Key takeaways
Security strategies in 2026 must pivot from absolute perimeter prevention to guaranteed breach survivability as network borders dissolve.
Agentic AI has created new and larger vulnerabilities, allowing attackers who slip past external firewalls to move laterally without internal barriers.
AI-powered microsegmentation automates dependency mapping and behavior discovery to isolate ransomware threats at machine speed.
Isolating highly sensitive AI training clusters from public-facing inference environments protects core corporate datasets from corruption.
Integrating agentless Zero Trust controls directly into next-generation hardware infrastructure simplifies the entire security stack.
While many security leaders are accustomed to difficult conversations with the board, those talks have taken a different turn lately. No longer do security leaders have to answer, “What are you doing to prevent a data breach?” but rather, “What are you going to do when one happens?”
The rapid explosion of agentic AI and the threat of new frontier large language models (LLMs) has made the traditional network perimeter vulnerable in ways today’s security teams are just beginning to understand. Board members now want to understand risk acceptance, mitigation strategies, and damage control. Not all CISOs are prepared.
According to the 2026 CISO–Board Engagement Report, a joint study by IANS Research, Artico Search, and The CAP Group, more than half the board directors feel their CISOs are not adequately preparing them to understand how fast-moving threats, especially AI-driven ones, could shift the organization’s risk trajectory. Boards that aren’t hearing about these dynamics from their CISOs are making oversight decisions with incomplete information.
For other organizations, board-level communications are still informal and not necessarily aligned with strategy. In European financial services organizations, cybersecurity for clients (59%) and internal cybersecurity (57%) are the primary drivers of risk management investment, according to IDC. But only 43% of CISOs in large U.K. enterprises report having monthly board engagement, while 48% engage only on an ad-hoc basis.
In a recent episode of the ISMG podcast, Mani Sundaram, Executive Vice President and General Manager of the Akamai Security Technology Group, explained the reasons behind this disconnect to Tom Field, Senior Vice President of Editorial at ISMG. This blog post recaps Mani's key insights and outlines his strategic advice for alignment.
The fatal flaw of traditional network defense
For years, organizations relied on complex VLANs and static firewall rules to isolate corporate assets. As Akamai's former Chief Information Officer, Mani knows the operational complexities of this legacy approach firsthand. Security teams frequently punched holes in firewalls to accommodate new applications but forgot to remove the rules when those applications were decommissioned.
Traditional microsegmentation projects promised an answer but often stalled because of the intense and complex coordination required across multiple siloed teams. Today, AI-powered ransomware can move across networks at machine speed.
The first fully autonomous AI ransomware campaign has already been documented. At a time when AI agents can breach a network, move laterally, and execute an attack without human intervention, today’s security teams can no longer rely on human operators to manually configure rule-based tools before a crisis occurs.
Fighting machine-speed threats with AI automation
To stop automated threats, defenders must counter machine speed with their own machine intelligence. True resilience requires AI-powered segmentation capabilities that understand how applications communicate in real time. Instead of relying on static human inputs, AI automatically discovers application behaviors, maps dependencies, and generates security policies.
This automated approach creates concentric circles of internal defense. When an inevitable breach occurs, microsegmentation isolates the blast radius immediately. This internal barrier allows legitimate business activity to continue while stopping malicious lateral movement in its tracks.
With microsegmentation, CIOs and CISOs can now comfortably answer the question of what they’re going to do when a breach happens.
Securing the AI factory vulnerability problem
Additionally, the enterprise’s attack surface is expanding rapidly thanks to shadow AI tools and commercial browsers. Employees regularly put sensitive financial data, personal identifiable information, and proprietary source code into external chatbots to streamline daily work. Security teams simply cannot protect what they cannot see.
By implementing modern browser security solutions like Akamai Workforce Protector (formerly LayerX), security leaders gain critical visibility straight to the point of use. Operating as a lightweight browser plug-in, the solution identifies usage patterns and stops data exfiltration. This deployment model avoids the application-breaking headaches of traditional decryption proxies.
Furthermore, organizations must apply these exact segmentation principles to their core AI infrastructure. This means strictly separating data-heavy training environments from user-facing inference environments. Isolating these platforms ensures that an inference-level API breach can never compromise underlying model weights or raw datasets.
Embedding security into the compute layer
Discovering software vulnerabilities is no longer an operational bottleneck for enterprise security teams. Generative models can now identify software weaknesses much faster than human teams can patch them. Therefore, modern enterprises must shift away from endless patching cycles and focus heavily on automated runtime protection.
To streamline this defense architecture, Akamai recently announced a major technology collaboration with NVIDIA. The partnership embeds Zero Trust microsegmentation directly into next-generation AI factories.
By leveraging NVIDIA BlueField DPUs and the DOCA software framework, organizations can define segmentation rules in an entirely agentless way. This ensures that critical security controls do not steal valuable compute power away from intensive AI training workloads. The security architecture of tomorrow must be unified, automated, and deeply embedded to survive.
Addressing the new boardroom directive
As corporate boardrooms abandon the illusion of absolute perimeter defense, CISOs must be armed with a different set of solutions. Organizations must be prepared to use automated microsegmentation, agentless Zero Trust controls, and a new approach to AI factories to isolate blast radiuses before a breach can cripple operations.
Learn more
Listen to the full podcast to hear Mani describe how modern security leaders are rewriting their playbooks to build true operational resilience.
(Note: This podcast was recorded prior to the close of Akamai’s acquisition of LayerX.)
Tags