IT, Telecom & Cyber · Australia (Perth)

Secure AI Deployments and Backup Readiness to Contain Ransomware Risk

Published May 13, 2026, 6:06 AM AWSTAPACFull category signal
Ask AI
Fortinet expands NVIDIA tie-up to secure enterprise AI

In 60 seconds

Top move

Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature

Key takeaways

  • Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature.[1]
  • Buyers should expect a rising market for AI observability and monitoring tools as firms push AI from experiment to production; Gartner's outlook signals increased demand for vendor telemetry, audit logs and continuous model monitoring that procurement must budget and contract for.[2]
  • Ransomware pressure in Australia remains high and attackers are targeting backups and recovery processes; Cohesity's findings plus broader leak-site tracking mean recovery SLA and backup isolation are operational procurement priorities for continuity and insurance discussions.[3]
  • The ransomware landscape is consolidating around fewer, larger operators which concentrates threat patterns and may change insurer and vendor behaviour—this increases the value of tested recovery playbooks and vendor resilience proofs during supplier selection.[4]
  • Overall signal is normal-to-strong for AI security and ransomware readiness; the pieces combine into clear procurement levers (contract clauses for AI controls, observability requirements, backup isolation/testing), not an immediate supply shock.[1]

What changed since last run

  • Fortinet publicly expanded FortiAIGate integration with NVIDIA, adding an inline AI control option for self‑hosted and hybrid AI that wasn't in the prior brief.
  • Gartner's forecast for mandatory AI observability in production now appears as a market driver that strengthens the case for observability requirements in sourcing.
  • New local evidence from Cohesity and leak‑site tracking highlights backup-targeting and ransomware consolidation as procurement concerns beyond earlier AI/cloud focus.

Key facts

  • FortiAIGate placed inline between applications and AI models
  • Supports self‑hosted, cloud and hybrid deployments
  • References NVIDIA Multi‑Instance GPU for shared hardware deployments
  • Gartner projects a substantial share of AI production deployments will use dedicated observab
  • Observability covers model drift, bias, fairness and data quality monitoring
  • Analysts recommend continuous tracking for production AI

Why it matters

Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature. Buyers should expect a rising market for AI observability and monitoring tools as firms push AI from experiment to production; Gartner's outlook signals increased demand for vendor telemetry, audit logs and continuous model monitoring that procurement must budget and contract for. Ransomware pressure in Australia remains high and attackers are targeting backups and recovery processes; Cohesity's findings plus broader leak-site tracking mean recovery SLA and backup isolation are operational procurement priorities for continuity and insurance discussions. The ransomware landscape is consolidating around fewer, larger operators which concentrates threat patterns and may change insurer and vendor behaviour—this increases the value of tested recovery playbooks and vendor resilience proofs during supplier selection

Cost / money

  • Expect procurement to budget for new line items: inline AI control appliances or managed AI‑security services that route model I/O, which shifts spend toward appliance, support and integration costs rather than pure cloud licensing.[1]
  • Backup hardening and faster, tested recovery increase operational OPEX or third‑party service fees because suppliers may charge premium rates for isolated, immutable backup storage and rapid recovery SLAs.[3]

Supplier / commercial

  • Vendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.[1]
  • Ransomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.[4]

Safety / operations

  • Inline AI controls change operational dependencies: uptime and latency expectations for AI services now tie into network appliance availability, adding an execution dependency between AI workloads and perimeter/security device SLAs.[1][2]
  • If backups are compromised or slow to recover—as local research shows—business continuity is at higher risk; validated recovery runbooks and isolated backup chains become operational must‑haves rather than optional items.[3]

What to watch

  • Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches.[1]
  • Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing.[4]

Top stories

Story 1SecurityBrief Australia

Fortinet expands NVIDIA tie-up to secure enterprise AI

Signal strongSource-grounded
Source notes [1]Read source

What happened

Fortinet expanded its FortiAIGate integration with NVIDIA to monitor and control AI prompts and outputs inline between applications and models. The product supports self‑hosted, cloud and hybrid AI, targeting organisations with data sovereignty or low‑latency needs. Watch whether vendors bundle GPU access, observability and enforcement into single commercial packages that reduce modular sourcing options

