
Cloud Security
Looking for love, finding fraud: How AI makes matrimony scams harder to spot
In the search for a life partner, you can end up becoming a target for cybercriminals. Through this edition of The Safe Side, we examine how generative AI is making matrimonial scams harder to detect, the red flags to watch for, and what users can do to protect themselves.
ONLY AVAILABLE IN PAID PLANS
Continue Reading
Related stories from this briefing
Cloud Security · 7 min read
5 steps to secure your infrastructure in the frontier model era
The industry conversation around AI infrastructure has narrowed to a single dimension: scale. The focus is on GPUs, power, cooling and the massive physical footprint required to train and run AI agents and models. At the same time, organizations are adjusting to the speed and scale with which AI is identifying vulnerabilities — which is much faster than remediation can be started. However, almost no one is talking about the infrastructure layer that actually determines whether AI workloads remain secure, resilient and compliant. This is the layer that runs the world’s most sensitive, regulated, high‐value workloads. Thankfully, it already has the guardrails needed for an era where vulnerabilities are discovered faster than ever. But are they being set correctly? With more than one billion AI agents expected by 2029 , organizations need a plan for their infrastructure layer to withstand threats from new frontier models, maintain uptime and protect data sovereignty. As they scale AI deployments, enterprises must secure the infrastructure AI depends on. These five steps outline what organizations can do now to strengthen their infrastructure posture using proven, enterprise‐grade practices for current and future threats. Step 1: Build on infrastructure engineered for security and resilience Infrastructure must be secure by design, not secured after deployment. The systems that have historically supported the world’s most critical workloads — from global payments to national‐scale operations — were built with this principle at their core. If you’ve already invested in systems designed for mission-critical workloads, you’ve checked this first box. Enterprise‐grade systems have been engineered with multilayered security controls, pervasive encryption, confidential computing and hardware‐level protections that make exploitation dramatically harder. A frontier model in the hands of a bad actor can chain weaknesses faster than humans can patch them — unless the underlying infrastructure is built to absorb and deflect that pressure. When I meet with clients, I often tell them what our own security teams operate under: we assume vulnerabilities will continue to be discovered and we design for that reality. That mindset is what separates infrastructure that survives frontier‐model pressure from infrastructure that collapses under it. These systems continue to evolve with predictive failure analysis and accelerated recovery, allowing systems to continue operating even during investigation and remediation. Step 2: Treat uptime and resilience as a security requirement If your infrastructure fails, your workloads will too. These systems depend on uninterrupted access to data and compute, and even seconds of downtime can compound operational and security risk. Enterprise‐grade platforms deliver near‐continuous availability through redundant hardware paths and intelligent system recovery. The easiest fix? Ample resources and an up-to-date infrastructure foundation. Too often, a security problem is really an availability problem that turned into a security problem. When systems fall behind on maintenance, capacity or recovery readiness, they create the exact openings a frontier model can exploit. A delayed maintenance cycle or a recovery process that takes too long becomes the opening a frontier model can exploit. Resilience is not just about uptime. It is a security control. And this will not be the last time a frontier model tests the limits of that resilience. Data resilience is equally critical. Cyber‐resilient storage systems with immutable backups and rapid recovery capabilities ensure that critical data remains protected and available even after a cyber incident or disaster. Step 3: Operate for continuous discovery, not periodic defense The idea that you can prevent every vulnerability is outdated. The more realistic model is continuous discovery — finding, prioritizing and addressing issues faster than they can be exploited. Organizations must operate as if vulnerabilities will be found faster than ever. Instead of relying on static defenses, they should emphasize layered controls, rapid triage, continuous delivery of fixes and coordinated disclosure. Frontier models in the hands of bad actors can amplify security challenges by connecting vulnerabilities. They can chain misconfigurations, outdated components and privilege gaps into a viable attack route in minutes. And the more outdated or inconsistent an environment is, the easier that chaining becomes. Modern operational‐intelligence tooling helps them surface that risk, prioritize what matters and act before an attacker can exploit the gaps. These platforms help organizations understand where they are exposed, identify which maintenance issues carry the highest operational and security risk, and reduce the blind spots that frontier‐model attackers are increasingly adept at exploiting. It’s critical to assess how you manage your vulnerabilities. Internal processes should address severe vulnerabilities within hours, regardless of whether they are discovered by humans, traditional tooling or AI‐driven techniques. As AI accelerates vulnerability chaining, this posture maintains operational integrity and reduces exposure. Step 4: Use AI to defend AI Leading organizations are integrating AI‐driven threat detection directly into their infrastructure. On operating systems like z/OS, AI‐based analytics can identify anomalous and potentially malicious data access, reducing investigation time and limiting impact. Beyond