Webinar Recap: Securing the Cloud at Scale in an AI-Driven World
Securing the cloud at scale now depends on identity control, data visibility and structured AI governance. As AI adoption accelerates and cloud estates expand, risk is shifting away from infrastructure and toward credentials, data exposure and operational velocity.
In our recent Montash webinar, Securing the Cloud at Scale in an AI-Driven World, Jesse Dampare moderated a discussion with Roberto Roldán (Security Applications Leader, Copado) and James Allman-Talbot (Cyber Security Leader & Threat Intelligence Specialist) on how AI acceleration and identity risk are changing cloud security operating models.
Below are the key themes that stood out for CISOs and cloud security leaders.
How AI is changing cloud security workflows
AI is increasing speed across both defence and attack. On the threat side, attackers are beginning to use agentic AI to execute defined objectives.
“We’re seeing agentic AI now that is becoming much, much more prevalent. A threat actor instructs the AI and says, ‘These are the targets. This is what I want to achieve. Go and do it.’ And AI is actually driving it.”
James Allman-Talbot
These attacks are currently more common among sophisticated actors, but the barrier to entry is expected to continue dropping over the next 6–12 months.
At the same time, development teams are using AI to accelerate code production. That shift introduces pressure inside the security development lifecycle.
“AI is compressing the time to exploit… Engineers are producing more source code than they used to… and without the right tools in place in your security development lifecycle, you are at risk.”
Roberto Roldan
For cloud teams, this means review cycles, monitoring models and governance controls must keep pace with higher change velocity. Manual gatekeeping models alone are unlikely to be sufficient.
Why identity is now the cloud perimeter
As organisations move further into SaaS, hybrid and distributed architectures, traditional network boundaries matter less than access control.
“Identity has always been, and will increasingly become, the keys to the kingdom…That is your perimeter now.”
James Allman-Talbot
With privileged access now extending across cloud platforms and third-party services, compromised credentials can provide direct entry without infrastructure exploitation.
Phishing remains a primary entry method:
“Phishing is still the number one method by which attackers get access into systems.”
AI amplifies that risk by increasing the quality and scale of social engineering campaigns. James referenced a case where an employee transferred funds after receiving an AI-generated call that looked and sounded like the CFO; a reminder that identity compromise no longer requires technical exploitation.
For security leaders, identity governance, including multi-factor authentication, least privilege access and regular access reviews is now foundational..
Cloud expansion increases data exposure, not just infrastructure risk
While AI has not fundamentally altered infrastructure attack patterns, it has intensified data risk.
“The conversations with AI specifically tend to be more around data than infrastructure.”
James Allman-Talbot
The integration of AI tools into workflows introduces additional exposure points. Giving AI systems access to sensitive information without defined boundaries increases the risk of leakage or misuse.
This includes:
- Access to confidential internal documentation
- Prompt injection vulnerabilities
- Third-party AI vendor data handling
- Shadow AI usage by employees
Data governance was described as a difficult and often delayed programme in many organisations. Mapping ownership, classification and access controls takes time, but without it, AI adoption introduces uncertainty across cloud environments.
Before deploying AI systems, organisations must have clear data visibility. Identify:
- What data they hold
- Where it resides
- Who has access
- How it is classified
Security culture determines whether controls work
The discussion repeatedly returned to culture because training alone does not guarantee resilience.
“Training is a tick box exercise… Culture is what makes the difference.”
James Allman-Talbot
A culture of fear discourages incident reporting. An open security culture encourages early escalation and shared responsibility.
James shared an example of a breach discovered only because an employee reported unusual system behaviour, reinforcing that employees are often the first line of detection.
In an AI-enabled environment, culture also shapes tool usage. Employees should use only approved AI tools under corporate accounts and follow defined guidelines. Where appropriate, organisations may restrict or block unapproved platforms to reduce data leakage risk.
Security maturity is reflected in reporting behaviour, communication clarity and organisational alignment.
Compliance is a baseline, not protection
Compliance frameworks remain necessary. They establish minimum standards and governance discipline.
“You can be fully compliant, and still be breached.”
James Allman-Talbot
While audits provide a foundation, they don’t eliminate risk.
Attackers continue to exploit weak fundamentals including credential hygiene and basic access controls, even in compliant organisations.
Cloud security at scale therefore requires structured oversight beyond certification.
Leadership considerations for CISOs and security managers
Cloud security leadership now comes down to three things: how AI is used, who has access, and how risk is owned.
Security leaders must:
- Align AI initiatives with data governance
- Ensure identity remains tightly controlled
- Communicate risk clearly to executive teams
- Maintain operational discipline amid accelerated change
“AI is human-led… everything that AI is doing is based on the data that it has been fed by humans.”
The operating question is not AI versus humans. It’s how human oversight should evolve alongside AI capability.
Want the full insights?
Watch the full discussion below.
Are you navigating the evolving challenges of securing cloud environments at scale?
If you’d like to talk through your current cloud security hiring and team design plans, contact Jesse (jessed@montash.com) to get a second view on role definitions, strategic priorities, and building a sustainable cloud security talent pipeline that can keep pace with today’s dynamic threat landscape.