Buyer takeaway

Treat integrated AI security as a potential bundled procurement that can limit modular sourcing — plan to specify portability, performance and audit requirements up front

Cost / money

Shifts spend toward appliance, integration and managed‑service fees for inline AI controls rather than solely on cloud model licensing

Supplier / commercial

Vendors that combine GPU access and AI controls may ask for longer terms or bundled pricing that reduce negotiation levers for standalone observability or compute

Safety / operations

Inline controls create uptime and latency dependencies between security appliances and AI workloads, so SLAs and failover must be explicit

What to watch

Watch for vendors to shorten quote validity or gate advanced AI controls behind premium tiers, which can raise procurement costs and lock‑in risk

Key facts

  • FortiAIGate placed inline between applications and AI models
  • Supports self‑hosted, cloud and hybrid deployments
  • References NVIDIA Multi‑Instance GPU for shared hardware deployments

Source excerpts

The argument is that AI security controls need to operate inline without creating delays that make AI services harder to use
The argument is that AI security controls need to operate inline without creating delays that make AI services harder to use. The arrangement is intended to deliver low-latency inspection while reducing hardware footprint, server load and energy use
FortiAIGate can be used as a GPU-based appliance in data centres, as a virtual appliance, or as containers on NVIDIA-Certified Systems
Story 2SecurityBrief Australia

Gartner sees surge in AI observability tools by 2028

Signal moderateDirectional
Source notes [2]Read source

What happened

Gartner forecasts a surge in AI observability tool adoption as organisations move AI into production and demand continuous monitoring of model behaviour and drift. The analyst guidance pushes model monitoring toward a mandatory control for production deployments and suggests observability will be tied to governance and cost management. Procurement should expect stronger RFP requirements for telemetry, bias and drift metrics

Buyer takeaway

Make observability requirements contractually mandatory for production AI to avoid black‑box vendor lock‑in and hidden remediation costs

Cost / money

Observability tools add recurring fees and telemetry storage costs that should be included in TCO assessments and chargeback models

Supplier / commercial

Vendors may bundle observability into managed offers; insist on modular pricing and exportable telemetry to retain bargaining power

Safety / operations

Continuous model monitoring reduces operational surprise but requires roles and runbooks to act on findings — don't assume monitoring alone delivers safety

What to watch

Watch whether observability features are offered only in higher tiers or as add‑ons, limiting baseline visibility for buyers

Key facts

  • Gartner projects a substantial share of AI production deployments will use dedicated observab
  • Observability covers model drift, bias, fairness and data quality monitoring
  • Analysts recommend continuous tracking for production AI

Source excerpts

Operational steps Gartner recommends making AI model monitoring mandatory for all production deployments, with continuous tracking of fairness, drift and data quality metrics
Gartner defines AI observability as the use of dedicated tools to manage and assess the behaviour, decision-making and risks of AI systems, including model drift, bias and large language model logic. The forecast points to a growing market for AI monitoring software as companies move from experimentation to production
Dedicated AI observability provides the necessary mechanisms to monitor and mitigate algorithmic risk, establishing the technical foundation for widespread enterprise AI trust and adoption," Byrne said. Operational steps Gartner recommends making AI model monitoring mandatory for all production deployments, with continuous tracking of fairness, drift and data quality metrics
Story 3SecurityBrief Australia

Australian firms urged to rethink ransomware defences

Signal strongSource-grounded
Source notes [3]Read source

What happened

Cohesity and partners are urging Australian firms to rethink ransomware defences after research showed high incident and payment rates and attackers deliberately target backups. The message emphasises converting backups from passive recovery assets into actively monitored, isolated and tested resilience capabilities. Procurement should prioritise immutable backup proofs and recovery test evidence in supplier selection and renewals

Buyer takeaway

Require demonstrable backup isolation and recent recovery test results during onboarding and renewals; don't accept untested recovery claims

Cost / money

Expect higher fees for isolated immutable storage and rapid recovery guarantees, but weigh them against the cost of operational downtime

Supplier / commercial

Vendors lacking demonstrable recovery practices may face higher scrutiny or loss of eligibility for critical storage contracts

