Security in Transition: On-Prem, Cloud, and the New Role of AI
At a recent tech roundtable meetup hosted by our Croatia office, security leaders from across the local technology community came together to exchange insights on the state of cybersecurity, from infrastructure choices and testing practices to the evolving role of AI in development. While perspectives varied depending on company size and sector, several clear themes emerged.
On-Prem vs. Cloud: Security Depends on Context
The long-running debate over on-premises versus cloud hosting remains as nuanced as ever. Established organizations that began with on-prem systems often continue to rely on them for tighter control over data and compliance. Meanwhile, younger and more agile teams lean toward the cloud for ease of deployment and scalability.
Speakers agreed that neither approach is inherently more secure, rather what matters most is the maturity of the organization’s security practices and its ability to respond quickly to incidents. Smaller companies, in particular, often benefit from leveraging the built-in protections and monitoring of cloud providers, whereas large enterprises may prefer the control and customization of self-managed environments.
Testing and Vulnerability Management: Shifting from Technical to Logical Risks
Security testing remains a cornerstone of resilience. Across organizations, annual penetration testing, continuous code review, and automated scanning are now standard practice. AI-powered tools are increasingly used to detect vulnerabilities faster, but participants emphasized that human oversight is still essential.
Interestingly, while the number of technical vulnerabilities is declining thanks to more secure development frameworks, logical vulnerabilities, like those rooted in flawed assumptions or business logic, are on the rise. This shift is prompting teams to expand their testing programs beyond code-level flaws to include adversarial exercises like red and purple teaming, as well as ongoing bug bounty initiatives.
Another recurring theme: automation helps, but false positives remain a pain point. AI-driven triage tools could help prioritize true risks more effectively in the future.
The Coming Era of Security Standards and Accountability
Several participants predicted a shift toward formalized security certification, especially for software that could impact human safety, drawing parallels to industrial safety standards like SIL1–4. Regulatory frameworks such as the EU’s Cyber Resilience Act (CRA) are expected to accelerate this change by assigning greater responsibility to software producers.
However, as one speaker noted, “It’s nearly impossible to keep up, a new critical vulnerability can emerge in days.” The consensus was that while compliance frameworks will help raise the baseline, adaptability and continuous security investment will remain essential.
AI, Talent, and the Future of Secure Development
AI is reshaping both offensive and defensive security practices — from automated code review to vulnerability discovery. Yet, panelists voiced concern that overreliance on AI could erode human expertise. If organizations stop cultivating junior developers and security engineers today, they risk facing a shortage of skilled seniors in a decade.
The takeaway: AI should be treated as a tool, not a replacement for critical thinking. Building secure systems still requires experience, judgment, and mentorship, especially as the complexity of modern codebases continues to grow.
A Shared Commitment to Collaboration
From cloud strategy to code review to compliance, the overarching message was clear: security is no longer a niche concern. It’s a shared organizational responsibility that extends from developers to executives, and from private industry to academia.
Events like this highlight the growing role of collaborative security dialogue across the tech ecosystem. To learn more about how Microblink is tackling many of these pressing issue, get in touch today.
