“Nonhuman identities are an emerging frontier of cyber risk, and many traditional identity governance tools have not yet evolved to address them. As organizations adopt more automated and agent-driven processes, managing access and privileges across these identities becomes increasingly important,” he says.
10. Do we know where AI is being used, what data is being shared, and who is accountable for those decisions?
As Doug Kersten, CISO at software maker Appfire, observes, “Many employees are adopting AI tools on their own to solve real business problems before leadership even knows those tools exist, creating unidentified security risks. That creates the same kind of visibility and accountability issues we saw for years with shadow IT; [it’s] just happening much faster.”
To ensure they can answer “yes” to those questions, CISOs need governance processes that keep pace with quickly evolving technology and that involve legal, procurement, HR, engineering, and business teams as well as security, he says.