Safety / operations

Recovery runbooks, tested restores and segmented backup chains materially reduce dwell time and operational impact during incidents

What to watch

Limited-signal vendors may overstate recovery capability—insist on evidence and test logs rather than vendor statements

Key facts

  • Cohesity research highlights elevated ransomware impact on Australian large businesses
  • Backup-targeting by attackers undermines recovery unless backups are isolated and tested
  • High observed payment rates linked to unreliable or untested recovery processes

Source excerpts

Today, ransomware has evolved beyond traditional extortion, with attackers deliberately targeting backup data to undermine recovery efforts and increase pressure to pay
Because backup data is isolated from live environments, attackers are typically less able to tamper with it, making backups a trusted source for identifying suspicious activity, tracking attackers' dwell time, and validating that a data set is clean before initiating recovery
Despite having policies in place, Cohesity's research found that 96% of Australian large businesses paid ransom in the last year, as opposed to 82% globally, with many blaming untested, slow, or unreliable recovery processes. By conducting frequent recovery drills using clean, isolated environments, businesses can validate backup integrity, confirm data hygiene, and rehearse restoring systems quickly," Eagleton said
Story 4SecurityBrief Australia

Ransomware attacks near record as groups consolidate

Signal moderateDirectional
Source notes [4]Read source

What happened

Check Point Research reports ransomware activity remains near record levels globally while top operators now account for a larger share of victims, indicating market consolidation. The shift concentrates threat patterns and could change insurer assessments and attacker negotiation behaviours. Procurement should re‑assess supplier IR capabilities and insurance interplay given this concentration of threat actors

Buyer takeaway

Treat consolidation as a change in threat concentration that affects insurer and supplier commitments; tighten IR evidence and forensic readiness in contracts

Cost / money

Concentrated threat activity can pressure insurance pricing and conditionalities, which affects total procurement cost for cyber resilience

Supplier / commercial

Top-tier response providers may demand premium pricing as demand for hardened recovery and IR services rises

Safety / operations

Concentration of high-capability groups increases the need for tested incident response and rapid forensic handoffs to external specialists

What to watch

Early-signal: monitor whether insurers add new conditionalities or require specific vendor proofs during renewal windows

Key facts

  • Ransomware volume remained near record levels in the referenced quarter
  • Top operators accounted for a majority share of publicly listed victims
  • Activity showed regional concentration in Asia‑Pacific among certain groups

Source excerpts

Market shift The findings suggest the ransomware market is no longer expanding through a growing number of small actors
The report counted 2,122 organisations listed on ransomware data leak sites during the quarter, making it the second-highest first quarter on record
JOSEPH GABRIEL LAGONSIN News Editor Check Point Research reported that ransomware attacks remained near record levels in the first quarter of 2026, while the market consolidated around a smaller number of operators

VP Snapshot

Executive Risk & Action View

Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature.

Overall
69
Cost
61
Supply
43
Schedule
20
Compliance
15

Top signals

30-180dcost

Signal 1: Cost / money

Expect procurement to budget for new line items: inline AI control appliances or managed AI‑security services that route model I/O, which shifts spend toward appliance, support and integration costs rather than pure cloud licensing.

Signal 2: Cost / money

Backup hardening and faster, tested recovery increase operational OPEX or third‑party service fees because suppliers may charge premium rates for isolated, immutable backup storage and rapid recovery SLAs.

180d+commercial

Signal 3: Supplier / commercial

Vendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.

30-180dcommercial

Signal 4: Supplier / commercial

Ransomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.

0-30dsupply

Signal 5: Safety / operations

Inline AI controls change operational dependencies: uptime and latency expectations for AI services now tie into network appliance availability, adding an execution dependency between AI workloads and perimeter/security device SLAs.

30-180dsupplier

Signal 6: Safety / operations

If backups are compromised or slow to recover—as local research shows—business continuity is at higher risk; validated recovery runbooks and isolated backup chains become operational must‑haves rather than optional items.

Recommended actions

OpsDue 3d

Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.

Verified list of critical suppliers with backup isolation proof and recent recovery test results attached to each supplier record.

CategoryDue 3d

Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.

Tagged inventory of AI workloads with deployment constraints and recommended enforcement placement (on‑prem, hybrid, or cloud).

