Why AI Has Outpaced Enterprise Security and What Changes Now

Addressing AI's impact on security with Ryan Young, Vandis CTO and Elie Winsbacher, Vandis CISO.

A year ago, almost nobody outside the AI research community was debating prompt injection at a boardroom level. Today, Vandis observes that AI risk and breaches sit on the agenda at most major organizations. The velocity of the shift is the story. 

Traditional security risks are understood. Organizations have runbooks for ransomware. Cyber insurance carriers know what to ask. CISOs know where the logs live. Twenty years of pattern recognition are baked into how enterprises operate. 

AI is different. The same model a marketing team uses to draft copy can be coerced into leaking training data, generating working exploit code, or exfiltrating credentials through a chat window. The dynamic behavior of systems already within the business has become the new attack surface. 

Much of Vandis’ current work is upstream to runtime AI security: helping clients build the data fabric that agents depend on. Runtime controls are critical once that foundation is in place; poor-quality data produces unreliable results regardless of how well the runtime is protected. Strategically, organizations need both reliable and clean data and runtime AI security. Vandis recommends F5 AI Guardrails for live inspection and Red Team for identifying vulnerabilities, to deliver a healthy audit trail for regulators.  

How fast is the AI threat landscape changing?

Elie Winsbacher, Vandis CISO and VP of Engineering, has worked at the firm for 23 years. His observation is that a year ago, hardly anyone was talking about this; now it is the hot topic. State-linked actors from China, Russia, Iran, and North Korea are actively using LLMs to evade detection, support reconnaissance, process stolen data, conduct social engineering, and develop exploits 1 using commercial AI at a pace traditional defenses cannot match.

Recognition levels vary enormously between organizations. Those with an allocated budget are often led by people who have experienced the incident. Many organizations have already been hit, as suggested by the fact that only 49% of breached organizations plan to increase security investment following a breach, down from 63% the prior year.2 The difference is those who have already taken meaningful action. The rest are still in the awareness phase. Cyber insurance carriers have begun adding exclusion clauses for AI misuse and liability.3 Auditors are extending SOC 2 scope to cover AI governance controls, Baker Tilly,4 and others have all published guidance for clients on what that looks like already. Regulation in the EU is already impacting organizations, and updates to HIPAA for ePHI data are being drafted in the US. None of it is mature. All of it is moving.

Why is reactive security failing against AI threats?

Antivirus worked because attacks moved at human speed. Zero-day response worked because the window between disclosure and patch could be measured in days. Using AI, an adversary can now probe a system, observe its responses, and rewrite the exploit in minutes. Signature-based defenses simply cannot keep pace.

This is where F5’s posture stands out. Rather than waiting for attacks to appear in the wild, F5 Red Team develops AI- and agentic-adversarial techniques internally and builds defenses before those techniques reach real attackers. It’s comparable to how vaccine research operates rather than how traditional security products are built. That commitment is why F5 is the first technology Vandis brings to the table when an AI security conversation opens with a client.

Who owns AI security inside the enterprise?

Every enterprise now has application teams building AI features, security teams writing policy, and data teams managing pipelines. In most organizations, those groups do not share a language for AI risk. An application leader ships a RAG-enabled chatbot connected to five data stores, the security team learns about it at an audit review, and compliance hears about it when a regulator asks. The absence of clear ownership is itself a vulnerability.

Shadow AI compounds the problem. A financial-services client recently told Vandis it's the issue keeping them up at night: employees using public AI tools to draft documents containing confidential data, and teams enabling AI features in SaaS platforms without anyone assessing the downstream exposure. It mirrors the shadow IT wave of 2012 to 2016, but at higher velocity. Across Vandis engagements, the four most consistent findings are unapproved use of public AI with sensitive data, AI features enabled in SaaS without governance, AI activity unknown to IT and security, and acceptable-use policies that don't yet mention AI. Of the customers Vandis has engaged with, very few had AI-specific policy language in place.

How does Vandis approach AI security engagements?

Vandis’ customers recognize the value of engagement, which leads to long-term relationships. Typically, Vandis becomes an essential part of the organization, delivering continuous strategy advice rather than one-off engagements. This approach matters when the threat landscape changes week to week, and one-off answers constantly evolve. Vandis provides professional services: strategy, policy, assessment, and architecture. Managed services come later, once a client has chosen a direction and allocated resources to run it. The order matters. Running a control you do not understand is worse than not running it at all.

“Vandis has partnered with F5 since F5 launched its security-focused platform. F5 is bringing industry‑leading AI‑ready capabilities to the market, and our decades of experience implementing their platforms puts us in a strong position to guide customers through what comes next: helping customers define their AI strategy, understand where AI fits in their operations, and put the right guardrails and governance in place so they can safely take advantage of the efficiency gains AI offers without taking on technical debt they can’t support. The combination of our 40‑year heritage and our long‑standing partnership with F5 positions Vandis exceptionally well to help customers navigate this new era.”

Ryan Young, Vandis CTO

The question enterprises face now is not whether to take AI risk seriously. That is either decided deliberately or after an incident. Vandis provides strategic advice and understanding to help organizations better control and manage AI risk, enabling a deliberate, preemptive approach to risk mitigation and avoiding situations that become reactive and out of your control.

Frequently asked questions

What are the biggest AI security threats to enterprises today?

The most notable threats are prompt injection, model training data leakage, exploit code generation, and credential exfiltration via chat interfaces. State-linked actors from China, Russia, Iran, and North Korea are actively using commercial LLMs for reconnaissance, social engineering, and exploit development. Shadow AI (unsanctioned employee use of AI) compounds the exposure because the audit trail is usually incomplete, and traditional data-loss controls do not catch it.

What is shadow AI, and why is it a security risk?

Shadow AI is any use of AI within an organization that IT or security does not know about. It includes employees pasting sensitive data into public AI interfaces, fine-tuning private model variants without inventory, and business units procuring unvetted AI-enabled SaaS. It matters because exposure grows, dependencies are never reviewed, and post-incident, enterprises cannot produce a defensible audit trail.

How does F5's approach to AI security differ from traditional vendors?

F5 Red team develops AI and agentic adversarial techniques, then builds defenses into runtime controls made available to AI Guardrails, before those techniques reach real attackers. That inverts the industry's historical reactive model of signature updates after zero-day disclosure. It is closer to how vaccine research operates than to how traditional security products are built, which is why Vandis leads with F5 in AI security conversations with clients.

How are regulators responding to AI security risk?

Regulatory movement is happening. The EU AI Act is in force. In the US, a Notice of Proposed Rulemaking to update the HIPAA Security Rule was issued on 6 January 2025 and sits on the HHS agenda for finalization in May 2026, bringing ePHI used in AI training data and algorithms under HIPAA protection. Cyber insurance carriers are adding AI misuse exclusions, and SOC 2 auditors are extending scope to cover AI governance controls.