Already, AI-powered browsers are becoming the new battleground for cybersecurity defenders. As companies like OpenAI and Perplexity redefine how users access information, they also create new threats to traditional security models. For enterprises, this new technology presents yet another real-time test of their ability to govern rapidly evolving technologies. Because even as AI accelerates both attack and defense, it also blurs the lines between them.

This is the new reality for Andre Troskie, the EMEA Field Chief Information Security Officer at Veeam Software. As an industry expert with 25 years of experience, Troskie has held senior roles at professional services firms, including Big Four companies like IBM and EY. From his perspective, securing the modern enterprise begins with applying core security principles to new technologies and ends with rethinking the very structure of organizational security itself.

For Troskie, the browser challenge represents a much larger problem facing every organization: how to govern AI at scale. "Controls are a must: a firewall that filters the prompt going into the AI engine, and a firewall to look at the outcome or the output," Troskie says. "We must make sure that the browsers and the systems behind them actually protect the consumer and the enterprise." The solution is a sophisticated, data-centric process, he explains.

• The data question: First, leaders must "really understand the data we have, and then also understand what we want to automate," Troskie says. Only then can they define the proper entitlements for agentic AI so it "doesn't just run rampant across all the organization's data."

• In, on, or out?: Then, organizations must resolve the "human in the loop, on the loop, or out of the loop" dilemma. The right level of human oversight must directly correspond to the value of the data the AI handles, Troskie explains. While companies figure this out, their "risk profile increases. Whenever a new technology is introduced, mistakes get made and hackers find loopholes."

With AI reshaping the threat landscape, precise AI governance is critical, Troskie explains. Like a "double-edged sword," its most significant danger is giving bad actors with motivation the means to execute attacks. In response, he proposes a strategy of "end-to-end resilience," a concept now codified by regulators like the EU's Digital Operational Resilience Act (DORA) and the SEC's cybersecurity rules.

• Left and right of bang: Next, Troskie frames resilience in precise terms. "The detection phase of the NIST framework is when the 'bang' happens. We must be left of bang by identifying and protecting information, but we also must be right of bang to respond and recover. We need to apply end-to-end security and end-to-end resilience." Put simply, leaders must operate both before and after an attack.

• Bounce back benchmark: As a result, the new benchmark for success is the ability to recover. "We have to be realistic and say people might get in, so we need to be resilient so we can bounce back at scale and at speed," Troskie says. "That's where people are struggling."

Ultimately, Troskie connects his strategy to a fundamental business truth: security is now a boardroom topic, not just an IT problem. With old frameworks breaking, he says, a new mindset is needed. But the traditional "three lines of defense" model is too slow for the age of AI. "Very quickly, we will see those three lines of independent control be replaced by continuous autonomous assurance," he says.

At its core, the strategy rests on one principle: "Business resilience is data resilience. An organization is nothing without its data anymore," Troskie concludes. For him, the path forward is about restructuring how the business approaches risk. The biggest challenge, and the greatest opportunity, is to break down the silos separating critical functions, he says. "This is a massive opportunity to bring the elements of security, governance, and recovery together. These are quite often different departments within an organization. This is the opportunity to unify all those stakeholders to build a system that enables the organization to drive innovation farther, faster, harder."