This is an exclusive article series conducted by the Editor Team of The Mainstream with Mr. Ashok Kumar Tiwari, CISO, Vasai Vikas Sahakari Bank Ltd.| Certified C-CISO from EC-Council USA and CISA Certified from ISACA USA
As artificial intelligence reshapes the global digital landscape, industries especially banking are undergoing a seismic shift. AI is now embedded into core systems, risk engines, fraud detection platforms, and operational workflows. While this brings enormous advantages in efficiency and decision-making, it also introduces sophisticated and unpredictable cyber threats.
As AI transforms business models, banking operations, and cyber defense, we are also seeing a parallel rise in AI-driven cyberattacks -adaptive malware, deepfake fraud, automated social engineering, and autonomous intrusion attempts. In such a landscape, Zero Trust remains fundamental but it must evolve to secure both humans and machines. Below are my perspectives as a cybersecurity leader working at the intersection of AI adoption, digital banking, and trust assurance.
We now face an era where cyberattacks are-
- Autonomous
- Adaptive
- Self-evolving
- Capable of deception through deepfakes, voice spoofing, and automated persuasion
- Driven by AI-assisted discovery and exploitation
In such a climate, Zero Trust does not disappear- it evolves.
- Relevance of Zero Trust “In an era of AI-driven threats, is Zero Trust still sufficient, or does it need to evolve?”
Zero Trust remains the backbone of modern cybersecurity. However, traditional Zero Trust focused mainly on network and user authentication must grow beyond static controls.
This is Adaptive Zero Trust- a fluid model where- Trust decisions are real-time, behaviour-driven, and context-aware And Every entity, human or machine, must prove legitimacy repeatedly.
Zero Trust continues to be the foundation of secure digital transformation, but it now needs to become smarter and more dynamic. Today, trust must not only be earned it must be continuously calculated.
The principle of “never trust, always verify” must extend to :
- Human & machine identities
- AI models, data inputs & outputs
- Automated decision engines
- API driven service interactions
In the AI era, we must evolve towards Adaptive Zero Trust -Trust is not denied or granted once; it must be continuously validated based on behavior, context, and intent.
2. Integrating AI Safely “How can organizations responsibly incorporate AI into Zero Trust frameworks?”
Fundamental principle for CISOs must be-AI must operate within Zero Trust, never parallel to it.
CISO’s key rule for AI is simple No algorithm should have more trust than a human employee.
AI must be treated as a privileged workload, and its access must be governed by the same rigorous controls applied to a C-level executive. Responsible incorporation prioritizes the following pillars
| Priority | Focus Area in the AI-Driven Enterprise |
| Governance | AI model accountability (who is responsible for the output) and auditable decision trails (Explainable AI-XAI). |
| Identity | Strong authentication for bots, service accounts, and workloads. Implement a comprehensive Identity Fabric that encompasses all entities. |
| Data | Integrity checks, encryption, and lineage monitoring for training and inference data. Prevent data poisoning. |
| Access | Risk-based permissions and purpose-binding policies. An AI model gets access only to the data absolutely necessary for its defined business purpose, and for a limited time (Just-in-Time Access). |
| Explainability (XAI) | Models must be able to justify their actions and decision-making process, ensuring AI does not bypass security or access controls with blind, opaque logic. |
AI should be deployed to enhance analysis and response capabilities, not to bypass security or traditional access controls.
The CISO rule for AI – No algorithm should have more trust than a human employee.
3. Implementation Challenges “What are the key challenges CISOs face?”
The journey to Adaptive Zero Trust is challenging, particularly in established sectors like banking
| Challenge | Reality | Overcoming the Challenge |
| Legacy Systems | Not built for real-time authentication, continuous monitoring, and AI audit trails. | Phased Zero Trust Rollout-Align deployment to high-risk legacy components first, demonstrating clear business value and measurable risk reduction. |
| Talent & Skill Gaps | Expertise in AI security, adversarial testing, and Zero Trust architecture is scarce. | Workforce Upskilling- Invest heavily in training staff on AI security and identity governance. Foster an internal Purple Team approach (Red + Blue) for continuous learning. |
| Cultural Resistance | Security is still often seen as a compliance burden or blocker to innovation. | Clear Communication-Shift the narrative security is an enabler of innovation and competitive advantage. Reward secure, disciplined innovation, not shortcuts. |
| Tool Complexity | Multiple overlapping security platforms create complexity and gaps. | Consolidation & Integration-Favor fewer, interoperable security platforms that share telemetry and enforcement data to build a unified security ecosystem. |
Security maturity is a continuous journey-one step at a time, guided by business value and measured risk reduction.
