Cyber SecurityAI & Technology

Vinod Kumar Tiwari: Why AI Needs a Human Layer in Cybersecurity

The average global data breach now costs $4.4 million, with AI-driven attacks accelerating both scale and sophistication, according to IBM’s report. At the same time, organizations using AI and automation in defense save nearly $1.9 million per breach, highlighting a paradox at the center of modern cybersecurity.

Vinod Kumar Tiwari, a global cybersecurity leader, operates directly inside that tension, where AI is both shield and weapon.

“AI can guide you step by step,” Tiwari said. “But trust, context, and real accountability still come from humans.”

With nearly two decades in IT, Tiwari now leads a distributed team of more than 150 engineers across the U.S., India and Asia, supporting enterprise security operations at scale.

From reactive firefighting to proactive defense

One of Tiwari’s most consequential initiatives challenges a core assumption in cybersecurity: that support should begin after something breaks.

“We analyzed our data and found 200 to 300 customers were generating almost 50% of support tickets,” he said. “So instead of waiting, we started reaching out before problems happened.”

His team built dashboards in Salesforce to identify high-friction accounts, such as customers with frequent tickets, low satisfaction scores or repeated escalations.

They then introduced targeted “proactive support” sessions, walking customers through overlooked product capabilities and misconfigurations. The results were immediate.

“If those customers improve, you reduce almost half your tickets,” Tiwari said. “That’s not just cost savings. It’s a risk reduction.”

He estimates the approach can cut support costs by 30–40%, while improving retention. More importantly, it addresses a major cause of breaches: human error. IBM data shows that human error remains a major contributor to breaches.

Tiwari’s approach reflects a broader industry shift toward predictive security, where preventing misconfigurations becomes as critical as detecting threats. 

AI in action: from call centers to cyber defense

Tiwari is also deploying AI inside customer support workflows, turning what was once a manual, reactive function into a semi-autonomous system.

When customers call, AI agents now handle initial triage, analyze queries and surface answers from internal knowledge bases.

“If the answer exists, AI gives it instantly,” he said. “If not, it escalates to a human and tells us what knowledge we’re missing.”

The system goes further. It detects frustration in a caller’s tone and reroutes them to a live engineer. It flags account risks, such as expiring licenses. It even feeds product teams with recurring issues.

“This is not about replacing engineers,” Tiwari said. “It’s about removing repetitive work so they can focus on complex problems.”

The phishing problem and an AI response

Tiwari points to phishing as the clearest example of why AI must evolve beyond automation into real-time protection.

During a recent trip, he observed how widespread scams have become, from fake banking alerts to fraudulent delivery messages.

“Every third person was getting some kind of phishing message,” he said.

That aligns with broader trends: attackers are increasingly using generative AI to create convincing phishing campaigns, cutting preparation time from hours to minutes and enabling large-scale targeting.

Tiwari is exploring AI systems that would automatically analyze incoming messages and flag suspicious links before users interact.

“If a link doesn’t match the real source, AI should immediately say: this is fake. Don’t click,” he said.

He is also considering structural fixes, such as standardized identifiers in one-time passwords to distinguish legitimate banking messages from scams, an example of combining technical controls with behavioral safeguards.

The coming “dark side” of AI in cybersecurity

While enterprises rush to adopt AI for defense, Tiwari warns the same tools are lowering the barrier for attackers.

“Whatever you use to secure your system, someone else will use it to break it,” he said. 

That shift is already underway. Recent research shows AI is being used in phishing, deepfake impersonation and automated attack chains, with some breaches now directly linked to AI misuse.

At the same time, organizations are struggling to govern their own AI systems. A majority report lacking proper controls, increasing exposure to “shadow AI” risks.

Why humans still matter

Despite rapid automation, Tiwari rejects the idea, popularized by some tech leaders, that AI will fully replace cybersecurity professionals.

“AI will handle everything that is structured and repeatable,” he said. “But anything that needs judgment, responsibility or trust stays with humans.”

That philosophy also shapes how he manages his global team. With operations spanning multiple regions, Tiwari relies on strong local leadership and clear accountability.

“If you build the right team, you don’t need to control everything,” he said. “They will drive it.”

As cybersecurity enters an AI-first era, Tiwari’s approach is notably pragmatic. He embraces automation but resists overreliance.

“Human and AI have to work hand in hand,” he said. “One alone cannot solve every problem.” 

As organizations move deeper into an AI-first era, the challenge is no longer just speed, but responsibility.

Author

  • Tom Allen

    Founder and Director at The AI Journal. Created this platform with the vision to lead conversations about AI. I am an AI enthusiast.

    View all posts

Related Articles

Back to top button