“The biggest cybersecurity risk is no longer identity—it is the data itself.”

Daryl Pereira explains why data integrity, Zero Trust for AI, supply chain resilience, and post-quantum cryptography will define the next era of cybersecurity.

Daryl Pereira, APAC Head – Office of the CISO, Google Cloud Asia-Pacific

As enterprises race to adopt AI, cloud-native architectures, and increasingly autonomous digital operations, cybersecurity is entering a new phase where traditional defenses are no longer sufficient. The rise of agentic AI, expanding software supply chains, tightening regulatory frameworks, and the looming threat of quantum computing are forcing security leaders to rethink long-held assumptions about trust, governance, and resilience. In this evolving landscape, organizations must move beyond reactive security measures and build systems designed to withstand complex, interconnected threats.

In an exclusive interview, Daryl Pereira, APAC Head – Office of the CISO, Google Cloud Asia-Pacific, argues that the future of cybersecurity will be shaped less by identity controls and more by data integrity, AI trust boundaries, and ecosystem-wide resilience.

CIO&Leader: How do you redefine access to systems when the user is an autonomous AI agent rather than a human employee? How do organizations manage identity and access in autonomous workflows?

Daryl Pereira: The reality around autonomous AI is more about data than identity. Everyone seems to be focusing on identity and access, but the key issue is data.

When you look at mainstream security today, organizations are focused on AI risks such as data leakage, prompt injection, model hallucination, model theft, and access to models. Those are yesterday’s problems. The real frontier now is understanding how autonomous AI agents will interact with one another and with the underlying infrastructure when there is no human oversight.

Everyone is focused on access management, but I do not believe that is the biggest risk. The biggest risk is the data itself.”

Within a few years, enterprises will move from static software environments to interconnected ecosystems where autonomous AI agents communicate with each other. These agents may have authority to read code, modify databases, deploy infrastructure, release software, and even execute financial transactions.

The primary vulnerability is no longer a human clicking on a phishing link. It becomes an autonomous agent consuming data from an external, untrusted AI agent—or worse, an adversarial AI agent specifically designed to feed poisoned data and influence decision-making.

An attacker could compromise a public repository, an external AI agent could scrape that biased data, and later feed a summary into an internal corporate AI agent. Because the corporate agent trusts the source, it may create a subtle logic breach that ultimately impacts business decisions across an organization. This is what I would call implicit data poisoning.

The key defense is enforcing Zero Trust for AI. Never trust data generated or processed by an external AI model. Treat AI-generated inputs from external systems as untrusted users requiring validation and verification.

Organizations also need guardrails. I would never give an AI agent unrestricted access to write code or execute APIs without human oversight for high-risk activities.

The third area is lineage mapping. We need tools that establish the provenance of data. We must understand exactly how AI models are trained, what data they are consuming, and which external agents have interacted with them. This creates what we call an AI lineage map.

Everyone is focused on access management, but I do not believe that is the biggest risk. The biggest risk is the data itself.

CIO&Leader:  As enterprises increasingly rely on autonomous systems and employees independently deploy AI agents for business tasks, we are seeing a shift from Shadow AI to Shadow Agents. How should CISOs defend against this without stifling innovation?

Daryl Pereira: The answer is fundamentally the same. Shadow agents are effectively untrusted AI agents that subtly manipulate the behavior and biases of your internal corporate AI systems.

The key to defending against Shadow AI and networks of AI agents attempting to influence your organization is Zero Trust.

That means:

  • Zero Trust for AI.
  • Semantic boundaries and guardrails.
  • Restricting code-writing and API execution privileges.
  • Maintaining human oversight for high-risk activities.
  • Establishing AI lineage mapping to understand where data originates and how decisions are formed.

These remain the most important controls.

CIO&Leader: With the rise of Agentic Security Operations Centers, how close are we to self-healing systems and fully autonomous incident response?

Daryl Pereira: Trust is the central issue. With Zero Trust architectures, we have traditionally focused on protecting identities and credentials. When AI enters the picture, the question becomes whether the AI itself can be trusted.

We are witnessing a new generation of threats. New threat actors, new attack techniques, and AI-assisted vulnerability discovery are dramatically accelerating attack timelines.

One of the major developments we have announced recently is Google’s AI Threat Defense approach. The model itself is only one component. We believe there are three critical parts:

  1. The model.
  2. The harness.
  3. The expertise.

The model does not necessarily need to be the latest large language model. What matters more is the harness—the framework that interprets context, governs interactions, applies guardrails, and controls how the model interacts with its environment.

The third element is expertise. At Google, we combine:

  • Gemini models.
  • Code Mender capabilities.
  • Risk contextualization through Wiz.
  • Frontline intelligence from Mandiant.

