The first post in this series argued that identity is the new boundary: the question of who, or what, gets in. This post is about the boundary that matters next, once something is already inside. Because the uncomfortable truth of modern security is that intrusions are close to inevitable, and what separates a minor incident from a business-ending crisis is how far the intruder can move. AI has turned that movement from a slow, manual crawl into a machine-speed sprint, and a flat network where everything can reach everything is the single biggest gift you can give it.
This is the eighth post in our series on how AI is reshaping each layer of your security stack, it is the network counterpart to the identity post, and the full ecosystem overview ties the whole series together.
Map almost any serious breach against its timeline and one phase decides the damage: lateral movement. The initial intrusion is often noisy and sometimes caught. The lateral movement that follows is quiet, fast, and devastating. Once an attacker is inside, they move sideways across the network, escalate privileges, harvest more credentials, and work toward the systems that actually matter: your file servers, your finance machines, your backups. Detection without the ability to contain that movement is just observation. Containment is control.
A flat network is one where, once you are on it, you can reach almost everything else on it. That was always risky. Against AI it is dangerous, because AI-driven attacks move laterally across workloads and identities in minutes, far faster than a human team can react. The phrase security researchers keep using is that AI does not just break in, it fans out. On a flat network, one compromised laptop becomes a path to the server, the backups, and the finance workstation in the time it takes someone to notice the first alert.
Network segmentation, and its finer-grained form microsegmentation, breaks the network into small zones and allows each system to talk only to the things it genuinely needs, denying everything else by default. The effect is to shrink the blast radius: a compromise in one zone is trapped there rather than spreading across the business. The modern approach makes those decisions based on identity and workload rather than just an IP address or network location. It reflects a shift in mindset that every serious security team has now made, from “can we prevent every breach” to “can we survive the one that gets through”.
There is a fresh reason this matters in 2026. Businesses are deploying autonomous AI agents that run commands, query databases, and trigger workflows on their own, and many are handed far more network access than their task requires. An over-permissioned agent is just another identity that can move laterally, except it moves at machine speed and never sleeps. The same logic from our Zero Trust post applies: scope what each agent can reach to the minimum, and segmentation is how you enforce that at the network level.
| If a device is compromised | Flat network | Segmented network |
|---|---|---|
| What the attacker can reach | Almost everything | Only that device’s zone |
| Lateral movement | Unrestricted | Blocked by default |
| Remote access model | Full network via VPN | Single application via ZTNA |
| Backups | Reachable and encryptable | Isolated and protected |
| AI agent and service account reach | Unchecked | Scoped to what it needs |
Enterprise microsegmentation platforms are powerful, but most Perth businesses do not need to start there. The high-value, achievable steps are straightforward. Segment the network so guest wifi, VoIP and IoT devices, servers, and workstations sit in separate zones, and isolate your backups so ransomware on a workstation cannot reach them. Replace the old model of a VPN that drops a remote user onto the whole network with zero trust network access, which grants reach to a single application instead. We deploy Twingate for exactly that, alongside properly configured firewalls and network segmentation. Then pair it with the detection layer from our EDR post, because containment stops the spread while detection catches the attempt. Together they are the core of our managed cyber security.
Kill the flat network. If a single compromised laptop can reach your servers and backups, you have no containment. Segment by function and isolate backups as the first priority.
Replace whole-network VPN with ZTNA. A traditional VPN gives a remote attacker the run of your network. Zero trust network access limits each connection to a specific application, which dramatically shrinks what a compromised account can touch.
Scope your AI agents and service accounts. Treat every non-human identity as something that could be hijacked, and limit its network reach accordingly. Contact Epic IT for a free network security review and we will show you how far an intruder could move today.
Next in the series: the agentic SOC, and how AI is changing detection and response.
Our Perth-based team can run a free network security review, mapping your segmentation, remote access, and lateral-movement exposure. Contact us on 1300 EPIC IT.
At Epic IT, our specialists focus on long-term solutions for your business.
Our 90-day guarantee is simple: if you’re not satisfied, we’ll refund your onboarding fee and give you $5K. Contact us today!
Call Us
1300 EPIC IT
Email Us
info@epicit.com.au
Perth HQ
HQ – Unit 2, 62 Angove Street North Perth WA
Queensland Office
12 The Cct, Brisbane Airport QLD
Sydney Office
Unit 3, 104 Anglesea Street, Bondi NSW
