Monday Oct 13, 2025
Monday Oct 13, 2025
Monday, 13 October 2025 00:06 - - {{hitsCtrl.values.hits}}
From left: Secgra Cloud Security Innovator Director Paul Hidalgo, South Asian Technologies Chief Technical Strategy Officer Shabeer Shiyam, Sri Lanka CERT Chief Information Security Officer Nirosha Ananda, FinCSIRT Sri Lanka Information Security Manager Kanishka Ratnayake and Moderator Dialog Axiata Data Protection and Compliance Regulatory Head Shenuka Jayalath
By Hiyal Biyagamage
The third session of the 11th Annual Daily FT–CICRA Cyber Security Summit 2025 delved into one of the most pressing challenges in modern enterprise defence, which is the battle between artificial intelligence and cyber adversaries. Delivering a thought-provoking keynote titled “AI vs. Hackers: The Next Frontier in Threat Detection,” Secgra Cloud Security Innovator and Director Paul Hidalgo urged organisations to rethink how they manage risk, cost, and visibility in an age where inefficiency itself has become a cybersecurity threat.
Delivering the keynote address, he offered a sharp, data-driven perspective on the economics of cybersecurity inefficiency. “The greatest vulnerability in most companies today isn’t malicious intent. It’s mismanaged resources,” Hidalgo said, noting that the average enterprise wastes $ 18 million annually on unused SaaS applications.
The economics of insecurity
Hidalgo revealed that half of all SaaS licenses go unused, while 94% of organisations exceed their cloud budgets. “Every dollar burned on inefficiency is a dollar stolen from your security posture,” he warned. He described this as a “vicious cycle”: wasted technology spend leads to bloated digital footprints, which in turn create new vulnerabilities and dilute security budgets.
“We’re defending against infinite threats with finite budgets,” he noted. “The challenge is not the lack of money, but the lack of visibility.”
According to Hidalgo, the average organisation today uses 269 different SaaS applications, 82% of which are procured directly by employees or departments. This shadow IT sprawl has expanded the corporate attack surface far beyond what traditional IT governance can control. Former employees often retain access to sensitive systems, with 63% of businesses suspecting that ex-staff still have credentials, and 20% reporting breaches from those accounts. “Your offboarding gap is your biggest backdoor,” Hidalgo cautioned. “When people leave, their digital ghosts stay behind.”
Hidalgo also outlined three core challenges: visibility, misconfiguration, and lingering access, and positioned AI as the key to resolving them. He explained that AI can process massive volumes of telemetry to create unified visibility across an enterprise’s assets, automate configuration audits to detect weak security controls, and identify dormant credentials or misaligned permissions that expose organisations to insider risk.
Hidalgo opined, “The future of AI in cybersecurity isn’t just about speed. It’s about turning raw data into actionable intelligence, resulting in more clarity.”
FinOps + SecOps is a new paradigm
Perhaps the most provocative part of Hidalgo’s address was his call to merge financial operations (FinOps) and security operations (SecOps) into a unified model. He proposed that CISOs adopt the mindset of business partners rather than cost centres, using AI analytics to uncover budget inefficiencies and reinvest the savings into security programs.
Citing Secgra’s experience, Hidalgo shared an example where an enterprise uncovered $2 million in tech waste, reinvested 25% of those savings to fund its Zero Trust initiative, and returned the remaining $ 1.5 million to the business. “When you link cost, risk, and performance, you transform cybersecurity from a reactive expense into a self-funding value driver,” he said.
He concluded with what he called the ‘virtuous cycle’, a continuous improvement loop driven by AI-enabled visibility, fiscal discipline, and measurable return on investment. By aligning FinOps and SecOps under a single intelligence layer, he said, organisations can reclaim budgets, shrink their attack surfaces, and prove ROI while improving resilience. “AI vs. hackers is a race between those who can see clearly and those who can’t. By any means, it is not a battle between humans and machines. The winners will be the ones who turn visibility into value,” Hidalgo continued.
The dual-edged nature of AI
Delivering the guest address during the third session of the Daily FT–CICRA Cyber Security Summit 2025, South Asian Technologies Ltd. Chief Technical Strategy Officer Shabeer Shiyam issued a stark warning that the world is entering an AI-powered cyber arms race, where both attackers and defenders are evolving faster than ever before. His session, titled “Battling the AI Arms Race,” explored how generative AI, neural networks, and autonomous systems are redefining the dynamics of cybersecurity.
