Dominic Jainy is a seasoned IT professional whose expertise sits at the intersection of artificial intelligence, machine learning, and blockchain technology. With years of experience navigating the complexities of modern digital infrastructure, he has become a leading voice on how emerging technologies both fortify and challenge our traditional security frameworks. As organizations accelerate their migration to the cloud, Dominic provides a critical perspective on the shifting tactics of modern threat actors who have traded brute-force malware for the subtle manipulation of legitimate identities and automated workflows.
The following discussion explores the evolving “identity perimeter” and the specific risks posed by over-privileged machine identities in an increasingly automated world. We delve into the persistent dangers of cloud misconfigurations across multi-platform environments and the emerging threat of attackers targeting hosted AI services to scale their operations. Finally, Dominic offers insights into how legitimate cloud infrastructure is being repurposed as a cover for malicious activity and shares his vision for the future of cloud defense.
As attackers move from malware to legitimate credentials and APIs, how does this redefine the “identity perimeter”? What specific metrics or behavioral patterns help distinguish routine administrative tasks from a sophisticated breach?
The concept of a perimeter has shifted from a network boundary to a fluid, identity-centric model where credentials are the ultimate keys to the kingdom. When an attacker uses a valid API key or a stolen login, they aren’t “breaking in” so much as they are simply “logging in,” which makes traditional signature-based detection almost useless. To catch this, we have to look at behavioral telemetry, such as unexpected shifts in the velocity of API calls or access requests originating from unusual geographic locations. We also monitor for “impossible travel” scenarios and the sudden use of cloud-native administrative tools that a specific user role has never touched before. It creates a high-stakes environment where distinguishing a legitimate sysadmin from a threat actor requires a deep, baseline understanding of normal operational patterns.
Automated workflows and service-to-service integrations have created a surge in machine identities. How do over-privileged service accounts complicate the security landscape, and what step-by-step process should teams follow to audit these connections effectively?
Over-privileged service accounts are a massive silent risk because, unlike human users, they don’t get tired and their activity is often hidden within massive logs of automated traffic. If a single automated workflow has broad administrative permissions, a compromise there can lead to an immediate, full-scale environment takeover without a single password being guessed. To audit this, teams should first map every service-to-service connection to visualize the actual flow of data and permissions. Next, they must implement a strict least-privilege policy, stripping away any “star” permissions and replacing them with granular, task-specific roles. Finally, regular automated reviews of these machine identities are essential to ensure that “permission creep” doesn’t reoccur as new integrations are added to the stack.
Multi-cloud environments often suffer from configuration gaps and “small errors” that allow for privilege escalation. Beyond basic hygiene, how should organizations handle the complexity of tracking settings across diverse platforms to prevent initial access?
Managing security across diverse platforms like AWS, Azure, and Google Cloud is a daunting task because each has its own unique vocabulary and set of configuration defaults. A “small error,” such as leaving a storage bucket publicly readable or misconfiguring a security group, can serve as a launchpad for an attacker to escalate their privileges across the entire organization. To handle this complexity, organizations need to move toward “Infrastructure as Code” where security policies are baked into the deployment templates themselves. This allows for continuous monitoring and automated remediation, ensuring that if a setting drifts from the secure baseline, it is instantly flagged or corrected. It’s no longer about manual checks; it’s about creating a unified visibility layer that can interpret the security posture of every cloud asset in real-time.
Attackers are now targeting cloud-hosted AI services for model manipulation and data theft. What are the primary risks of leaving AI resources poorly guarded, and how can these tools be exploited to scale up malicious operations like automated phishing?
Leaving AI resources unguarded is like handing a megaphone and a master key to a thief; it allows them to manipulate the very models your business relies on for decision-making. If an attacker gains access to a cloud-hosted AI service, they can poison the training data or extract sensitive information that was used to tune the model. Furthermore, these compromised AI tools are being repurposed to automate the “boring” parts of cybercrime, such as generating highly convincing, localized phishing emails at a scale no human could match. This increases both the speed and the sophistication of attacks, making it possible for threat actors to launch thousands of targeted strikes simultaneously using your own computing power.
Legitimate cloud infrastructure is frequently repurposed by threat actors to host command-and-control systems. What strategies can organizations use to monitor traffic from reputable platforms, and how do they balance security with the need for open cloud-native connectivity?
This is one of the most difficult challenges because blocking traffic from major cloud providers would essentially break the modern internet and stall business operations. Threat actors thrive in this “gray zone,” using reputable domains to host malware or command-and-control (C2) servers because they know that standard firewalls will trust that traffic. Organizations must move beyond IP-based filtering and instead focus on deep packet inspection and analyzing the intent of the traffic. You have to balance this by using advanced threat intelligence that tracks known-bad patterns even when they originate from “good” neighborhoods. It requires a mindset shift where you trust the platform’s reputation but verify the specific behavior of every byte entering or leaving your network.
What is your forecast for cloud security?
I believe we are entering an era where cloud security will be defined by “autonomous defense” powered by the very same AI technologies that attackers are currently trying to exploit. As the H1 2026 report suggests, the sheer scale of cloud-native identities and API connections will soon outpace human ability to manage them manually. We will see a shift toward self-healing infrastructures that can detect a compromised credential and revoke its access in milliseconds, long before a human analyst could even open the alert. However, this also means the “arms race” will intensify, as attackers use AI to find those tiny configuration gaps faster than we can patch them. Ultimately, the winners will be the organizations that stop viewing cloud security as a checkbox and start treating it as a dynamic, living part of their business strategy.