Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Three issues stand out right now, shadow AI hidden across the ecosystem, defenders struggling to manage new exposures, and attackers accelerating faster than security teams can respond. Those three together are reshaping what cyber risk looks like for every business.

One simple prompt change, asking an AI to respond like a caveman with shorter sentences and fewer words, reportedly cut token spend by 75 percent. It is a funny example, but it points to a bigger issue, AI efficiency and cost control will matter far more as usage spreads.

Many AI companies are still running at a loss while businesses rush to build critical services on top of them. If compute costs rise and margins collapse, some of those vendors may disappear without warning, taking business critical processes down with them.

Anyone claiming they have fully solved AI governance is getting ahead of reality. AI is moving so fast that by the time many organisations write the rules, the technology, risks and use cases have already changed again.

AI is hitting security teams from three directions at once. Vendors are already using it, other vendors are selling it as the answer to everything, and attackers are using it to move faster than defenders can keep up.

Security questionnaires often fail because they rely on trust, vague answers and people who may not even know the real state of their controls. A simple yes or no response tells you very little when the real question is where those controls exist and whether they work.

A single ransomware attack pushed a 156-year-old logistics company into receivership within 90 days and out of business within five months. The real damage spread far beyond one firm, hitting supply chains, delaying deliveries and costing dependent businesses millions.

AI is disrupting the enterprise software market. James Rees built a fully-functional GRC tool in just two weeks using Codex. No development team needed. No million-pound licensing fee, just AI and subject matter expertise. If a CISO can build what competitors charge hundreds of thousands for in a couple of weeks, what happens to the vendor market? As large language models like Daybreak and Mythos evolve, this problem gets worse for SaaS companies.

Your vendors are adopting AI faster than you can assess them. What does that mean for your third party risk? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this Spotlight on Technology episode, I'm joined by Jeffrey Wheatman, Senior Vice President and Cyber Risk Strategist at Black Kite. Jeffrey previously spent over a decade as an analyst VP at Gartner, where he launched their third party cyber risk management coverage.

This episode looks at how supplier cyber posture affects your business, why spreadsheets and questionnaires no longer cut it, and how AI is making third party risk harder to see and faster to spread. It covers resilience, shadow AI, vendor collapse, supply chain impact and the reality that you are only as strong as your weakest link.