Shiyam explained that AI has become both a weapon and a shield. While it enables defenders to predict, detect, and respond to threats at unprecedented speed, it also empowers hackers with automation, scale, and precision. “AI is now writing its own malware, crafting personalised phishing emails, and running millions of attack simulations without human intervention,” he warned.
He highlighted alarming global statistics; 97% of IT leaders now rank securing AI systems as a top priority, while 77% have already identified breaches in their AI infrastructure this year. At the same time, 96% believe AI will be critical to their future cybersecurity strategy, primarily to increase detection speed (74%), predict attacks (67%), and reduce human error (53%)
Shiyam showcased vivid examples of how attackers are weaponising AI. “We’re now seeing malware that rewrites itself in real-time to evade antivirus scans, phishing bots that mimic human tone using social data, and autonomous botnets that attack like swarms. These “shape-shifting” threats can mutate, learn, and adapt faster than conventional defences,” he said.
He also introduced the concept of “Predictive Shadows”, which are AI systems that run millions of attack simulations to anticipate vulnerabilities before they are exploited. This, he noted, mirrors the rise of AI-driven defenders capable of sandboxing threats instantly, classifying leaks in real-time, and tracing exfiltrated data back to its source.
Game Theory in cybersecurity
Drawing parallels to game theory, Shiyam urged organisations to adopt the “minimax principle”, the strategy of minimising maximum loss. “Assume hackers play optimally to maximise your damage,” he said. “Design your defences for the worst-case scenario, not the average one.” He compared effective cyber defence to chess, where sacrificing minor pieces, through layered protection, segmentation, and prioritised investment, can prevent catastrophic losses.
Shiyam concluded that the AI arms race cannot be won through technology alone. The foundation of cybersecurity, he reminded the audience, remains people, process, and technology working in harmony. “AI can predict, but humans must decide. Machines can react, but only humans can reason. Our greatest advantage is not faster algorithms; it’s smarter collaboration,” he said.
He closed with a call for ethical AI adoption, urging businesses to align AI development with governance models such as MITRE ATLAS and MITRE ATT&CK to ensure accountability and transparency. “In this arms race, victory belongs to those who learn faster, act smarter, and never stop adapting.”
Strengthening national readiness
A panel discussion moderated by Dialog Axiata Head of Contracts and Regulatory – Group Legal and Regulatory Shenuka Jayalath, featuring Sri Lanka CERT Chief Information Security Officer Nirosh Ananda and FinCSIRT Manager of Information Security Kanishka Ratnayake, focused on Sri Lanka’s collective readiness to combat AI-driven cyber threats and the growing need for cross-sector coordination, legal clarity, and institutional resilience.
Shenuka Jayalath framed the conversation around the intersection of technology, regulation, and governance. She noted that as AI becomes embedded in business operations, cybersecurity accountability is increasingly becoming a boardroom and compliance issue. “AI doesn’t just change how attacks happen; it changes who is responsible when they do,” she remarked, highlighting the urgency for policy frameworks that balance innovation with regulatory protection.
Nirosh Ananda provided a national perspective, emphasising the critical role of CERT in developing AI-aware incident response capabilities. He pointed out that Sri Lanka has already seen early signs of AI-enhanced phishing and data manipulation attacks, calling for shared intelligence systems and automated early-warning networks. “The threat landscape is changing faster than traditional defences can adapt. Our response must be equally intelligent, automated, and predictive,” he cautioned.
Adding an industry coordination perspective, Kanishka Ratnayake outlined FinCSIRT’s initiatives to protect the financial sector from emerging AI-enabled fraud and deepfake scams. He explained how financial institutions are collaborating through real-time threat feeds and simulation exercises to test resilience under AI-assisted attack conditions.
Strategic partners of the 11th annual cyber-security summit were Visa and Sysco LABS, Platinum partner was South Asia Technologies, Community Impact Partner was Meta, Payment network partner was LankaPay. Other partners included platform partner #HashX, podcast partner Techtalk, hospitality partner Cinnamon Grand, Colombo, Creative partner Mullenlowe Sri Lanka and electronic media partner Yes101, TV1 and News1st.
Pix by Upul Abayasekara and Ruwan Walpola