Security maturity is a journey- one step at a time, guided by business value and measured risk reduction.
4. Security-First Culture “How do leaders foster a Zero Trust mindset with AI adoption?”
Security today is a shared business responsibility. Leaders must- Embed security thinking in every digital initiative, Train employees to identify AI-driven social engineering & data risks, Build cross-functional governance -IT, Risk, Compliance, Business and Reward secure innovation, not shortcuts
Zero Trust culture begins with one principle- Trust is earned through discipline, not assumed through position or system role.
Security today is a shared business responsibility. Zero Trust culture begins with one principle- Trust is earned through discipline, not assumed through position or system role.
Leaders must- Embed security thinking in every digital initiative, treating the entire product lifecycle (from AI development to deployment) as a security activity, Train employees to identify AI-driven social engineering (e.g., highly realistic deepfake calls from “executives”) and specific data risks (e.g., feeding sensitive internal data into public-facing), Build robust cross-functional governance involving IT, Risk, Compliance, and Business units to share ownership and decision-making and Reward secure innovation, not shortcuts, signaling that discipline and adherence to policy are key performance indicators.
5. Actionable Steps “What practical steps strengthen Zero Trust against AI threats?”
move from strategic awareness to tactical action, CISOs should immediately implement the following:
- Map & Classify AI Assets-Create an inventory of all AI models, training datasets, and APIs. Classify them by risk, sensitivity, and business criticality.
- Enable Continuous Identity Verification-Move beyond simple MFA. Implement behavioural monitoring to continuously verify that the user or machine remains the authenticated entity throughout the session.
- Implement Just-in-Time (JIT) Access-Restrict all privileged access (for human administrators and AI service accounts) using JIT principles to minimize the attack window.
- Deploy AI-Driven Anomaly Detection in the SOC-Fight AI with AI. Use machine learning within the Security Operations Center (SOC) to detect subtle, autonomic threat behaviors that human analysts might miss.
- Strengthen Data Controls-Mandate rigorous data labeling, encryption (especially for data used in model training), and continuous access logging.
- Conduct Adversarial AI Testing-Go beyond traditional penetration testing. Conduct simulations for model poisoning, evasion attacks, and deepfake/impersonation scenarios.
If we expect AI from adversaries, we must deploy ethical, disciplined AI for defense.
6. Future Outlook “How will Zero Trust evolve in response to AI-driven threats?”
Zero Trust is transforming from a static policy framework into Autonomic Cybersecurity. Tomorrow’s Zero Trust architecture will be- AI-enabled, risk-adaptive, behavior-driven, and friction-aware.
We will see the rise of:
- Self-Learning Trust Engines-Systems that continuously adjust security posture based on real-time risk calculations.
- AI SOC with Autonomous Threat Containment-Security systems that can independently detect, analyze, and contain threats at machine speed, far faster than human intervention allows.
- Identity Fabric-A unified identity layer for humans, bots, IoT, and edge devices.
As CISOs, our mission is not only to secure systems; it is to secure confidence, trust, and digital progress. Zero Trust in the AI world is not a challenge-it is our strategic advantage when executed with intent, discipline, and continuous learning.
Zero Trust will transform from static policy to autonomic cybersecurity- Self- learning trust engines, Continuous authentication using behaviour & biometrics, Identity fabric for humans+bots+IoT, AI SOC with autonomous threat containment and Quantum-resilient identity protection
Tomorrow’s Zero Trust will be- AI-enabled, risk-adaptive, behaviour-driven, and friction-aware.
Protecting trust at machine speed.
As CISOs, our mission is not only to secure systems; it is to secure confidence, trust, and digital progress. Zero Trust in the AI world is not a challenge-it is our strategic advantage when executed with intent, discipline, and continuous learning.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