ContractsDue 21d

Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.

Updated RFP and SOW templates that require AI observability metrics, audit logs and defined rollback/runbook obligations for production AI.

ContractsDue 21d

Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.

Contract addendum template mandating backup resilience evidence and recovery SLAs to be included in supplier agreements.

CategoryDue 60d

Run a sourcing review comparing integrated AI‑security bundles (appliance + GPU integration) against best‑of‑breed observability + internal SOC augmentation, and include data‑so...

Sourcing recommendation with negotiation playbook, standard exit/portability clauses, and preferred commercial approach documented for AI security buys.

LegalDue 60d

Incorporate ransomware consolidation into insurer and supplier discussions: request updated cyber insurance terms and vendor incident response commitments on renewal cycles.

Revised renewal checklist capturing insurer conditionalities and required vendor incident response SLAs for negotiation leverage.

Risk register

RiskTriggerMitigation
Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches.Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches.Confirm exposure with category, contracts, and operations before the next supplier commitment.
Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing.Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing.Confirm exposure with category, contracts, and operations before the next supplier commitment.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.

because Cohesity's local findings show attackers are targeting backups and recovery failures have driven payments, so you must confirm backups are isolated, immutable, and teste...

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.

because Fortinet's FortiAIGate positioning shows buyers will need to map which AI workloads require inline controls or data‑sovereign deployments to select appropriate security...

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.

because Gartner recommends mandatory model monitoring and Fortinet's inline controls increase the need to trace AI inputs/outputs, so contracts must enforce visibility and rollb...

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.

because local research indicates backups are being targeted and poor recovery processes force ransom payments, so procurement should make backup resilience a gating criterion fo...

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

SecurityBrief Australia

high

Observed supplier signal

Vendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.

Commercial implication

Vendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Ransomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.

Commercial implication

Ransomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

Negotiation levers

Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.

When to use: because Cohesity's local findings show attackers are targeting backups and recovery failures have driven payments, so you must confirm backups are isolated, immutable, and teste...

Expected outcome: Verified list of critical suppliers with backup isolation proof and recent recovery test results attached to each supplier record.

Commercial mechanism to carry into the next supplier conversation

Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.

When to use: because Fortinet's FortiAIGate positioning shows buyers will need to map which AI workloads require inline controls or data‑sovereign deployments to select appropriate security...

Expected outcome: Tagged inventory of AI workloads with deployment constraints and recommended enforcement placement (on‑prem, hybrid, or cloud).

Commercial mechanism to carry into the next supplier conversation

Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.

When to use: because Gartner recommends mandatory model monitoring and Fortinet's inline controls increase the need to trace AI inputs/outputs, so contracts must enforce visibility and rollb...

Expected outcome: Updated RFP and SOW templates that require AI observability metrics, audit logs and defined rollback/runbook obligations for production AI.

Commercial mechanism to carry into the next supplier conversation

Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.

When to use: because local research indicates backups are being targeted and poor recovery processes force ransom payments, so procurement should make backup resilience a gating criterion fo...

Expected outcome: Contract addendum template mandating backup resilience evidence and recovery SLAs to be included in supplier agreements.

Commercial mechanism to carry into the next supplier conversation

Talking points

Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature.
Buyers should expect a rising market for AI observability and monitoring tools as firms push AI from experiment to production; Gartner's outlook signals increased demand for vendor telemetry, audit logs and continuous model monitoring that procurement must budget and contract for.
Ransomware pressure in Australia remains high and attackers are targeting backups and recovery processes; Cohesity's findings plus broader leak-site tracking mean recovery SLA and backup isolation are operational procurement priorities for continuity and insurance discussions.
The ransomware landscape is consolidating around fewer, larger operators which concentrates threat patterns and may change insurer and vendor behaviour—this increases the value of tested recovery playbooks and vendor resilience proofs during supplier selection.

