Back to Basics: Why Good Cyber Hygiene Must Precede AI Adoption

Illumio’s Trevor Dearing offers commentary on why good cyber hygiene must precede AI adoption. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

In the race to adopt AI, it’s easy to overlook the most critical question: Is our infrastructure secure enough?

I have worked in security long enough to see this pattern repeated across every major technology shift, from early digital transformation to cloud, and now AI. Technology changes, but behavior stays the same. Business teams race ahead. Security teams hear, “Do not slow us down.” The results are predictable: attackers identify vulnerabilities and pounce.

Security can’t be an afterthought. To make AI a competitive advantage and avoid creating an unprotected attack surface, organizations must prioritize good cyber hygiene. Strong segmentation and proactive security measures ensure innovation doesn’t come at the cost of exposure.

What Good Cyber Hygiene Looks Like in an AI Project

Every AI project should begin with the question “What is the risk if we implement this?”

Determine the answer by mapping which systems AI will touch, identifying the data it will access, and whether it will run on-premises, in the cloud, or in a hybrid environment. Additionally, evaluate what happens if the AI system goes offline or behaves unexpectedly, or if an attacker gains access to its credentials or training data.

Tie those questions to business impact. If the system fails, which processes will stop? If it leaks sensitive information, what are the consequences for customers, partners, and employees? If it becomes a gateway deeper into your environment, how far can an attacker go before segmentation stops them? The answers to these questions should guide where and how you deploy AI.

A risk assessment that ignores segmentation often yields uncomfortable answers. You discover that a single compromised workload can reach far too many critical assets.

As you strengthen hygiene inside each AI project, you also need to recognize how AI itself is reshaping the threat landscape. The same technology that helps your teams move faster and see more can also supercharge the tools attackers use against you.

The Good and the Bad

On the defensive side, AI can help security teams make sense of vast volumes of data. Think about what happens when you connect network logs, endpoint events, segmentation policies, cloud observability data, and vulnerability information into a single security graph. It becomes an AI-driven map of how assets and entities relate to each other.

With that context, an analyst can provide the AI tool with simple prompts such as “highlight workloads that talk to things they should never reach” and “list misconfigured segments that allow unnecessary east-west traffic.” AI will provide that information by drawing on network detection and response (NDR), cloud detection and response (CDR), and other telemetry sources. It will also surface blind spots that would stay buried in traditional dashboards and manual queries.

That visibility is only helpful if you can act on it. Micro segmentation lets teams turn AI insights into policy, tighten controls on risky workloads, block unnecessary communication paths, and shrink the blast radius of a compromised asset in minutes.

Of course, attackers also know how to use AI to automate reconnaissance, test stolen credentials, map exposed services, and generate more targeted phishing. In a flat, poorly segmented network, that combination becomes lethal. AI helps them find weak spots faster, then pivot laterally across systems with less resistance.

And while you cannot stop attackers from using AI, strong hygiene and segmentation make attackers work harder and give your teams room to respond. Yet even the best controls break down when teams build in isolation. To keep AI projects secure, you need to align the right groups.

Force Real Collaboration Across Teams

AI rarely stays confined to one team. Data teams manage inputs. Platform teams own the environment. Security owns controls and monitoring. Business units own outcomes and budgets.

Gaps emerge when these groups fail to align. Someone assumes, “security will take care of that later.” Someone else assumes, “the platform team has already locked this down.” No one takes ownership of lateral movement risk and how far an attacker could move inside your environment before segmentation stops them.

Bring teams together before you build. Agree on which data AI can use. Define who can access the system. Decide which parts of the network and which applications need stronger segmentation before you turn anything on.

Security does not need to be the department of “no.” It needs to be the department that sets safe guardrails so the business can move faster with less fear and less risk.

In today’s post-breach world where compromise is inevitable, organizations must build security on the assumption that attackers will get in. That mindset already drives investments in NDR, cloud observability, and CDR platforms.

But visibility alone isn’t enough. Segmentation gives you the power to stop that movement cold. And hygiene is what ties it all together: patching known issues, removing unnecessary services, eliminating stale accounts, and enforcing least-privilege access.

Resilience comes from the combination of visibility, containment, and hygiene. You see the threat, contain its path with segmentation, and recover — without bringing the business to a halt.

From Speed at Any Cost to Sustainable Innovation

Every major technology shift begins with speed at any cost. Then reality hits as security incidents rise, regulators respond, and boards demand answers. Only then do many organizations retrofit controls.

We do not need to repeat that cycle with AI. Before you scale AI across the business, focus on these three steps:

1. Run clear risk assessments for each AI initiative and tie them to business impact.

2. Pull security, IT, data, and business stakeholders into the same room and assign shared accountability.

3. Invest in segmentation so you can contain incidents and shrink blast radius when, not if, something goes wrong.

Security is the foundation for sustainable, confident AI adoption. Treat hygiene and segmentation as design requirements, not afterthoughts, so you move faster and safer with greater resilience. Building security into every AI project is how you’ll turn AI from a potential risk into a competitive advantage.