CrowdStrike CTO faces two-way challenge when it comes to AI
CrowdStrike's Elia Zaitsev spent a decade at the company before being promoted to CTO in 2023, just months after ChatGPT's debut. It was a pivotal moment for his career and for the broader technology landscape.
He understood the magnitude of the shift and how generative AI and large language models would reshape his company. As CTO, Zaitsev has guided CrowdStrike’s technology strategy through this rapid transformation.
Chat interfaces that understand plain language, along with AI agents operating independently, offer a powerful opportunity for his company, but it could cut both ways. While he was initially excited by the possibilities of large language models, he quickly realized that bad actors would have access to the same tools.
"Once the initial euphoria wore off, I started thinking, man, the adversaries are going to be using this stuff too," Zaitsev told FastForward. "Like most technology, the technology itself is neither good nor bad. It's the people who are wielding it that decide whether it's going to be beneficial or harmful," he said.
Bad actors could use it for a host of malicious activities, from prompt‑injection attacks and silent data exfiltration to large‑scale phishing and automated social‑engineering campaigns. AI just raises the velocity and lowers the cost of trying.
Zaitsev joined the company as an engineer in 2013, and wasn't a stranger to AI as his work had intersected with various types of AI technology over his career. "We've been leveraging other forms of AI, ML, deep learning technology, etc, pretty much since the company was formed," Zaitsev told FastForward.
Evolving threats
In his view, AI encompasses a variety of areas including data science, data engineering and AI operations, and he has to balance all three as he implements AI across the organization. One big problem in cybersecurity is that it's not a fixed problem set, so even if you train a model to deal with a particular problem, cyber criminals will quickly undermine that by finding new ways to attack.
Cybersecurity has always been a cat‑and‑mouse game, even without AI, and the technology only exacerbates that. "In cybersecurity you don't just have an ever-changing set of rules, you also have a determined adversary on the other end of the keyboard who is constantly trying to violate and change the rules and come up with new ways of doing things," he said.
That means that he has to be constantly recalibrating to stay ahead of them. "A lot of toil goes into the caring and feeding of all of these systems, the operations piece. It's not sexy or glamorous, but it's the difference between something that looks good in a demonstration versus something that has sustained enduring benefit in an enterprise context," he said
Meanwhile, as agents operate with increasing autonomy, they introduce a new set of challenges around identity and access management, observability and guardrails, all of which he has to watch from both a product and operations perspective.
In the end, the challenge isn’t just building better defenses, it’s keeping pace in a fight where the rules are constantly being rewritten.
