For Marco Eggerling, Chief Information Security Officer at UiPath, security is baked into every line of code the company ships. Speaking at the recent industry event UiPath Fusion, Eggerling outlined how the automation software giant approaches the challenge of delivering products that customers can trust, and why the conversation around AI and enterprise security is still missing a critical piece.
“The most important thing to know is that UiPath undertakes a considerable amount of work to be sure that we are coding software in the most secure way possible,” he said. That effort spans the full software lifecycle: secure delivery management processes, internal security teams embedded in the engineering workflow, and controls designed to stop both insider error and external attack. The goal, Eggerling explained, is to ensure that what leaves UiPath’s hands is exactly what reaches the customer — untampered, intact, and trustworthy.
But when Eggerling walks the corridors of events like this one, the conversations he has with customers and prospects often veer into territory that sits just outside the traditional security brief. The topic dominating those discussions? Artificial intelligence — and more specifically, the gap between executive expectations and organisational reality.
“One of the bigger challenges is AI and what I’d call the executive bias,” he said. “A lot of the people deciding where to spend AI money are expecting miracles in return. That’s not necessarily how reality works.” For AI to deliver meaningful results, Eggerling argues, organisations need a high level of data maturity. Without clean, well-governed, structured data, AI systems have nothing solid to work with — and no amount of investment in the technology itself can compensate for that gap.
There is also the question of risk. Introducing AI into an organisation does not neutralise existing security vulnerabilities — it amplifies them. “If you have a generally average level of information security maturity, that will spill over into how you perceive what AI does for you,” Eggerling noted. In other words, a weak security foundation does not become stronger just because AI has been layered on top. The flaws carry through.
This creates a tension that many enterprises are only beginning to grapple with. On one side, AI is increasingly embedded in the products and platforms organisations rely on day to day — whether they realise it or not. On the other, the risk surface that comes with those AI-powered systems is expanding. The threats are evolving faster than most security programmes can track.
Eggerling’s answer to this tension is both pragmatic and pointed: “Companies are building a lot of technology with AI under the hood. And the truth is, if you want to defend against the risks that come from AI, the only way to do it is by defending yourself using AI.” It is a position he hears echoed across the industry — not a theoretical future state, but an operational reality that security teams need to embrace now.
The implications for enterprise buyers are clear. Investing in AI without first investing in the data governance and security maturity to support it is a recipe for disappointment — and potentially, exposure. And expecting that traditional security tools will be sufficient against AI-driven threats is, at this point, an assumption that the evidence no longer supports.
Zie ook
Video: AI Agents and Business Value Take Center Stage at UiPath Fusion Benelux