Code Mender helps identify and fix vulnerabilities before they can be exploited.

When vulnerabilities are discovered, organizations often prioritize easy fixes first because they want visible progress. We have reversed that thinking. We prioritize vulnerabilities with the largest blast radius first.

We tackle the hardest and most impactful vulnerabilities before addressing smaller issues.

We also leverage Mandiant expertise to model attack paths and simulate how vulnerabilities could propagate across interconnected systems.

CIO&Leader: What can non-financial enterprises learn from highly regulated industries such as banking when navigating growing cybersecurity regulations across APAC?

Daryl Pereira: Banks operate in highly regulated environments, but the key lesson is standardization. When I worked in banking, we relied heavily on frameworks such as ISO 27001, NIST, and CIS benchmarks.

Later, when working with non-financial organizations, I discovered many had either never heard of NIST or viewed ISO purely as an audit requirement.

I strongly advocate standardizing security architecture around globally recognized frameworks.

One advantage of frameworks like NIST is that they provide multiple maturity levels. Not every organization needs to operate at a banking-level security posture. Healthcare organizations, universities, and shipping companies may require different target levels.

Regulations establish a minimum baseline. Regulators cannot set requirements so high that most organizations fail. The challenge is that organizations already operating above the baseline often stop improving once compliance is achieved.

Frameworks such as ISO, NIST, and CIS enable organizations to continue maturing beyond compliance.

Another important development is policy enforcement through code. Developers should not need to understand every legal or regulatory requirement. Security controls should be embedded directly into systems, ensuring compliance by design.

At Google, we also perform control mapping. We take regulations from all jurisdictions in which we operate and map them to a centralized control framework. Systems are then continuously assessed against that framework using real-time monitoring and auditing.

That is how governance, risk management, and compliance should be approached at scale.

CIO&Leader: How can organizations move from reactive patching to proactive ecosystem resilience?

Daryl Pereira: Supply chain risk is one of the most significant challenges faced in cybersecurity today. Organizations typically focus on what they can see like their software, services and vendors.

The problem is that vulnerabilities often originate much further upstream.

A single compromise in shared code, open-source software, or third-party SaaS platforms can affect entire ecosystems. Attackers increasingly target software supply chains because traditional perimeters have become harder to breach.

Today, one of the most valuable credentials an attacker can steal is developer access.

With developer credentials, attackers can alter source code and fundamentally change how systems behave without triggering traditional perimeter defenses.

Another challenge is dependency visibility. Most organizations understand their first-level vendors but lack visibility into second-, third-, fourth-, and fifth-level dependencies. That creates opacity.

The solution begins with assuming compromise. Organizations should:

  • Implement Zero Trust.
  • Apply micro-segmentation.
  • Enforce least-privilege access.
  • Continuously monitor authentication activity.

I also strongly advocate adoption of SLSA (Supply-chain Levels for Software Artifacts), which can4 verify software integrity and ensure code has not been tampered with.

Shared Responsibility is no longer enough. In cybersecurity, we need Shared Fate—if a customer is compromised, we see that as our failure too.

Beyond technical controls, we promote a concept called Shared Fate rather than Shared Responsibility. Shared Responsibility suggests that each party manages its own risk. Shared Fate means both parties succeed or fail together.

If a customer misconfigures a security control, we view that as our failure too because we did not make the secure path obvious enough

CIO&Leader: With quantum computing advancing rapidly, what should organizations do today to prepare for the risk of encrypted data being decrypted in the future?

Daryl Pereira: The “steal now, decrypt later” threat is real. After Agentic AI threats, quantum computing is probably the next major cybersecurity frontier. The good news is that solutions already exist. They are known as Post-Quantum Cryptography (PQC).

Although practical quantum computers capable of breaking modern encryption do not yet exist, researchers understand enough about quantum computing to develop encryption methods designed to resist future quantum attacks.

The cybersecurity community, including Google and many other organizations, has been working collaboratively on this challenge for years. Organizations should begin transitioning toward PQC-resistant encryption today.

ISO has already published guidance around post-quantum cryptography, and enterprises should use those standards as a starting point.

Interestingly, organizations that have not yet completed major encryption projects may actually have an advantage. They can move directly to PQC-ready encryption rather than performing two separate migrations.

If quantum computing arrives in the next three to five years, today’s conventional encryption will become obsolete. The time to prepare is now.

My advice to every CISO is simple: Ask your board for funding today to begin evaluating and implementing a post-quantum cryptography strategy.

Start with your crown-jewel systems and highest-value assets.

If quantum computing arrives in three to five years—as many experts believe—it will render today’s conventional encryption obsolete. The time to prepare is now.

Share on