Supplier radar

SupplierSignalImplicationNext stepConfidence
SecurityBrief AustraliaVendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.Vendors bundling AI security with GPU or observability stacks (example: Fortinet + NVIDIA) can push integrated scopes and longer term deals that reduce buyer negotiation leverage on component pricing and portability.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaRansomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.Ransomware market consolidation concentrates buyer exposure to top operators' tactics and may tighten insurer‑vendor interplay, making vendor indemnity, cyber insurance pass‑throughs and recovery obligations more important contract levers.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high

Negotiation levers

  • Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.because Cohesity's local findings show attackers are targeting backups and recovery failures have driven payments, so you must confirm backups are isolated, immutable, and teste...Verified list of critical suppliers with backup isolation proof and recent recovery test results attached to each supplier record.

    high confidence

  • Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.because Fortinet's FortiAIGate positioning shows buyers will need to map which AI workloads require inline controls or data‑sovereign deployments to select appropriate security...Tagged inventory of AI workloads with deployment constraints and recommended enforcement placement (on‑prem, hybrid, or cloud).

    high confidence

  • Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.because Gartner recommends mandatory model monitoring and Fortinet's inline controls increase the need to trace AI inputs/outputs, so contracts must enforce visibility and rollb...Updated RFP and SOW templates that require AI observability metrics, audit logs and defined rollback/runbook obligations for production AI.

    high confidence

  • Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.because local research indicates backups are being targeted and poor recovery processes force ransom payments, so procurement should make backup resilience a gating criterion fo...Contract addendum template mandating backup resilience evidence and recovery SLAs to be included in supplier agreements.

    high confidence

What to do / What to watch

What to do now

  • Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.

    Why: because Cohesity's local findings show attackers are targeting backups and recovery failures have driven payments, so you must confirm backups are isolated, immutable, and teste...

    Owner: Ops

    Expected outcome: Verified list of critical suppliers with backup isolation proof and recent recovery test results attached to each supplier record.

    [3]
  • Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.

    Why: because Fortinet's FortiAIGate positioning shows buyers will need to map which AI workloads require inline controls or data‑sovereign deployments to select appropriate security...

    Owner: Category

    Expected outcome: Tagged inventory of AI workloads with deployment constraints and recommended enforcement placement (on‑prem, hybrid, or cloud).

    [1]

Next few weeks

  • Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.

    Why: because Gartner recommends mandatory model monitoring and Fortinet's inline controls increase the need to trace AI inputs/outputs, so contracts must enforce visibility and rollb...

    Owner: Contracts

    Expected outcome: Updated RFP and SOW templates that require AI observability metrics, audit logs and defined rollback/runbook obligations for production AI.

    [2]
  • Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.

    Why: because local research indicates backups are being targeted and poor recovery processes force ransom payments, so procurement should make backup resilience a gating criterion fo...

    Owner: Contracts

    Expected outcome: Contract addendum template mandating backup resilience evidence and recovery SLAs to be included in supplier agreements.

    [3]

Longer view

  • Run a sourcing review comparing integrated AI‑security bundles (appliance + GPU integration) against best‑of‑breed observability + internal SOC augmentation, and include data‑so...

    Why: because Fortinet's vendor integration and Gartner's observability growth change supplier leverage and lock‑in risk, so a sourcing review preserves negotiation leverage and exit...

    Owner: Category

    Expected outcome: Sourcing recommendation with negotiation playbook, standard exit/portability clauses, and preferred commercial approach documented for AI security buys.

    [1][2]
  • Incorporate ransomware consolidation into insurer and supplier discussions: request updated cyber insurance terms and vendor incident response commitments on renewal cycles.

    Why: because leak‑site tracking shows market consolidation which may shift insurer risk models and vendor obligations, and procurement must align contracts to new threat concentratio...

    Owner: Legal

    Expected outcome: Revised renewal checklist capturing insurer conditionalities and required vendor incident response SLAs for negotiation leverage.

