Andrew Winney explains how AI, bots, and APIs are reshaping cybersecurity, highlighting rising risks like shadow AI, API attacks, and agentic AI, while stressing unified platforms and edge security for faster, safer operations.
As enterprises accelerate their shift to AI-driven operations, the nature of cybersecurity is undergoing a fundamental change. Traditional models built around human-to-machine interactions are giving way to machine-to-machine ecosystems, where bots, APIs, and autonomous agents play a central role. This transition is expanding the attack surface, forcing organizations to rethink how they secure data, applications, and network access without compromising speed or user experience.
In this interaction with CIO&Leader, Andrew Winney, Global Head of Product Management for SD-WAN, SASE, and SSE at Tata Communications, discusses how security strategies are adapting to this shift. He highlights the rise of agentic AI, the growing risks of shadow AI, and the surge in API-led attacks. Winney also explains the need for unified security platforms, the role of edge-based architectures, and how Tata Communications is leveraging its global network and threat intelligence capabilities to deliver faster and more secure digital experiences.
CIO&Leader: Your schedule must be quite busy. Could you start with a brief introduction about your role at Tata Communications, the projects you are working on, and the innovations you are driving?
Andrew Winney: Within Tata Communications, I manage the complete network security portfolio. When we talk about a network security portfolio, there are many acronyms such as SASE and related technologies.
To simplify, this is about how access happens from point A to point B and how that access is protected. When an enterprise has digital assets such as websites, APIs, and other systems, the question is how to secure them.
At the same time, enterprises must also protect employees accessing internal systems, such as HR portals. The entire portfolio focuses on managing access and securing it for customers.
CIO&Leader: Earlier, the internet was largely about humans interacting with machines. Now it appears machines are increasingly interacting with each other through AI. How does security change in this automated environment?
Andrew Winney: Over the last year, more than 40% of data traffic, according to various industry reports, is generated by bots. These are highly automated systems.
More than 40% of data traffic, according to various industry reports, is generated by bots. These are highly automated systems.
When enterprises have digital assets such as websites or APIs, they expect a large volume of automated traffic, and in many cases, hostile traffic. This traffic directly interacts with their systems.
From a cybersecurity perspective, this has changed how security leaders approach the problem. About one to one-and-a-half years ago, the focus was on building tools to block bots and prevent malicious activity. There were behavior-based controls designed to stop harmful bots.
However, in the last six months to a year, there has been a shift. Now there are beneficial bots, including AI agents, that help businesses. Agentic AI is becoming more common.
For example, platforms such as OpenAI or Claude interact as non-human entities. This means security systems must now distinguish between acceptable and malicious behavior.
Instead of blocking all bots, organizations must identify which ones are useful and which ones are harmful. This shift has added nuance to cybersecurity strategies.
CIO&Leader: A new term, “shadow AI,” is gaining attention. With employees using unauthorized AI tools in bring-your-own-device environments, what risks do organizations face?
Andrew Winney: Shadow AI is one of the biggest challenges that CSOs are discussing today.
If we take Tata Communications as an example, when tools like ChatGPT first became widely used, we worked with our security teams to provide controlled access. However, the number of AI tools has increased significantly.
Different teams use different tools. Marketing teams may use certain AI applications, while product teams may use others such as Lovable. There are also many developer tools and domain-specific AI solutions across legal, engineering, and other functions.
The challenge is that security teams cannot keep pace with the growing number of tools.
The risks are significant. One major concern is data exposure. Organizations cannot protect what they do not know. Employees may share proprietary information with external AI systems.
One major concern is data exposure. Organizations cannot protect what they do not know.
This data could then be used to train models or be exposed unintentionally. There is also a risk of data exfiltration, where sensitive enterprise information is accessed or misused.
Additionally, organizations often do not know which models are behind these tools or what safeguards are in place. While leading AI providers are improving protections, the broader ecosystem still presents risks.
CIO&Leader: Earlier, companies relied on multiple security tools from different vendors. Why is this approach now considered a risk compared to unified platforms?
Andrew Winney: In the past, organizations used separate tools for different purposes. For example, one tool would handle volumetric attacks, another would act as a web application firewall, and another would manage content delivery.
These tools operated independently.
However, as enterprises aim to improve both security and user experience, they are moving toward unified platforms. A single platform allows consistent policy management across all functions.
The biggest issue with multiple tools is the gaps between them. Attackers often exploit misconfigurations between systems. These gaps create vulnerabilities.
A unified platform reduces these risks by providing consistent controls and minimizing attack vectors.
CIO&Leader: APIs are now a major target for cyberattacks. Why are traditional security methods failing to protect them?
Andrew Winney: APIs have become significantly more important. Over the past year, there has been a sharp increase in API-led attacks, with some reports indicating more than a 100 times rise.
One reason is the growth in API usage. Modern applications, especially those built using AI and large language models, rely heavily on APIs. Developers use APIs to integrate external models and services.
APIs are also used to expose enterprise capabilities to customers.
APIs are machine-readable and designed for automated interaction, they are more accessible to attackers.
Because APIs are machine-readable and designed for automated interaction, they are more accessible to attackers. In many cases, API documentation is publicly available, making it easier to understand how systems work.
This transparency allows attackers to identify vulnerabilities or misconfigurations more easily. As API usage grows, so does the attack surface.
CIO&Leader: Security systems are often seen as complex. How does Tata Communications simplify adoption for businesses?
Andrew Winney: Our approach is platform-based rather than tool-based.
We start by understanding the customer’s environment, including their digital assets, critical systems, and access patterns. Based on this, we design solutions that address specific use cases.
This approach provides a more complete solution rather than isolated tools.
We also support deployment and ongoing management. The real value of security tools lies in how they are managed and optimized over time. This includes fine-tuning policies and providing visibility into performance and effectiveness.
By offering a unified platform and managed services, we help organizations achieve better outcomes.
CIO&Leader: Tata Communications owns a large global network. How does this infrastructure provide an advantage in security?
Andrew Winney: There are two key advantages.
First is scale. With a global backbone spanning more than 150 countries, users can access applications through nearby network points. This reduces latency and improves performance.
Second is threat intelligence. Our network allows us to analyze large volumes of data and generate insights about threats. These insights are integrated into our platforms, enabling real-time protection.
This combination improves both performance and security for customers.
CIO&Leader: Businesses today require both speed and security. How can they achieve this balance?
Andrew Winney: This is addressed through an edge-based approach.
We integrate content delivery networks, edge computing, and security into a single platform. The CDN layer helps deliver content quickly, while edge computing allows localized customization.
For example, applications can adjust content based on user location or preferences.
Security is applied at the edge rather than centralized systems, allowing faster processing. This combination enables fast, secure, and personalized user experiences.
CIO&Leader: What are the key trends that CSOs and CIOs should focus on going forward?
Andrew Winney: Agentic AI is one of the most significant emerging risks.
Earlier AI systems provided responses, but modern AI agents can take actions. They can send emails, modify systems, and interact with applications.
This increases risk. If compromised, these agents could impact entire business operations.
Organizations must build strong security frameworks to manage these risks.
CIO&Leader: Open-source AI tools are gaining popularity. What are the security concerns associated with them?
Andrew Winney: Open-source tools have benefits, but they also introduce uncertainty.
Organizations may not fully understand how their data is used. Proprietary information shared with these tools could be exposed or used for training.
There are also legal implications, particularly for enterprise data.
Additionally, open-source tools are accessible to both legitimate users and malicious actors. This creates risks around misuse and data security.
While open source has delivered value in many areas, enterprises must carefully evaluate its use in sensitive environments.