In this edition of Techstep Pulse, we explore how AI integration, legacy Android fleets, and evolving cyberattacks are reshaping enterprise mobile security strategy.
We cover:
AI is rapidly moving from applications into the core of operating systems.
Recent developments from companies like Apple and Google show that AI models are being embedded directly into system-level experiences, from voice assistants to productivity tools.
This is not just another feature layer. It fundamentally changes how devices operate and how they must be secured.
Unlike traditional apps, OS-level AI operates close to system resources, relies on secure hardware enclaves, processes data locally through on-device inference, and integrates with identity, messaging, and enterprise services. This expands the attack surface and shifts the trust boundary.
According to Gartner, AI integration at platform level will directly influence enterprise device strategy. When AI becomes part of the operating system, it inherits the same risk surface.
This shift introduces new questions that organisations need to address. First, how is data processed, locally or in the cloud? Second, what visibility exists into AI-driven interactions? Third, can existing MDM policies govern AI-native capabilities?
Traditional mobile device management focused on configuration and compliance. AI-native systems require policy enforcement that accounts for behaviour, data flow, and hardware dependency.
AI capabilities running natively on devices require significantly more processing power, memory, and hardware-level security than previous generations of mobile software. Many older devices were simply not designed with these requirements in mind.
As AI becomes embedded at operating-system level, performance and security become tightly linked. Devices that struggle to support modern AI workloads may also fail to meet emerging security standards.
Gartner indicates that enterprise device refresh cycles could shrink to around 24 months compared to the 4 to 5 year lifecycle many organisations have followed in recent years.
This changes the nature of lifecycle decisions. They are no longer primarily financial, they directly influence mobile security posture. Organisations that treat device refresh purely as a procurement exercise risk creating structural weaknesses in their environment.
→ Read more how our Lifecycle Management Platform can help your business
One of the most immediate and widespread risks comes from outdated Android systems.
According to Google, 42 percent of Android devices globally are running Android 12 or older, and these versions no longer receive security updates. This means that newly discovered vulnerabilities remain unpatched indefinitely.
At scale, this affects roughly one billion devices worldwide, creating a massive and persistent security gap.
Even with protections like Google Play Protect, OS-level vulnerabilities cannot be fixed, attackers exploit known and documented weaknesses, and exploitation often does not require advanced capabilities. Outdated systems create predictable entry points, making them attractive targets for attackers.
To reduce Android-related risk, organisations should identify devices that cannot upgrade to Android 13 or later, prioritise replacement based on business and security impact, define lifecycle thresholds before devices fall out of support, and continuously monitor device compliance.
This is a core part of any effective enterprise mobility strategy.
→ Further reading: Google says 1 billion Android users need to buy a new phone now
→ Find out how we can help solve the problem with Managed Services
A significant shift in mobile security is underway. Attackers are increasingly targeting management infrastructure instead of individual devices.
In January 2026, the European Commission confirmed a cyberattack targeting its mobile device management environment. Attackers exploited two zero-day vulnerabilities in Ivanti Endpoint Manager Mobile, gaining unauthorised access to the management system and exposing staff data. There is no evidence that the devices themselves were directly compromised.
This incident highlights three critical layers of mobile risk: the device, the operating system, and the management architecture. As organisations centralise control through MDM and UEM platforms, these systems become high-value targets.
A breach at the management layer can expose sensitive data, provide access to policy controls, and impact the entire organisation without touching individual devices. Mobile management platforms must now be treated as critical infrastructure.
Even with strong lifecycle management and secure MDM architecture, risk does not disappear. Mobile devices operate in inherently exposed environments, including public networks, messaging channels, and roaming or distributed users.
Mobile Threat Defense (MTD) introduces runtime protection where traditional controls stop.
MTD solutions enable real-time threat detection, phishing protection, behavioural anomaly detection, network monitoring, and visibility into zero-day exploitation attempts. This shifts mobile security from static compliance to continuous, real-time protection.
Governance alone is no longer sufficient. Detection must exist where activity happens, on the device.
→ Further reading: European Commission discloses breach that exposed staff data
Several trends are converging. AI is becoming part of the operating system, outdated Android fleets continue to expand risk, and attackers are targeting management platforms.
Mobile devices are no longer just operational tools. They now function as authentication anchors, transaction approval mechanisms, and gateways to critical enterprise systems. At the same time, they process more data locally and depend on increasingly complex management infrastructure. The boundary between endpoint, platform, and infrastructure is becoming less distinct.
To remain secure and resilient, organisations need to align device lifecycle management, MDM and UEM architecture, mobile threat defense capabilities, and governance at executive level. A fragmented approach is no longer sufficient. Mobile security must be treated as a coordinated, strategic function.
Mobile security is no longer just about device compliance. It is about managing an ecosystem where hardware, software, AI, and infrastructure are deeply interconnected.
Organisations that build a holistic mobile security strategy, combining lifecycle management, secure architecture, and runtime protection, will be better positioned to handle the increasing complexity of enterprise mobility. The risk surface has expanded, and mobile governance must expand with it.