    [4]

What to watch

  • Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches
  • Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing
  • Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches.: Watch whether vendors start shortening quote validity or tie advanced AI‑security features to higher tiers, which would reduce negotiation room for buyers seeking modular, best‑of‑breed approaches
  • Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing.: Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing
  • Enterprise AI deployments are moving inline with network controls: Fortinet's expanded FortiAIGate integration with NVIDIA creates an inline enforcement point for AI prompts and outputs, which makes on‑prem and hybrid AI security a procurement decision, not just a security feature
  • Buyers should expect a rising market for AI observability and monitoring tools as firms push AI from experiment to production; Gartner's outlook signals increased demand for vendor telemetry, audit logs and continuous model monitoring that procurement must budget and contract for
  • Ransomware pressure in Australia remains high and attackers are targeting backups and recovery processes; Cohesity's findings plus broader leak-site tracking mean recovery SLA and backup isolation are operational procurement priorities for continuity and insurance discussions
  • The ransomware landscape is consolidating around fewer, larger operators which concentrates threat patterns and may change insurer and vendor behaviour—this increases the value of tested recovery playbooks and vendor resilience proofs during supplier selection

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)May 12, 2026, 10:08 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)May 12, 2026, 10:08 PM
Zscaler (ZS)195 +0.00 (+0.00%)May 12, 2026, 10:08 PM
Fortinet (FTNT)72 +0.00 (+0.00%)May 12, 2026, 10:08 PM
  • Fortinet: Fortinet's product moves suggest rising market focus on vendor-led AI security stacks; expect negotiation leverage shifts for integrated appliance buys
  • Palo Alto: Palo Alto and peers will be relevant comparators for AI inline controls and observability integrations during sourcing

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] Fortinet expands NVIDIA tie-up to secure enterprise AI

securitybrief.com.au · n.d.

Expand

AI reading

Fortinet expanded its FortiAIGate integration with NVIDIA to monitor and control AI prompts and outputs inline between applications and models. The product supports self‑hosted, cloud and hybrid AI, targeting organisations with data sovereignty or low‑latency needs. Watch whether vendors bundle GPU access, observability and enforcement into single commercial packages that reduce modular sourcing options

Buyer takeaway

Treat integrated AI security as a potential bundled procurement that can limit modular sourcing — plan to specify portability, performance and audit requirements up front

Cost / money

Shifts spend toward appliance, integration and managed‑service fees for inline AI controls rather than solely on cloud model licensing

Supplier / commercial

Vendors that combine GPU access and AI controls may ask for longer terms or bundled pricing that reduce negotiation levers for standalone observability or compute

Safety / operations

Inline controls create uptime and latency dependencies between security appliances and AI workloads, so SLAs and failover must be explicit

What to watch

Watch for vendors to shorten quote validity or gate advanced AI controls behind premium tiers, which can raise procurement costs and lock‑in risk

Key facts

  • FortiAIGate placed inline between applications and AI models
  • Supports self‑hosted, cloud and hybrid deployments
  • References NVIDIA Multi‑Instance GPU for shared hardware deployments

Source excerpts

The argument is that AI security controls need to operate inline without creating delays that make AI services harder to use
The argument is that AI security controls need to operate inline without creating delays that make AI services harder to use. The arrangement is intended to deliver low-latency inspection while reducing hardware footprint, server load and energy use
FortiAIGate can be used as a GPU-based appliance in data centres, as a virtual appliance, or as containers on NVIDIA-Certified Systems

Used in this brief

  • Safety / operations: Inline AI controls change operational dependencies: uptime and latency expectations for AI services now tie into network appliance availability, adding an execution dependency between AI workloads and perimeter/security device SLAs
  • Next 72 hours — Inventory AI workloads that must remain on‑prem or in sovereign locations and tag those with inline inspection or low‑latency requirements.. Rationale: because Fortinet's FortiAIGate positioning shows buyers will need to map which AI workloads require inline controls or data‑sovereign deployments to select appropriate security.... Owner: Category. KPI: Tagged inventory of AI workloads with deployment constraints and recommended enforcement placement (on‑prem, hybrid, or cloud)
  • Next quarter — Run a sourcing review comparing integrated AI‑security bundles (appliance + GPU integration) against best‑of‑breed observability + internal SOC augmentation, and include data‑so.... Rationale: because Fortinet's vendor integration and Gartner's observability growth change supplier leverage and lock‑in risk, so a sourcing review preserves negotiation leverage and exit.... Owner: Category. KPI: Sourcing recommendation with negotiation playbook, standard exit/portability clauses, and preferred commercial approach documented for AI security buys
Open original source

[2] Gartner sees surge in AI observability tools by 2028

securitybrief.com.au · n.d.

