy and Innovation at CyberProof |
Jon Abbott, CEO and Co-founder, ThreatAware
Myth 1: AI-era threats require you to reinvent your security strategy
“There's a growing perception that AI-powered threats demand a completely new approach to security. But the core measures organisations need haven't fundamentally changed — the AI era simply makes getting them right more urgent, not different.
However, the reality is that the core security measures organisations need in place have not fundamentally changed. There’s no doubt that AI is upending long held assumptions about what’s possible: it’s forcing organisations to think in terms of minutes rather than hours when responding to threats.
The cat and mouse game between attackers and defenders is getting faster, but attackers won’t need Mythos-level capabilities if the front door is already open. If organisations fail on the basics, the difference between minutes and hours in exploit-to-attack timeframes becomes largely irrelevant.
The AI era makes it even more important to have these core security measures in place. But many organisations are still failing at these. In practical terms, this means robust and rigorously enforced patch management processes, MFA enabled across the estate, and complete visibility into activity across the IT environment.”
Myth 2: Shadow AI security risks are a user problem
“AI is an incredible tool when it comes to productivity, but there’s a huge amount of use of tools that isn’t sanctioned by IT departments. However, we also need to debunk the myth that employees are somehow the problem when it comes to Shadow AI.
This isn’t necessarily a ‘user’ issue; it’s about enabling productivity and giving workers access to the tools they need without having to work around security policies. Teams deserve access to enterprise grade AI software, and this needs to be balanced with the infrastructure that protects your data.”
Rob Demain, CEO, e2e-assure:
"The most dangerous AI myth in cyber security is the idea that a single model can autonomously defend an organisation. Any CISO buying that narrative is building their security posture on a foundation that hallucinates.
Large language models are powerful, but they are probabilistic. They get things wrong. In a SOC environment, a wrong answer could result in a missed breach or a fabricated threat that burns analyst hours and erodes board confidence. The organisations seeing real value from AI are the ones treating it as an accelerant for skilled analysts, not a replacement for them.
The second myth worth retiring is that AI-driven security demands a trade-off on data control. It does not. Sovereign hosting, local processing, and proper sanitisation layers exist today. Any vendor suggesting otherwise is either behind or hoping you do not ask.
CISOs should be asking three questions of every AI security claim they hear: How many models validate each output? What happens when one gets it wrong? and where does my data actually go? If the answers are vague, the capability probably is too.
The future of security operations is not AI or analysts. It is AI making analysts faster, sharper, and harder to fool."
Azi Cohen, Co-Founder and CEO, Mend.io
"One AI myth CISOs can no longer afford to believe is that deploying more AI tools will solve their security problems.
AI has genuinely changed the threat landscape, not just the speed and scale of familiar vulnerabilities, but the attack surface itself. Organizations now manage risk across code, third-party dependencies, AI models, prompts, agents, and the runtime interactions between them.
But the core security challenges haven't changed: knowing what exists in your environment, identifying vulnerabilities, prioritizing risk, and remediating issues before they can be exploited. AI hasn't replaced those fundamentals. It has made failures in those areas far more expensive.
Too many organizations are chasing new tools when the harder problem is operationalizing security across an AI-driven development environment: continuous visibility, prioritization, developer-native remediation, and automation at enterprise scale.
The winners won't be the organizations with the most AI security tools. They'll be the ones that embed security discipline into an increasingly autonomous development lifecycle and execute it consistently at scale."
Yossi Altevet, CTO and Co-founder, DeepKeep
One myth doesn't capture the problem. AI security failures rarely trace back to a single misconception – they stack.
The first is that a well-aligned model means the application itself is safe. Model alignment addresses how a model behaves in isolation, not inside a live system. Prompts, tools, memory, data access, retrieval workflows, and agent permissions can each introduce risks the model was never designed to control.
Another common misconception is that passing thousands of red-team prompts proves security. Prompt-based testing captures a single moment, but AI behavior is probabilistic and shifts with user inputs, retrieved content, tool calls, model updates, and business logic. Real security requires continuous testing and runtime enforcement.
Many teams also assume that traditional cybersecurity frameworks are sufficient, but AI introduces threat categories that fall outside traditional design: indirect prompt injection, tool misuse, excessive agency, and open-ended interaction paths. Deterministic security models cannot fully cover systems whose behavior changes with every conversation.