detection, autonomous security models are emerging that continuously govern risk, investigate threats and enforce resilience across identities, data, applications, cloud and networks. Across the industry, we’re seeing the rise of autonomous security frameworks that use AI to assess posture, detect threats and harden controls without waiting for human intervention. Combined with modern AI‐accelerated processors, these capabilities allow threats to be analyzed and mitigated directly within the infrastructure itself. Step 5: Join a broader ecosystem fighting frontier model threats No organization can face frontier model threats alone. These risks require coordinated industry action. Frontier models give both good and bad actors the ability to analyze codebases, chain vulnerabilities and probe infrastructure at a scale that no single enterprise can counter on its own. Across the industry, coalitions are emerging to assess and remediate vulnerabilities discovered by frontier-class models and to help enterprises build AI resilience. Initiatives like Project Glasswing, Project QuiltWorks and the Frontier AI Alliance are examples of how providers, consultancies and security firms are beginning to coordinate their response to AI-accelerated threats. Organizations can also benefit from independent assessments that evaluate readiness for agentic-enabled threats and identify gaps across their infrastructure. These assessments help teams understand where they are exposed, how frontier models might chain those exposures together, and what actions will reduce the likelihood of a high-impact event. Participating in these programs is one of the most concrete steps enterprises can take today to strengthen their AI infrastructure posture. Your AI security depends on the infrastructure you choose AI is accelerating both innovation and risk. The organizations that succeed will be those that build on resilient, secure infrastructure, prioritize uptime as a security control, operate with continuous discovery, use AI to defend AI and participate in the global response to frontier‐model threats. In the end, your ability to scale AI safely comes down to the infrastructure you trust to run it. This article is published as part of the Foundry Expert Contributor Network. Want to join?
Top Story · 1 min read
How Serious is Kudankulam Data Leak?
UPSC Syllabus: Gs Paper 3- Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security Introduction The Kudankulam Nuclear Power Plant data leak has raised concerns over the cybersecurity of India’s critical infrastructure. Although NPCIL stated that the reactor and nuclear safety systems... Continue reading How Serious is Kudankulam Data Leak? The post How Serious is Kudankulam Data Leak? appeared first on Free UPSC IAS Preparation Syllabus and Materials For Aspirants .
Policy · 9 min read
The last human relationship in cybersecurity
We are inundated with promises that artificial intelligence will save us and that the next governance framework will protect us. Buy this platform, adopt that model and the hard part finally gets easier. After 15 years in this field, I have wanted that shortcut as much as anyone. But both promises are downstream of something neither one can produce. You cannot automate trust between two people. You cannot govern your way to a relationship. As AI moves into the core of how organizations operate, and accountability stops mapping cleanly to the org chart, what holds when the stakes are highest is not the platform or the policy. It is two human leaders who know each other well enough to carry the weight together. I think about this often now, a year after publishing a book about the pressures bearing down on security leaders, “ The CISO On The Razor’s Edge: Leading Cybersecurity When The System Is Designed To Break .” The partnership between the CIO and the CISO is the last human relationship in cybersecurity. AI raises the stakes. Governance sets the floor. The relationship is what holds. I saw it work once, up close. When I worked in Washington State, the CIO, Bill Kehoe , talked to his CISO, Ralph Johnson , every day. Weekends included. Not because a policy required it, but because the mission did. That partnership is a large part of why the role stayed sustainable for them when it broke so many others. The promise we keep believing Walk any conference floor and you will hear the same pitch in a hundred variations. The next AI layer will close the gap. The next framework will lock down the risk. The technology is usually ready. The organization is not. I have watched too many well-funded programs stall to still believe the tool is the answer, and almost every time, the breakdown traced back to leaders who were not aligned before the work began. A framework run by misaligned leaders inherits the misalignment. You can buy the best controls on the market and still watch them fail when two leaders work from different assumptions about who owns what. Bill and Ralph understood this. Security decisions were not handed to Ralph after the fact to bless or block. They were made with him, inside the technology decisions, because the two had already agreed on what mattered. That is not governance. That is leadership creating the conditions in which governance can work. It is the real lesson I came to in the book. Technical knowledge matters, but it is not enough. As I wrote then, “Influence, trust and internal relationships are non-negotiable.” Without influence, CISOs cannot lead. Without technical substance, they cannot prioritize what matters. And without partnership, especially with their CIO, “they’re operating without a safety net.” AI does not change that truth. It raises the cost of ignoring it. When decisions move at machine speed The ground under both roles is shifting. Work no longer flows through people alone. It moves across people, platforms, partners and agents at the same time, and it moves fast. Decisions that once waited for a meeting now form in seconds. The org chart, built for an era when humans did the work and reporting lines explained