With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

The top security challenge with AI adoption is uncontrolled data exposure—whether through shadow AI, sensitive data being fed into models, or lack of oversight on third-party tools. To address this, leaders should establish clear AI use policies, embed AI into existing risk assessments, and invest in controls for data leakage, access management, and monitoring.

CISOs, VPs, and Directors can enable innovation without new exposures by creating governance guardrails early, offering safe environments for experimentation, and aligning security investments around protecting the organization’s most critical data.

To effectively implement AI, it is crucial to adopt a proactive and strategic approach. The first step involves prohibiting the use of AI-related services until a comprehensive framework is established. Subsequently, collaborate with the Chief Information Officer (CIO) and the business to gain a thorough understanding of their requirements. The third step entails pre-defining and reaching an agreement with specific AI service providers for various functions, ensuring that data security measures are robustly implemented.

For instance, if development teams require access to ten distinct solutions, it is essential to engage with the CIO/CTO to establish a common toolset among all teams. This strategic alignment not only facilitates the management of third-party risks and exposures but also enhances operational efficiency.

You need to ensure you are investing in a clear process, with controls, and guardrails, as much as in the technology itself. Many companies go from POC to not knowing how to scale, and ensuring you have strong governance that is encapsulated as a part of that process, is also very important.

AI is an evolving territory and most importantly all the organizations needs to be aware about how the data emitting should not be use to training a model. All the compliance needs to be followed because its company’s responsibility to follow the risk and governance standards. Anonymizing the data would be good practice . Using AI doesn’t replace the manual intervention, the process should be defined that before using AI generated responses , a manual set of eyes should be followed.

One of the biggest security challenges with AI adoption is ensuring the integrity, confidentiality, and responsible use of the data and Machine Learning models behind it. As organizations move quickly to innovate, risks such as data poisoning, ML model manipulation, and ungoverned “shadow AI” across the organization can undermine trust if not addressed soon. Security leaders should work to embed AI governance into existing frameworks, drawing on standards like the NIST AI RMF. Prioritizing investments in data protection, data privacy, model monitoring, and AI red teaming can strengthen resilience without slowing down innovation. By approaching AI as both a valuable asset and a potential risk vector, leaders can put the right guardrails in place to support adoption that is safe, scalable, and sustainable.