India, June 18 -- For years, enterprise cybersecurity was built around a familiar assumption: the threat was outside the organisation, and the objective was to prevent it from getting in.

Artificial intelligence is making that distinction harder to maintain.

A security incident may now begin when an employee places confidential information into an unapproved generative AI tool. It could emerge when an AI assistant is connected to sensitive enterprise data without adequate controls. It may also arise when an autonomous agent receives broader permissions than it needs and takes an action nobody anticipated.

None of these systems needs to be malicious. The risk appears when AI adoption moves faster than the organisation's ability to gover...