Your SaaS security isn’t broken; it just was never secure to begin with. People assume that having a SOC 2 certification means you’re safe. But SOC 2 is just the basics. If everyone’s doing it, nobody’s doing it.
AI is outpacing our ability to keep up with it in every sense: governance, job displacement, privacy, and security. Many companies—and the customers who depend on them—believe they are safe simply because they use well-known, trusted security brands. But cybersecurity experts are blowing their whistles, warning that this is far from the truth.
We spoke with Mani Masood, CISO and Applied AI Leader at a publicly-traded company in the healthcare space, to discuss the greatest threats to cybersecurity today and how businesses can prepare in the near term.
Beyond SOC 2: Masood begins by addressing a common misconception about security certifications. "Your SaaS security isn’t broken; it just was never secure to begin with. People assume that having a SOC 2 certification means you’re safe. But SOC 2 is just the basics. If everyone’s doing it, nobody’s doing it."
Even Microsoft isn’t immune: Masood acknowledges that even well-established companies with a reputation for strong security aren’t immune to risk. "Take Microsoft, for example. They’ve got security down to a science. But even they struggle with vulnerabilities in their code. It’s not just about having a penetration test or SOC 2 certification—it’s about the maturity of the organization and how well they handle vulnerabilities when they arise."
Whatever we put in place, the other side will eventually catch up. The biggest challenge is trying to predict the future risks AI will bring to cybersecurity. Right now, we’re only starting to understand the scope of the threat.
Exploitation gets easier: While security practices have advanced, Masood is concerned that AI’s rapid evolution is creating new risks. "The bar is getting lower," he says. AI tools, which were once reserved for skilled cybersecurity professionals, are now available to anyone. "Before, only highly skilled hackers could exploit vulnerabilities by linking together things like SMB1 and TLS 1.0. But now, AI makes it possible for people with little technical knowledge to exploit these weaknesses."
Bypassing controls: Though developers promise to limit the creation of harmful payloads using AI, Masood is skeptical. "From what I’ve tested, it’s easy to bypass these controls. The tools are getting more accessible, and the skills needed to use them are becoming less specialized. That’s a real concern."
AI's unpredictable impact: Masood fears that the pace of technological advancement will outstrip any countermeasures. "Whatever we put in place, the other side will eventually catch up. The biggest challenge is trying to predict the future risks AI will bring to cybersecurity. Right now, we’re only starting to understand the scope of the threat."
