A False Sense of Security: Have Faith in AI-based Cybersecurity?

Ajay Seth, Cybersecurity Consultant — P J Networks Pvt Ltd

I’ve just returned from DefCon, still on a high from the Hardware Hacking Village — quite frankly, not many things turn me on more than ripping open some device, unplugging the components from the PCB and poring over it to see just how poorly it is secured. It reminds me why I got into this business in the first place. Security isn’t a matter of rebranding an existing offering with the meaningless “AI-powered” stamp. It’s really about knowing the basics. The real threats. And here’s the thing — the vast majority of businesses still don’t understand.

Quick Take

  • Zero Trust is more than a buzzword. It’s required, and if you think your VPN alone has you insured, you’re in trouble.
  • Are those AI-driven security solutions? Overhyped, oversold and oftentimes underdelivering.
  • Your Achilles heel is legacy hardware. Do not take any chances and if you haven’t audited your routers and firewall devices, do it. Now.
  • The human factor makes the difference. Yes, phishing attacks continue to succeed — and succeed big.

I Started: 1993 to Now — Lessons from the Trenches

I got into this business long before cybersecurity was a real business. Back in ‘93, I was a network admin, spending my days configuring multiplexers, haggling on PSTN setups, and keeping mission-critical systems alive. Then came the SQL Slammer worm in 2003: one of those first moments when I realized just how quickly and indiscriminately cyber threats could be.

One moment, networks were all running smoothly. Next? Massive outages. Chaos. Companies freaking out because who knew a 376-byte payload could take down your whole infrastructure. The lesson learned: Attackers don’t require sophistication when administrators open the doors wide.

Now, two decades later, I operate my own cybersecurity firm — and I see organizations committing the same errors, just with more sophisticated technology.

You Can’t Rely Only on Your Firewall

Ctrl + Alt + Delete: Your Employees Will Click Bad Links

Security Software Can’t Fix Bad Internal Processes

The AI Lie: Stop Thinking Machines Are Wizards

Look, I get it. This sounds absolutely amazing: AI cybersecurity. Just plug it in, let it learn, and watch your threats evaporate, am I right? Wrong. Sure, machine learning can be used to identify patterns, but AI is only as good as the data it analyzes — and the attackers know how to get around it. I’ve watched banks with multi-million-dollar AI-powered threat detection fail basic penetration testing because they had put too much faith in algorithms and too little faith in basic security hygiene.

Here’s Why I’m Not Buying the AI Security Hype:

  • False positives/negatives. AI struggles with edge cases. Attackers exploit this.
  • It’s reactionary, not proactive. Artificial intelligence recognizes patterns, but enemies act more quickly than models acclimate.
  • “AI-powered” typically means “costly with negligible actual benefit.” Pure at least marketing fluff.

Want better security? Just focus on the basics before you start throwing cash towards AI-driven solutions.

Why Zero Trust Should No Longer Be Optional

In fact, last month I consulted for three banks that were updating their Zero Trust architecture. It’s ironic, considering that Zero Trust has been a buzzword for years, yet it is still being viewed as an optional extra and not as a founding security concept.

Here’s the Truth:

  • “There were logs of all the authenticated users who ‘went in’ and classified according to credential access, privilege escalation, lateral movement, or “exfiltration” in case passwords were ‘stolen’. Assume breach. Always.
  • By default, do not trust any device. But I don’t care whether it’s an executive’s laptop. Authenticate everything.
  • VPNs provide a false sense of security. If your security “strategy” is “we have a VPN,” you don’t have security.

When we reformed security for these banks we:

  • Actively segmented their networks.
  • Implemented stringent multi-factor authentication.
  • Removed implicit trust from all internal systems.

Do that, and suddenly attackers have a much tougher time with lateral movement.

Legacy Hardware: The Silent Killer in Your Network

You know how car manufacturers build some kind of time bomb into older vehicles? IT is supposed to operate the same way — but it doesn’t. The average enterprise has routers, firewalls, and switches that are old and haven’t had a firmware upgrade in years. It kills me. In highlight after highlight, I watched researchers compromise corporate networks using flaws in networking gear that’s been in place for a decade. That’s terrifying.

So Ask Yourself This:

  • How long has it been since your last firewall audit? (Not just log checks — looked at configurations.)
  • Are you still using end of life routers? Because your attackers research known exploits far more than you do.
  • Is your patch management proactive or when-we-have-time? Delayed patches = free-for-all for attackers.

If you’re running legacy devices because they still work just fine, you’re playing a game of Russian roulette with your network security.

Humans: The Perpetual Weakest Link in Cybersecurity

No matter how much we talk about it — no matter how much we spend on cybersecurity — people still get phished. Just like last year, when a finance director at a mid-sized company clicked on a phony FedEx email and, within minutes, attackers had access to sensitive internal data. It did not help that the incident began with human error, where no amount of intrusion detection could make a difference.

This Is What I Advise My Clients:

  • Engage them in security training Which means if your employees tune it out, it’s pointless.
  • Test employees. A lot. You should be doing phishing simulations monthly—not once a year.
  • Reporting incidents should be made easier. If an employee believes they’ve been phished, ensure they can report it within seconds.

Security is not only a technology problem, it is a human problem.

Conclusion: Cybersecurity Holistics Over Marketing Hiperbole

I’ve been at this work for decades, and if I’ve learned anything, it’s this: Security is not about the newest tool — it’s about having the right frame of mind.

So before you empty your wallet on an overstuffed AI solution, ask yourself:

  • Are all critical systems patched?
  • Do your employees truly grasp the importance of security?
  • Are you trusting things you really shouldn’t?

Because I can assure you — attackers aren’t waiting for you to catch up.

Security is not a one-time investment. It’s an ongoing battle.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

sales@pjnetworks.com
(+91)9818361787
C-160 Mayapuri Ph II
Copyright © 2025 PJ Networks: Innovative Networking & Cybersecurity Experts, All Rights Reserved.