The AI Adoption Paradox Facing Security Leaders
Matt Radolec, Varonis VP of Incident Response, describes a fundamental tension facing CISOs in 2025: organizations are no longer debating whether to adopt AI but are mandating its use across the enterprise. From banking institutions optimizing form intake processes to healthcare providers using AI for clinical documentation, companies are realizing material benefits from AI deployment. However, security teams face a dangerous paradox — organizations are currently giving only about 3% of their knowledge to AI systems because moving too fast risks data exposure and compliance violations, while moving too slowly means falling behind competitors. This creates pressure on security to be an enabler rather than a prohibitor of business innovation.
Re-Prompt Attack and AI Assistant Vulnerabilities
Varonis ThreatLabs uncovered a critical vulnerability called "re-prompt" in Microsoft Copilot that demonstrates how AI assistants can become data exfiltration weapons. The attack exploited a gap in security guardrails — while the first prompt between a user and Copilot had protections, subsequent prompts did not. By sending a specially crafted message (similar to a long URL), attackers could assume control and make requests even after the user believed the conversation had ended, gaining access to the entire conversation history. Microsoft partnered with Varonis through responsible disclosure to address the issue. This research highlights the need for rigorous security testing of AI projects, models, and agents to ensure defensive tools don't become attack vectors themselves.
AI-Powered Defense and the Speed Imperative
Radolec emphasizes that security must evolve at the same pace as AI adoption, requiring defenders to deploy their own AI capabilities. Varonis has built an AI phishing sandbox that crawls millions of URLs hourly to detect threats that traditional methods miss — including conversational phishing where the malicious hook comes later in the exchange, newly registered domains, and attacks designed to extract information rather than credentials. This represents a fundamental shift from manual analysis where users reported suspicious emails to security analysts who sandboxed them individually. With AI agents now reading and responding to emails on behalf of users, the attack surface has expanded dramatically, making it essential to adopt a "robots versus robots" approach where AI-powered defense matches the speed and scale of AI-enabled threats.