Expand

AI reading

Gartner forecasts a surge in AI observability tool adoption as organisations move AI into production and demand continuous monitoring of model behaviour and drift. The analyst guidance pushes model monitoring toward a mandatory control for production deployments and suggests observability will be tied to governance and cost management. Procurement should expect stronger RFP requirements for telemetry, bias and drift metrics

Buyer takeaway

Make observability requirements contractually mandatory for production AI to avoid black‑box vendor lock‑in and hidden remediation costs

Cost / money

Observability tools add recurring fees and telemetry storage costs that should be included in TCO assessments and chargeback models

Supplier / commercial

Vendors may bundle observability into managed offers; insist on modular pricing and exportable telemetry to retain bargaining power

Safety / operations

Continuous model monitoring reduces operational surprise but requires roles and runbooks to act on findings — don't assume monitoring alone delivers safety

What to watch

Watch whether observability features are offered only in higher tiers or as add‑ons, limiting baseline visibility for buyers

Key facts

  • Gartner projects a substantial share of AI production deployments will use dedicated observab
  • Observability covers model drift, bias, fairness and data quality monitoring
  • Analysts recommend continuous tracking for production AI

Source excerpts

Operational steps Gartner recommends making AI model monitoring mandatory for all production deployments, with continuous tracking of fairness, drift and data quality metrics
Gartner defines AI observability as the use of dedicated tools to manage and assess the behaviour, decision-making and risks of AI systems, including model drift, bias and large language model logic. The forecast points to a growing market for AI monitoring software as companies move from experimentation to production
Dedicated AI observability provides the necessary mechanisms to monitor and mitigate algorithmic risk, establishing the technical foundation for widespread enterprise AI trust and adoption," Byrne said. Operational steps Gartner recommends making AI model monitoring mandatory for all production deployments, with continuous tracking of fairness, drift and data quality metrics

Used in this brief

  • Next 2-4 weeks — Add AI observability, audit‑trail and prompt/result logging requirements to RFP templates and SOWs for AI platforms and managed SOC services.. Rationale: because Gartner recommends mandatory model monitoring and Fortinet's inline controls increase the need to trace AI inputs/outputs, so contracts must enforce visibility and rollb.... Owner: Contracts. KPI: Updated RFP and SOW templates that require AI observability metrics, audit logs and defined rollback/runbook obligations for production AI
  • Gartner's forecast for mandatory AI observability in production now appears as a market driver that strengthens the case for observability requirements in sourcing
  • Gartner forecasts a surge in AI observability tool adoption as organisations move AI into production and demand continuous monitoring of model behaviour and drift. The analyst guidance pushes model monitoring toward a mandatory control for production deployments and suggests observability will be tied to governance and cost management. Procurement should expect stronger RFP requirements for telemetry, bias and drift metrics
Open original source

[3] Australian firms urged to rethink ransomware defences

securitybrief.com.au · n.d.

Expand

AI reading

Cohesity and partners are urging Australian firms to rethink ransomware defences after research showed high incident and payment rates and attackers deliberately target backups. The message emphasises converting backups from passive recovery assets into actively monitored, isolated and tested resilience capabilities. Procurement should prioritise immutable backup proofs and recovery test evidence in supplier selection and renewals

Buyer takeaway

Require demonstrable backup isolation and recent recovery test results during onboarding and renewals; don't accept untested recovery claims

Cost / money

Expect higher fees for isolated immutable storage and rapid recovery guarantees, but weigh them against the cost of operational downtime

Supplier / commercial

Vendors lacking demonstrable recovery practices may face higher scrutiny or loss of eligibility for critical storage contracts

Safety / operations

Recovery runbooks, tested restores and segmented backup chains materially reduce dwell time and operational impact during incidents

What to watch

Limited-signal vendors may overstate recovery capability—insist on evidence and test logs rather than vendor statements

Key facts

  • Cohesity research highlights elevated ransomware impact on Australian large businesses
  • Backup-targeting by attackers undermines recovery unless backups are isolated and tested
  • High observed payment rates linked to unreliable or untested recovery processes