Finally, most organizations focus exclusively on text prompts and leave the rest of the attack surface exposed. Attackers do not limit themselves to text. Malicious instructions can enter through images, documents, audio, video, and embedded files. Every modality an AI application accepts expands the risk.
Alex Weinert, Chief Product Officer, Semperis
Myth: AI agents are still isolated productivity tools with limited access to sensitive data.
Truth: “AI is increasingly being used on employee machines where it can access credentials and sensitive data. Research from Semperis' State of Identity Security in the AI Era report surveying 1,100 organisations across the U.S., U.K., France, Germany, Italy, Spain, Australia and Singapore, found that 92% have some percent of their workforce with AI installed on local machines where it can access SSH and encryption keys.
“The risk is that AI is being placed too close to sensitive identity infrastructure with little preparation for the potential consequences. More than a quarter of surveyed organisations (29%) already use AI agents to manage security‑related help desk tickets including password resets and VPN access. A hijacked or rogue agent performing password resets and managing VPN access is the stuff of CISO nightmares.
“On the plus side, 83% of respondents indicated that AI identity governance is a priority for them in the coming months. It's vital that organisations treat agents explicitly as Non-Human Identities (NHIs) in the identity fabric and not as a vague extension of human users or generic apps. If you cannot clearly register it, scope it, monitor it, and decommission it, you should not connect it to the environment.”
Merlin Gillespie, Director, Cybanetix:
"The myth that CISOs can no longer afford to believe is that software development can continue to exist with the same loose governance it has historically enjoyed. Developers have traditionally been given a long leash. Partly because what they do is complex, and partly because their output is often directly monetised. That trade-off has not always been perfect, but the output of developers has been bound to an individual human radius. AI has unbound that radius and developer outputs have been multiplied between 2x and10x. In some cases, even more.
"The means by which it’s being achieved is both revolutionary and terrifying, without stringent guardrails. Agentic code development means that developers are running loops where the AI agent plans the work, writes the code, runs the tests, deploys and queries production data. Left to its own devices, it may even iterate without a human checkpoint between each step. Every session has the ability to touch code, credentials and customer data and third-party services. It’s hitting every category of AI risk continuously.
"Most CISOs are worried about PII data and intellectual property being pasted into ChatGPT, or a chatbot designed to provide quotes being granted too permissive a corpus. Both problems are real but they’re candles next to a potential inferno sitting in the development lifecycle."
Andy Hornegold, Chief Security Technologist, Intruder
“There’s a lot of talk about AI-driven approaches to security and handing everything off to an AI. But this conversation is missing a layer on how to combine existing deterministic approaches with AI.
The truth is, you can't use an AI-only approach and expect to stay cost-effective. Rather than making an AI tool repeatedly do the same tasks, instead, have it do this task once and produce a heuristic, rule, or code block, so that it doesn't need to do it a second time. Otherwise, you will continue to burn tokens for repeat tasks.
AI costs are increasing and AI models are non-deterministic. They will find something one day, and completely miss it the next, which can also happen when the underlying models are upgraded, adding even more uncertainty. For example, opus 4.8 seems to be failing to complete tasks that 4.6 was perfectly capable of doing.
It's more cost-effective to use a deterministic or heuristic approach as an initial low-cost filter, then using AI to analyse the remainder and create deterministic rules or heuristics that you can add to your filter. That way you only burn tokens for things that are new or novel.
An example of this in the offensive security space is in how we detect vulnerabilities in systems. We don’t need an AI hammer system looking for the same vulnerabilities again and again. Instead, we let the AI loose once, then have the AI create a template that we can run deterministically (without an AI) to detect if the vulnerability is there. That way we burn tokens once, and then we're running standard compute the second, third, and Nth time.”
Dan Deeney, Head of Strategy and Innovation at CyberProof
We are entering the “AI-driven era” of cybersecurity. CISOs need to think about a new strategy: embrace AI in everyday workflows and implement the right tools to protect against Mythos-driven attacks. It is a fundamental shift in the cybersecurity industry that, if not adopted, can put an organization at significant risk of these sophisticated threats. This requires a shift in mindset, metrics and architecture—from prevention‑centric security to resilience‑centric security.
As security leaders are learning to adopt AI tooling, here are some common misconceptions that they can no longer afford to believe:
- Keeping your data in a private network makes your agentic AI secure
- Deleting sensitive data from an AI training set removes it from the LLM
- AI frameworks will be safe if you prevent write access to databases
- LLM providers have AI guardrails to prevent prompt injection