accountability, struggles to keep up. This is where the partnership stops being a nicety and becomes infrastructure. When decisions form at machine speed, the human escalation path has to be instant. There is no time to negotiate a relationship in the middle of an incident. Either the trust is already there, built in the quiet stretches before anything goes wrong, or it is not there when it counts. I asked Bill what he would lose if his daily calls with Ralph dropped to once a week. His answer cut straight to it. “Cyber does not rest,” he told me. “It is active and dynamic and requires 24/7/365 attention.” Drop to a weekly check-in, he explained, and “I am treating the CISO like any other executive position.” For Bill, AI only raises the stakes on that daily contact. “Relationships and partnerships between the CIO and CISO will never die due to AI,” he said. “I can’t even imagine a scenario where I don’t talk to my CISO on a daily basis including weekends to discuss the latest risks and vulnerabilities or news on potential AI attacks.” That is the point most of the market misses. A platform can flag the anomaly. It cannot decide what the organization is willing to risk, who carries that decision or how two leaders stand behind it together. The faster the machines move, the more the partnership has to already be in place. The loneliest seat in the building There is a reason some now call the CISO job the least desirable role in business. The seat carries enormous accountability and rarely the authority to match. As one security leader put it, the pressure has never been higher and the control has never felt lower . People are burning out and walking away from a role that has never mattered more. Here is the hard part. There is no log file for burnout. No alert fires when the weight finally exceeds the leader. That drain is invisible right up until it is not, and it raises organizational risk as surely as any unpatched system. The structural fixes the industry debates are all real and all slow. The fastest source of relief available to a CISO is not a framework. It is a CIO who treats the relationship as a daily partnership rather than a line on a chart. An isolated CISO is a vulnerability. A partnered one is an asset. You see what that partnership is worth in the worst moment. I asked Bill what it looks like when an incident hits and public trust is on the line. He did not reach for a tool. “I am accountable as CIO to everything that occurs in the state from a technology lens including cyber,” he said. When a severe incident hits, the call comes to him from agency leadership or the Governor’s Office. Then he follows the plan, but never alone: “I will be in constant contact with the CISO on the details of the incident.” That is the safety net made real. The CISO is not carrying the mission alone at the moment it matters most. On the razor’s edge, leadership keeps you upright. Partnership keeps you in the fight. The work no tool will do for you In my advisory work, I sit with C-suite leaders who share values and still cannot find alignment. The barrier is rarely disagreement. It is that they are not communicating clearly or often enough to build the trust that alignment requires. I have watched negotiations that could only happen by proxy, over email, because two capable leaders had stopped talking directly. I recently sat in an hour-long discussion where alignment and shared values were present the whole time. It did not become clear until the final fifteen minutes. That is what real alignment costs: patience, persistence and a stubborn commitment to clarity. If leaders cannot do that work themselves, no AI model or governance tool will do it for them. This is why I stand up an AI review board for the organizations I work with and host the leadership conversations that decide whether a company’s AI ambitions thrive or stall. The board itself matters less than what it provides: neutral ground, a regular cadence and an agenda that forces the hard issues into the open before a crisis forces them. If your organization has no venue like that, that absence is its own form of dysfunction. The cadence is what makes communication effective. Not easy. Effective. Build the bond on purpose You cannot framework your way to trust. But you can build it deliberately, and that is a leadership act, not a governance one. The partnership and stakeholdering skills that once looked like soft extras are now the core executive work. A few moves matter most: Set a standing contact rhythm with your counterpart before you need one, daily or near-daily, not quarterly Make decision rights and accountability explicit while it is calm, so no one improvises them mid-incident Translate security into business outcomes together, so the board hears one aligned voice Build the relationship as deliberately as you would build any critical control, because that is what it is. If you cannot connect the partnership to outcomes the business actually feels, you have a friendship, not a performance lever. A year after writing “The CISO On the Razor’s Edge,” I am even more convinced that strong leadership precedes effective governance and partnership precedes them both. This is the good news, not the hard news. The CIO and CISO who build real trust do not just reduce risk. They move faster than their competitors, because they spend no energy fighting each other. They earn the board’s confidence, because the board hears one clear voice. And they unlock the AI strategy everyone else is still struggling to govern, because they have already done the human work that makes governance hold. That is the upside waiting on the other side of this relationship. AI will keep advancing. Governance will keep maturing. But the organizations that win the next decade will be the ones where two leaders decided the partnership was worth building before they needed it. Bill and Ralph knew it every day, weekends included. The edge is there for anyone willing to do the same. This article is published as part of the Foundry Expert Contributor Network. Want to join?
