Publication date:
Publication from:
Artificial intelligence is rapidly transforming processes across both business and the public sector. Today, employees активно use AI for drafting communications, analyzing data, automating tasks, and even writing code.
However, these opportunities also expand the attack surface. Organizations are facing new challenges, including uncontrolled use of AI (shadow AI), risks of data leakage, and increasingly sophisticated cyber threats.
These issues were the focus of a panel discussion at the Kyiv International Cyber Resilience Forum 2026, moderated by Sergii Kulyk, Regional Manager IT Distribution and Head of the CyberTech Committee at the IT Ukraine Association. The discussion brought together information security leaders from major Ukrainian companies.
At the outset, a key issue was identified: AI has already become a routine work tool, while controls over its use are still evolving. As a result, the discussion focused on the risks of shadow AI beyond the control of IT security teams and the practical use of AI to strengthen incident detection and response.
Nova Group highlights a shift in the source of threats, with risk increasingly moving inside the organization. As Oleh Polihenko explains, the primary danger today is not traditional attacks, but the uncontrolled use of AI by employees.
The company активно uses AI in logistics, customer service, and process automation. At the same time, employees rely on public AI tools for communication, customer support, and analytics. As a result, sensitive data can leave the controlled log pipeline and data lake, reducing visibility for security teams.
To mitigate these risks, the company implements AI usage policies, develops corporate AI solutions within controlled environments with logging and auditing, and applies technical controls such as DLP and data transfer monitoring.
The key approach is not to ban the technology, but to ensure its controlled use, maintaining visibility, governance, and the ability to respond quickly to threats.
MHP adopts AI with a balance between innovation and risk control. As noted by Yurii Shatylo, cybersecurity should not slow down the business, but it must ensure control over data.
Part of the shadow AI challenge is addressed through the development of in-house models, allowing employees to work within a controlled environment with transparent logging and managed access. At the same time, requests to public AI services are monitored, and critical systems are isolated to reduce the risk of incident propagation.
It is not possible to fully eliminate the use of external tools, so the focus of security teams shifts from restriction to maintaining visibility and control where it is realistically achievable.
In the financial sector, AI-related risks are similar to those in other industries, but their impact is significantly higher. Maksim Yashchenko notes that the core issue is widespread use of AI tools without a clear understanding of their limitations and risks.
At the same time, banks активно integrate AI into operations, using it for automation, contact center support, and fast search across large volumes of internal data, where traditional SIEM tools often fall short in speed.
In groups like BNP Paribas, AI usage is strictly regulated, including access policies and fallback scenarios to ensure business continuity.
An additional risk comes from the use of generative AI in software development, where such tools may introduce vulnerabilities or hidden backdoors without sufficient visibility and control across logs and data flows.
monobank views AI as a force that works on both sides. As noted by Taras Loboda, these technologies are already used both in incident detection and response and by cybercriminals.
Within the bank, access to AI is restricted to corporate solutions, including in-house tools based on large language models, which helps maintain control over data and logs. At the same time, generative AI has improved the quality of phishing attacks and enabled partial automation of attack scenarios.
Another challenge is the limited exchange of information about incidents between companies. As a result, the market loses visibility, and businesses are less prepared for emerging threats.
Diia approaches AI through risk management rather than restrictions. As explained by Yevhenii Kudrevych, AI usage is based on international frameworks such as ISO 42001 and NIST AI Risk Management Framework, which define how risks are assessed and controlled.
The platform provides access to government registries, reducing the likelihood of data leaks. At the same time, it is important to distinguish between public and corporate AI solutions, where the latter ensure control and full visibility.
A growing challenge is the rise of AI agents that operate via APIs and interact with systems, increasing the requirements for control, logging, and incident detection and response.
In the second part of the discussion at the Kyiv International Cyber Resilience Forum 2026, the focus shifted to practical AI use in security operations centers and its role in addressing the talent shortage.
Oleh Polihenko notes that most modern cybersecurity solutions already include built-in AI capabilities, including products from Cisco, CrowdStrike, and Splunk. In monitoring systems, AI helps interpret events, enrich data, and simplify incident search.
Another key use case is behavioral analysis. Systems track infrastructure metrics such as resource load and memory usage, combining this data with knowledge of attacks or malware to identify potential threats.
AI is also used in internal security processes. For example, local language models help employees quickly find answers about policies and procedures, reducing the load on service teams and speeding up request handling.
Overall, AI acts as a support tool for analysts, helping them better understand events. It can automatically collect and analyze information from multiple sources and generate summaries of current threats, enabling faster prioritization.
As emphasized by Yurii Shatylo, AI does not introduce entirely new types of risks but adds another element to an already complex infrastructure. Any component can become an attack vector, from identity systems and corporate email to firewalls and even security controls across both industrial and corporate networks.
The focus, therefore, is not on securing AI itself, but on building overall cyber resilience. Following a major cyberattack, MHP strengthened controls across its hybrid environment through segmentation, isolation, and controlled data flows to maintain visibility.
In this model, AI plays a supporting role. It helps automate processes and accelerate analysis but does not replace core security architecture. There is no single solution, and the organizations that succeed are those that combine a systematic security approach with business needs.
In security operations centers, the main challenge remains a shortage of specialists, especially in 24/7 environments. Maksim Yashchenko notes that AI helps process large volumes of events and respond to incidents more efficiently.
Banks are testing solutions based on large language models that allow them to scale analysis without expanding teams. One approach is shifting analysis to earlier stages to reduce workload and speed up detection.
However, implementation requires significant investment, particularly in infrastructure, logging, and access control. Ultimately, AI enhances security teams but does not replace them, requiring a balance between automation, security, and control.
Taras Loboda emphasizes that AI agents are deployed where they deliver clear business value, not for the sake of technology.
One example is HR, where tools analyze candidates and generate interview summaries. In cybersecurity, their role is still supportive: an agent within incident management systems analyzes events, enriches logs, and suggests actions, while final decisions remain with humans.
The key factor is resources and team capability. There is no universal approach, but one principle holds: AI accelerates processes, while responsibility stays with people.
Yevhenii Kudrevych explains how the government approaches security for its in-house LLM within Diia. The model already operates as a first-line support tool, handling user queries.
The core principle is a Zero Trust approach within defined control boundaries, where every request and response is validated and access is tightly restricted.
The architecture is deployed on-premises using RAG, ensuring responses are generated only from verified sources, which reduces the risk of incorrect outputs. The system includes multiple layers of protection, such as input and output validation, endpoint agents, and content filtering mechanisms. Due to limited support for the Ukrainian language, part of the solution has been developed in-house.
AI has already become a core tool in business, but control over its use is lagging behind. The same technologies are активно used by attackers, making it harder to detect and respond to incidents. In response, companies are shifting toward controlled adoption by developing in-house solutions, setting usage policies, and restoring visibility into their data.
AI does not replace security professionals but strengthens them. The key task is not to restrict the technology, but to manage its risks. Those who succeed will be the ones who find the right balance between speed, security, and control.
The recording of the panel discussion is available at the link above.
