July 17th, 2025

2 min read

The role of the Chief Information Security Officer (CISO) is undergoing a seismic shift as AI continues to transform enterprises. We sat down with John Petrie, Counselor to the Global Chief Information Security Officer of NTT, Inc., who shared a bold and urgent vision of what’s next for cybersecurity leaders. He says CISOs need to understand that AI isn’t optional, it’s essential – and it’s a core pillar of enterprise security.

Bridges and Barriers

From protecting data and large language models to anticipating threats, generative AI – and soon, agentic AI – is reshaping how organizations secure their environments. “If you’re not already thinking about how AI impacts your business,” Petrie warns, “you’re behind.”

The near future will rely on AI agents that autonomously search for vulnerabilities and defend systems in real time. And, as Petrie notes, that future isn’t years away. It’s unfolding now.

At the same time, Petrie points to an even bigger disruptor on the horizon: quantum computing and sensing. While mainstream estimates place quantum’s impact five to eight years out, Petrie believes it could arrive much sooner. Security teams must prepare now, aligning AI strategy with post-quantum cryptography and next-gen threat models.

There’s another reason for urgent action: CISOs aren’t the only ones leaning into AI. Bad actors, including nation-states, are doing the same – which is changing the nature of security threats. From malicious code embedded in AI models to AI-powered reconnaissance, Petrie says, the attack surface is growing more complex.

We need to be co-investors, co-developers, and sometimes even acquirers. Startups will drive the maturity of AI in security and we have to engage them early.
John Petrie, Counselor to the Global CISO, NTT, Inc.

AI in Society

AI is changing just about everything in the security environment. For instance, “we’re going to see a shift in how we use human resources,” says Petrie. AI will augment and, in some cases, replace traditional cybersecurity roles. That transition requires thoughtful strategy, and clear communication with business leaders.

It means CISOs must proactively engage with business counterparts, educating them about risks while supporting their push for innovation. “Ask the business to be patient,” Petrie says. “Security needs time to catch up with the pace of AI development.”

He emphasizes the importance of protecting intellectual property and model integrity as organizations integrate AI into product and R&D workflows.

And he believes it is critical for enterprises to partner with startups. The most transformative technologies in AI security will come from early-stage innovators – not just Series A and B companies, but stealth-mode and seed-stage ventures.

He encourages the CISO community to share intelligence on promising startups, prioritize proofs of value, and take calculated risks to stay ahead. The future of cybersecurity won’t be built in isolation. It will be co-created by CISOs, engineers, founders, and global teams working together to build resilient, adaptive systems.

As AI evolves from generative to agentic, and quantum looms on the horizon, Petrie’s message is clear: the time to prepare is now.