How to Adapt Your Cybersecurity Strategy in the Age of AI - Strategy Tips for Companies of All Sizes
24 Jun 2026 12:31
Generative and agentic AI are reshaping how companies operate — but they're also reshaping how attackers operate. To help professionals make sense of this shift, HirePlanner brought together four cyber security leaders for an open, informal panel discussion: "Adapting Your Cyber Security Strategy in the Age of AI."
The conversation took place on February 19th 2026 during the Tokyo Tech Meetup x IT Career Event and tackled a question every business leader is asking right now: as AI becomes part of daily work, how do we use it to strengthen our defenses instead of becoming an easier target?
The panel featured Luke CHATELAIN, cyber security manager at Rakuten; Lalatiana TODIC, Cyber Security Officer at a pharmaceutical company with 13 years of experience across France and Japan; Yu NAKAMURA, an independent cyber security consultant and IT researcher; and Sachiko HASUMI, an advocate for human-centric cyber security. The session was moderated by Eva Choong a cyber security recruiting specialist from Skillhouse Staffing Solutions with a decade of experience across APAC and Japan.
What followed was a candid, wide-ranging discussion covering everything from deepfakes and shadow IT to agentic AI governance and the cultural gap between business and security teams.
Main Discussion Themes
The panel organically moved through several connected themes:
How AI has changed the threat landscape — from automated malware to AI-assisted phishing and deepfakes.
Bureaucracy vs. attacker speed — why slow internal decision-making is itself a security risk.
Blue team vs. red team — how defenders and attackers are both adopting AI, often unevenly.
Shadow IT and governance — why employees turn to unapproved tools, and how to fix that without strangling productivity.
Startups vs. large enterprises — different resources, but shared responsibility.
Cloud vs. on-premise/hybrid deployment — data residency, misconfiguration risk, and vendor supply chain concerns.
The human element — fatigue, mindset, and personal boundaries as security variables.
Agentic AI — the next governance frontier as companies move from generative tools to autonomous agents.
Key Takeaways
1. Attackers are already using AI — efficiently. Nakamura-san's research found that in some malware campaigns, 80–90% of the attack process is now automated. Attackers are also using AI chatbots to generate deeper intrusion commands once inside a network. The implication is clear: "attacker utilize AI to make the existing attack more efficient," so defenders need to do the same on the defensive side.
2. The "Japan is safe because of language" myth is over. Several panelists noted that AI-generated phishing emails in Japanese are now nearly flawless, and deepfakes are breaking what used to be considered a natural language barrier.
3. Internal bureaucracy is a vulnerability. A recurring point: attackers don't wait for approval chains. The slower an organization is to decide and act, the bigger the window of opportunity for attackers — a dynamic the panel said affects both Japanese and global companies, just in different ways.
4. Every chatbot user is a potential attack surface. Luke pointed out that inputs to an AI system aren't "just words" — they can function like executable instructions. That means any user, not just a malicious one, can unintentionally trigger outcomes a company never intended and may end up liable for.
5. Build (and promote) good internal AI tools. Multiple panelists agreed: when companies provide a convenient, approved internal chatbot, employees are far less likely to leak data to public tools. Blocking unapproved AI tools without offering a usable alternative simply pushes risk underground.
6. Security and business need to actually talk to each other. Nearly every panelist circled back to communication and culture as the real differentiator — not the existence of a policy, but whether business and security teams understand each other's goals well enough to make smart, fast trade-offs together.
7. Humans are still the deciding factor. Hasumi-san's framing was simple and memorable: technology and process can stop some risk, but never all of it. Fatigue, urgency, and blurred personal/professional boundaries are what attackers ultimately exploit.
8. Cloud convenience comes with configuration risk. Tanama-san flagged that most cloud/AI data leaks trace back to misconfiguration — especially around identity and access management — and shared a personal preference for hybrid setups with offline backups rather than full cloud reliance.
9. Agentic AI raises the stakes on permissions and assumptions. As companies move from generative AI to autonomous agents, the panel warned that agents can act faster and more relentlessly than a human would, exhausting resources or taking actions no one explicitly anticipated. Failsafes and tightly scoped permissions were the top recommendation.
10. Small businesses should start with the basics. For resource-constrained companies, the advice was consistent: lean on existing public frameworks (like OWASP's AI security guidance) for fundamentals first, then build out from there as security proves its value internally.
Tokyo Tech Meetup x IT Career Event - Feb 19th 2026 - CyberSecurity Panel Discussion Event
Notable Perspectives
On responsibility and scale: companies with greater impact on society carry greater responsibility, and risk tolerance should scale accordingly.
On mindset: stop viewing AI as "just a tool," treating AI as a servant rather than a collaborator limits how much value — and how much risk-awareness — a company can actually get from it.
On where the industry's attention is right now: when asked directly whether the focus is on data leakage, AI-powered attacks, or AI misalignment, the panel's answer was aligned — it's all three at once, and where a company should focus first depends on its size, maturity, and threat exposure.
Why This Matters for Professionals and Companies
For HR, talent, and business leaders — not just security teams — this discussion is a reminder that AI governance isn't an IT-only conversation. Hiring decisions, employer branding, and day-to-day operations all increasingly run through AI-powered tools, and the panel's core message applies broadly: speed, culture, and communication between teams matter as much as any technical control.
Whether you're scaling a startup or managing security at an established enterprise, the panelists' advice translates directly into action: invest in approved internal tools, close the communication gap between business and security, and treat agentic AI rollouts with the same caution you'd apply to onboarding a powerful new system with very little oversight history.
Watch the Full Discussion
This recap only scratches the surface. The full panel covers live audience Q&A on agentic AI rollouts, real-world breach examples, and a deeper dive into red teaming — all worth hearing directly from the panelists.
This event is part of HirePlanner's ongoing mission to bring together innovative tech companies growing in Japan, tech professionals, and industry experts to connect, learn, and inspire each other. If you enjoyed this conversation and would like to join future events, follow us on our social media so you don't miss future events and practical conversations like this one.
