Intent-based security is key to modern cyber defence, says Cequence CTO

Legacy tools are struggling to keep pace with LLM-powered exploits, leaving enterprises and SMEs exposed to adaptive, real-time threats.

Artificial intelligence has redefined the cybersecurity threat landscape, transforming automation from a detectable nuisance into a near-indistinguishable force that mirrors legitimate human behaviour. AI-driven agents now operate through real browsers, adapt in real time, and exploit vulnerabilities with unprecedented speed and precision. Traditional detection models, built to identify scripted bots and static attack patterns, are increasingly ill-equipped to respond.

Organisations face a dual challenge: defending against adversarial AI while responsibly deploying autonomous agents within their own systems. Questions of accountability, regulatory oversight, and governance have become as urgent as technical defence. The stakes are particularly high in regions such as the GCC, where economic value, geopolitical significance, and regulatory complexity create fertile ground for sophisticated, scalable attacks—especially against resource-constrained SMEs.

Shreyans Mehta, CTO of Cequence Security, explores how AI-powered threats are reshaping detection strategies, why legacy tools struggle against LLM-driven abuse, and why intent-based security, agent-level guardrails, and continuous observability must form the foundation of modern cyber defence.

Interview Excerpts

How do AI-driven attacks that mimic human behavior change traditional approaches to cyber detection and defense?
Traditional bot mitigation techniques were largely built to detect scripts impersonating users, relying on behavioural anomalies or technical fingerprints to distinguish humans from automation. But today’s AI-driven threats have upended that model by using real browsers and mimicking human interaction patterns with startling fidelity. These agents don’t just evade detection, they blend in. What’s more, humans are now deploying AI agents to act on their behalf, further blurring the line between organic and synthetic behaviour. This shift demands a move away from binary classification and toward behavioural intent-based evaluation. Security controls must now assess whether an action —regardless of who or what initiated it — aligns with legitimate usage. This evolution in approach is critical to ensuring systems remain usable while effectively filtering out adversarial automation. 

When an AI agent triggers an exploit, who should be held accountable—and how urgent is the policy gap around AI responsibility?
If a human deploys an agent, knowingly or not, they bear a level of responsibility for its behaviour. That holds true whether the agent makes a mistake or is weaponized deliberately. There’s also an obligation on the part of technology creators to anticipate misuse and build systems with preventive mechanisms. This dual reality where a well-meaning user might unintentionally cause harm, or a malicious actor can amplify their reach using AI highlights the urgency of policy and guardrail development. Much like autonomous driving, oversight doesn’t disappear just because control is delegated. Until agents can fully interpret intent, humans must remain in the loop, both technically and ethically.

“Regulatory frameworks must evolve quickly to codify these shared responsibilities before AI capabilities outpace our ability to govern them.” 

Why are Gulf Cooperation Council (GCC) organisations, especially SMEs, more exposed to AI- and LLM-driven cyber threats today?
GCC organisations, particularly SMEs, operate in a high-stakes environment where geopolitical importance and economic value make them attractive targets. Yet they often lack access to robust cybersecurity solutions due to regional data residency regulations and technology import restrictions. Many security vendors are unable to meet these jurisdictional requirements, reducing tool availability in the region. Larger enterprises may still deploy on-premises infrastructure, but SMEs typically depend on cloud-based services and often lack the internal resources to manage advanced threats. This combination: high-value targets, regulatory complexity, and constrained cyber defence capacity, leaves GCC SMEs disproportionately exposed to scalable, AI-powered attacks that exploit this gap. 

Why do legacy security tools struggle to detect LLM-driven API abuse?
Legacy security tools simply weren’t designed to keep pace with the velocity and adaptability of LLM-driven threats. These models can rapidly analyse exposed APIs, generate novel attack patterns, and adjust their behaviour based on system feedback, all in near real time. Meanwhile, traditional detection systems operate on static rule sets or predefined thresholds, leaving them blind to the fluidity of these new exploits. It’s not just about detection speed; it’s also about understanding behaviour and intent in a context that’s constantly shifting. The lag between exploitation and response means that by the time an anomaly is flagged, the damage may already be done. Closing that gap requires a fundamental rethinking of how API security is approached. 

How critical are agent-level guardrails and observability as autonomous AI becomes embedded in enterprise systems?
Unlike humans, AI agents have no internal compass. They don’t question instructions or weigh consequences. They execute commands with unwavering fidelity, regardless of outcome. That makes them both powerful and dangerous. As these agents become more embedded in enterprise workflows, they must be provisioned with minimal permissions, tasked narrowly, and continuously monitored. Logs, checkpoints, and interruption mechanisms aren’t just best practices — they are essential safeguards. Without these measures, a benign instruction can spiral into an unintended consequence with no natural braking point. Enterprises must treat observability and control as architectural imperatives, not operational afterthoughts.