CIO Influence Interview with Dilip Bachwani, Chief Technology Officer, Qualys

Dilip Bachwani, Chief Technology Officer at Qualys comments on the changing scope of online threats and AI in this interview with CIO Influence:

__________

Hi Dilip, take us through some of Qualys’s recent product enhancements.

Qualys has been busy rolling out solutions that strengthen how organizations manage their cyber risk. Recently, we launched TotalAppSec, which brings together API security, web application scanning, and AI-driven malware detection into a single risk-based approach, helping secure applications from code to production. Additionally, we expanded TotalAI to bolster security for AI and large language models (LLMs), giving companies better visibility and control over AI-related risks. We also introduced the Managed Risk Operations Center (mROC) Partner Alliance, empowering our partners to deliver advanced risk management services using Qualys’ technology. 

These enhancements are core to our broader strategy of enabling a risk-based approach to cybersecurity. By unifying visibility, detection, and response across the attack surface – whether it’s applications, cloud environments, or AI systems – we’re helping organizations prioritize the risks that matter most to their business, reduce complexity, and stay ahead of evolving threats.

Also Read: CIO Influence Interview with Chuck Schauber, CPO at Black Kite

As organizations use AI to test their LLM’s, what should they keep in mind during the early stages of deploying AI systems to support them here?

Deploying AI, especially large language models, is a game-changer, but it’s not without risks. Our research on DeepSeek-R1 showed that over half of jailbreak attempts succeeded, which tells you how vulnerable these systems can be. The key is to start with visibility. It’s critical to know exactly what AI assets you’re dealing with and where the weaknesses lie. Keeping a close eye with real-time monitoring to catch misconfigurations or inadequate guardrails before they’re exploited is key. Organizations also shouldn’t add security as an afterthought; it needs to be built into the development process from the start. That’s why we created TotalAI to enable organizations to assess and protect their LLMs, while they push forward with innovation without opening the door to attackers.

What are some of the top risks that often plague the mind of modern CISOs at a time when AI is being used to enhance the severity of different kinds of threats and attacks?

CISOs have a lot on their plates these days, and AI is continuing to increase the stakes. Ransomware gangs like Black Basta, who leverage stolen credentials and brute-forcing tools, are a constant worry because they exploit gaps in the attack surface so effectively. Then there are vulnerabilities in critical systems, like the OpenSSH flaws we saw recently, which left the door open to man-in-the-middle and denial-of-service attacks. As demonstrated by our research on the DeepSeek model, which exposed how weak guardrails can let attackers bypass protections, the adoption of AI within organizations can also be a significant concern. On top of that, cloud misconfigurations and the pressure to stay compliant with ever-tightening regulations keep CISOs up at night. Our solutions are built to help CISOs tackle these challenges and give them the tools to prioritize and manage risks effectively.

What top of mind tips would you share with modern CISOs as they navigate this evolving space of sophisticated and varied threats across levels?

To keep up with today’s dynamic threat landscape, CISOs need to stay sharp and strategic. This begins with knowing their environment inside and out, including all of an organization’s assets and what they connect to. With the Risk Operations Center (ROC), CISOs have a comprehensive understanding of what they are protecting across their entire enterprise, they can tap into AI-driven analytics to predict the biggest risks to the business, and understand ways to mitigate or transfer that risk. 

Another critical aspect is getting the security and development teams on the same page so that your organization is able to weave security into the software lifecycle from the beginning. While navigating growing risks associated with increasingly innovative attack tactics, the ability to be proactive instead of just reactive can make all the difference.

Catch more CIO Insights: Hyperautomation’s Global Spotlight: How IT Leaders Are Transforming Processes Across the Tech Landscape

[To share your insights with us, please write to psen@itechseries.com ]