Source excerpts

Today, ransomware has evolved beyond traditional extortion, with attackers deliberately targeting backup data to undermine recovery efforts and increase pressure to pay
Because backup data is isolated from live environments, attackers are typically less able to tamper with it, making backups a trusted source for identifying suspicious activity, tracking attackers' dwell time, and validating that a data set is clean before initiating recovery
Despite having policies in place, Cohesity's research found that 96% of Australian large businesses paid ransom in the last year, as opposed to 82% globally, with many blaming untested, slow, or unreliable recovery processes. By conducting frequent recovery drills using clean, isolated environments, businesses can validate backup integrity, confirm data hygiene, and rehearse restoring systems quickly," Eagleton said

Used in this brief

  • Cost / money: Backup hardening and faster, tested recovery increase operational OPEX or third‑party service fees because suppliers may charge premium rates for isolated, immutable backup storage and rapid recovery SLAs
  • Next 72 hours — Verify disaster recovery and backup isolation evidence for critical suppliers and cloud providers.. Rationale: because Cohesity's local findings show attackers are targeting backups and recovery failures have driven payments, so you must confirm backups are isolated, immutable, and teste.... Owner: Ops. KPI: Verified list of critical suppliers with backup isolation proof and recent recovery test results attached to each supplier record
  • Next 2-4 weeks — Require vendor evidence of immutable backup storage or air‑gapped recovery options during renewals and new supplier onboarding.. Rationale: because local research indicates backups are being targeted and poor recovery processes force ransom payments, so procurement should make backup resilience a gating criterion fo.... Owner: Contracts. KPI: Contract addendum template mandating backup resilience evidence and recovery SLAs to be included in supplier agreements
Open original source

[4] Ransomware attacks near record as groups consolidate

securitybrief.com.au · n.d.

Expand

AI reading

Check Point Research reports ransomware activity remains near record levels globally while top operators now account for a larger share of victims, indicating market consolidation. The shift concentrates threat patterns and could change insurer assessments and attacker negotiation behaviours. Procurement should re‑assess supplier IR capabilities and insurance interplay given this concentration of threat actors

Buyer takeaway

Treat consolidation as a change in threat concentration that affects insurer and supplier commitments; tighten IR evidence and forensic readiness in contracts

Cost / money

Concentrated threat activity can pressure insurance pricing and conditionalities, which affects total procurement cost for cyber resilience

Supplier / commercial

Top-tier response providers may demand premium pricing as demand for hardened recovery and IR services rises

Safety / operations

Concentration of high-capability groups increases the need for tested incident response and rapid forensic handoffs to external specialists

What to watch

Early-signal: monitor whether insurers add new conditionalities or require specific vendor proofs during renewal windows

Key facts

  • Ransomware volume remained near record levels in the referenced quarter
  • Top operators accounted for a majority share of publicly listed victims
  • Activity showed regional concentration in Asia‑Pacific among certain groups

Source excerpts

Market shift The findings suggest the ransomware market is no longer expanding through a growing number of small actors
The report counted 2,122 organisations listed on ransomware data leak sites during the quarter, making it the second-highest first quarter on record
JOSEPH GABRIEL LAGONSIN News Editor Check Point Research reported that ransomware attacks remained near record levels in the first quarter of 2026, while the market consolidated around a smaller number of operators

Used in this brief

  • Next quarter — Incorporate ransomware consolidation into insurer and supplier discussions: request updated cyber insurance terms and vendor incident response commitments on renewal cycles.. Rationale: because leak‑site tracking shows market consolidation which may shift insurer risk models and vendor obligations, and procurement must align contracts to new threat concentratio.... Owner: Legal. KPI: Revised renewal checklist capturing insurer conditionalities and required vendor incident response SLAs for negotiation leverage
  • Watch insurer and marketplace responses to ransomware consolidation: expect changes to coverage terms or higher conditionalities for recovery proofs and backup isolation during renewals and sourcing
  • Check Point Research reports ransomware activity remains near record levels globally while top operators now account for a larger share of victims, indicating market consolidation. The shift concentrates threat patterns and could change insurer assessments and attacker negotiation behaviours. Procurement should re‑assess supplier IR capabilities and insurance interplay given this concentration of threat actors
Open original source

[5] Fortinet

finance.yahoo.com · n.d.

Expand
Open original source

[6] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View