In the AI Era, the Center of Gravity of Security Is Shifting

In the AI Era, the Center of Gravity of Security Is Shifting

Ninety-five percent of security incidents begin not with technology but with people.

When people first hear this number, many find it puzzling. After all, we've spent all this time raising our firewalls higher, strengthening encryption, patching vulnerabilities. But the statistics are cold. Even the most sophisticated system ultimately collapses through a person.

And now, with the arrival of AI, this problem has entered an entirely new phase.

1. The Age of Plaintext Has Arrived

Before AI, attacks had a high barrier to entry. You had to understand system architecture, you had to be able to write code, you had to find the vulnerabilities yourself. Becoming an attacker required considerable technical skill.

Now it's different.

Ask a question in natural language, and the answer comes back. You don't need to know how to code. You don't need to understand system architecture. AI lays it all out for you. The barrier to entry for attacks has, in effect, vanished.

This is the age of plaintext. A world where language, not technology, has become the interface. And deceiving people is done through language too.

2. Phishing Has Become Perfect

Phishing emails used to give themselves away. Awkward translationese, strange sentences, spelling errors. A little attention was enough to filter them out.

Today's phishing is different.

The sentences are flawless. The context is precise. It learns the sender's tone and habits and mimics them exactly. It even clones the voice. Deepfake attacks that disguise identity over video calls have caused billions of won in damage at real companies.

Technical vulnerabilities can be blocked with a patch. But there's no patch for an attack that clouds a person's judgment.

3. The Strongest Enemy Was Me

There's a conclusion that everyone who has done security for a long time eventually reaches.

That the greatest vulnerability in a system is the person who built it.

The design you thought was perfect today looks like a hole tomorrow. One update you put off because it was a hassle becomes the path of intrusion. The "surely not" mindset is the most dangerous vulnerability. There's a single reason we have code reviews, tests, and security audits: because the present me doesn't trust what the past me built.

Unlike systems, people grow not in the direction of eliminating their vulnerabilities but of embracing them. A person who never melts at all is a person with nothing. To be human, you have to have something that can be touched.

That's why security in the AI era converges even more deeply on the human.

4. So What Should We Do?

First, weave suspicion into the design.

Never stopping to ask "Is this really safe?" is the starting point. Security is not something that gets completed; it's something that continues. The habit of looking through the attacker's eyes first when you build a system — that is the essence of Security by Design.

Second, protect people with systems.

People make mistakes. You have to design on that premise. No matter how much you train them, someone will still fall for phishing. So you have to build a structure where one person's mistake doesn't bring down the whole. The principle of least privilege, access separation, anomaly detection. It's not about preventing human mistakes but about building a structure that minimizes the damage when a mistake does happen.

Third, use AI for defense too.

If attackers are using AI, defenders have to use it as well. Anomalous traffic detection, phishing filtering, automated code vulnerability scanning. AI is a threat, but at the same time it's the most powerful defensive tool there is.

Fourth, let tomorrow's me verify today's me.

Build alone and review alone, and a hole will inevitably appear. Code review, penetration testing, external audits. You have to regularly let someone other than yourself try to break what you built. Don't be afraid of being broken. Being broken before a real attack is far better.

In Closing

The AI era is not an era of technical security. If anything, the more technology levels out, the more the person becomes the battlefield.

The center of gravity of security is moving from code to the human. Attackers already know this. Defenders need to know it too.

The strongest enemy is not out there.

It was always me. And in the AI era, that fact only becomes clearer.

According to a World Economic Forum (WEF) report, 95% of all cybersecurity incidents are directly linked to human factors. Verizon's 2024 Data Breach Investigations Report found that, of more than 30,000 incidents, 68% stemmed from a human element.

feat.

The trade-off between operational convenience and security works exactly the same way in life. To live smoothly you have to open something up somewhere — and the moment you open it, you inevitably become vulnerable.

Open your heart to someone and the relationship grows richer, but room to get hurt appears; build a routine and life runs well, but the more predictable it becomes, the more numb you grow. Conversely, lock everything down too tightly — trust no one, attempt nothing — and the risk drops, but life itself stops working well.

In the end, maybe the answer isn't "to open or not to open," but knowing just how much risk you can bear.