2 minutes reading
About Anand Thangaraju
Anand Thangaraju (CISO at ePlus Inc.) is a technology evangelist and Field CISO who connects AI, cybersecurity, risk, and fintech. He works closely with executive leaders as a security practitioner and advisor, and is a recognized speaker at major industry forums. An IIM Ahmedabad alumnus with certifications including CISSP and AWS, he also serves on university boards and invests in B2B SaaS startups. Known for his strategic thinking and innovation focus, Anand drives growth and transformation in the digital trust landscape.
The Invisible Shield: Moving Toward Fully Automated Email Defense
A major question facing modern CISOs is whether they should fully trust AI-driven decisions or continue to rely on manual intervention. The core of this topic is the pursuit of an ideal world where corporate security is fully automated and “invisible” to the user, much like the security built into an iPhone. This approach moves away from forcing users to make security decisions and instead focuses on “nudging” the system to react, learn, and adapt in real-time. While AI has become a primary component of email security, its success depends on the ability to monitor the intent of the AI agents themselves to ensure they are not turned against the organization by an attacker.
Important Lines from the Speaker:
- “I’m a big believer that security should be fully automated in an ideal world”.
- “You’re not really taking security decisions. You’re basically nudging the system to react, learn, and adapt”.
- “The agentic world is going to unlock capabilities beyond your current imagination”.
Balancing Risk and Automation
Anand argues that while we should strive for full automation, humans still play a vital role in providing a governance layer. This involves continuously monitoring the intent of AI systems to prevent attackers from taking control of autonomous agents. When it comes to trusting AI decisions, he recommends a tiered risk approach: organizations should “happily automate” low-hanging fruit—tasks that have low impact on infrastructure or reputation—while maintaining a “human-in-the-middle” for high-impact decisions.
Anand believes that the knowledge gained from email security is already being transferred to other areas like network security and SOC operations. Ultimately, the level of trust in AI is influenced by the residual risk and the criticality of the threat actor involved. By ranking decisions based on their potential impact, organizations can leverage the “agentic world” to unlock security capabilities that were previously unimaginable.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
