ISJ hears exclusively from Matt Wood, Head of Cyber Security Operations for ABBYY about the risks of scaling AI models without upgrading the human side.
Can you tell me about ABBYY’s role within the industry and a bit about your job role as Head of Cyber Security Operations?
ABBYY is a global intelligent automation company, which builds software for organisations that need AI with proper governance, high accuracy and clear accountability in real operations.
Its focus is intelligent document processing and process intelligence, where the output feeds decisions, workflows and controls that have to hold up in practice.
A trusted leader with more than 35 years of innovation experience, ABBYY provides purpose-built AI solutions to help organisations transform business data into actionable insights that improve how people work and live.
Where I fit in is leading cybersecurity where clarity matters.
I give leaders a clear view of what is true, what matters and what to do next. I turn cyber-risk into decisions that can be owned, funded and executed, and I make sure the organisation can live with those decisions day to day.
That is also how I look at AI.
Governance, accuracy and accountability decide whether it is genuinely useful or just superficially impressive.
How can focusing on bigger AI models and faster hardware increase cybersecurity risks?
More capability amplifies everything.
It does not correct weaknesses, it multiplies them – from the weaknesses of legacy systems to the poor data around it.
If the objective is wrong, the controls are loose or the output is being over trusted, bigger models and faster hardware do not fix that, they just let you make the same mistake faster and at greater scale.
More compute gives you more pattern, more correlation and more speed.
It does not give you meaning.
In cybersecurity, that is where risk rises.
Fast, confident output from AI tools can be mistaken for truth.
Teams can optimise the wrong thing, miss where risk has shifted or operationalise an answer that looked coherent but was never properly challenged.
However, the real problem is not raw model size, it is scaling capability faster than governance, understanding and accountability.
Why isn’t improved pattern recognition enough for making secure AI decisions?
Recognising a pattern is not the same as understanding a decision.
Pattern recognition can help identify similarities, anomalies and likely next steps.
However, secure decisions still depend on context, boundaries, judgement and consequence.
Meaning comes from the question you ask, the frame around it and the lines you set before the system answers.
From a security perspective, a system can be very good at spotting patterns and still be unsafe in practice.
It can produce an answer that looks coherent while still moving risk somewhere you are not watching.
That is why better pattern recognition on its own is not a security model as it is one useful capability inside a wider system of governance and human accountability.
Enterprises need to remember that this ‘meaning’ is the difference between success and failure in AI, and it always will be.
How does human judgement influence how effective AI is in cybersecurity?
Human judgement is what turns AI from a technical capability into something operationally useful.
It is the layer that decides what matters, what the system is being asked to do, what risks are acceptable and when an answer needs to be challenged rather than accepted.
Compute can increase speed and capability.
It does not decide what matters, what must not be allowed or who owns the consequence.
This matters in cybersecurity because we are not dealing in abstractions, we are dealing in consequences.
AI can help surface signal, but a person still has to decide what action is justified and who is prepared to own it.
The stronger the system becomes, the more important that judgement layer gets.
What risks arise when AI is scaled without strengthening human expertise?
The main risk is imbalance.
The technology gets quicker, broader and more convincing while the people around it are still weak on framing, challenge and interpretation.
That is how organisations end up trusting outputs they do not fully understand.
You do not just increase capability, you increase the speed, confidence and blast radius of bad decisions.
In security terms, that can mean poor decisions made earlier, at greater scale with more confidence behind them.
It can also mean weak questions, weak challenge and a larger blast radius when something goes wrong.
Strengthening human expertise is what keeps capability tied to judgement rather than drift.
At ABBYY, we work to make every AI decision defensible.
For organizations that are heavily regulated, such as financial services, it is extremely important that security and compliance teams ensure their AI models are auditable and traceable to meet evolving regulatory requirements.
Can you tell me about the three pillars for safe AI use?
When it comes to scaling AI, the three pillars are precision, boundaries and understanding.
- Precision: Be precise about what you are asking the system to optimise
- Boundaries: Be explicit about the lines it must not cross
- Understanding: Make sure the people using it actually understand the answer, including its assumptions and gaps
From a cybersecurity point of view, those pillars matter because they stop capability outrunning control.
They keep AI inside a structure that people can govern, challenge and take responsibility for.
The dangerous future is multitudes of people throwing vague questions at systems they do not understand and treating the answer as a mandate.
The safe future depends on stronger human stewardship around the system, not blind faith in the system itself.
