AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core infrastructure. Some AI tools reach hundreds of millions of users each week. Inference costs have fallen 280 fold, but overall spending is still rising because usage keeps growing. Attackers are using the same tools. CISOs manage a broader attack surface driven by automation, new data paths, and machine led decisions.
Deloitte’s Tech Trends 2026 shows how this shift is changing what CISOs and other technology leaders are responsible for.
New exposure in core workflows
AI has moved from experimentation into daily use, supporting core processes across engineering, customer operations, finance, and supply chain. As a result, new exposure points are forming at the center of the business. CISOs and CIOs point to four areas where risk is most visible. Data, models, applications, and infrastructure each introduce different failure paths.
LLMs and related systems concentrate sensitive information in fewer places. This raises the impact of data governance gaps. Model behavior can be altered through poisoning or manipulation of training data. Application interfaces such as plugins and APIs increase the number of access points attackers can target. AI infrastructure adds complexity because compute, data, and orchestration operate together rather than as separate layers.
Agentic AI introduces governance gaps
Enterprises are testing a wide range of agentic AI use cases. Only 11% report that agents are in production. Another 38% are running pilots, while 35% have no agentic strategy. The gap between pilot and production reflects limits in process and governance rather than gaps in technology.
CIOs and CFOs interviewed for the publication described a common challenge. Workflows were designed for human judgment and human paced decisions. When agents are placed into these environments, they lack the structure needed to operate reliably. This often results in partial automation that adds noise instead of value.
CISOs need to account for this during policy and control design. Agent identity, access, and oversight require the same discipline applied to other operational assets. Logging, audit trails, and review processes need to be defined before deployment. Existing software development life cycle controls still apply, but they must operate at higher speed and include consistent testing, including red teaming.
Infrastructure becomes a risk facote
Inference economics are changing how organizations plan compute. Token costs have dropped sharply, but spending remains high as adoption expands. Organizations are moving toward hybrid models that spread workloads across cloud, on premises systems, and edge environments. Each layer adds its own security concerns.
Robots, autonomous vehicles, and connected devices are part of daily operations. BMW and Amazon run environments where physical systems navigate routes and manage tasks on their own. Each connected system becomes part of the enterprise trust boundary. A compromised device can disrupt operations and open paths into more sensitive systems.
CISOs will need to extend familiar security practices into these environments. Segmentation, network isolation, supply chain review, and configuration management still matter. The difference is scale. These controls apply to fleets of autonomous components rather than to static infrastructure.
“Innovation is compounding. Forces aren’t simply additive, but multiplicative. Better technology enables more applications. More applications generate more data. More data attracts more investment. More investment builds better infrastructure. Each improvement simultaneously accelerates all the others. We’re seeing the S-curves compress in real time, and the distance between emerging and mainstream is collapsing. That’s the reality technology leaders are navigating,” said Kelly Raskovich, emerging technology leader and Tech Trends executive editor, Deloitte.
AI as a tool for strengthening defense
AI driven attacks continue to increase in speed. CISOs can use AI to support defense at the same pace. Automated red teaming can surface weaknesses earlier in development. Adversarial testing can harden models against manipulation. Detection systems that operate without human delay can reduce dwell time and limit lateral movement.
Technology leaders cited several practices that produce results. They focus on defined problems rather than broad experimentation. They work with business teams to set outcomes. They use controlled pilots to understand where AI adds value and where it adds risk. This gives security teams a role early in design instead of forcing them into late stage review.
The shift in leadership roles
Responsibilities across technology leadership are expanding. CIOs are taking on coordination roles for AI across the enterprise. CDOs and CTOs are defining data and architectural foundations alongside them. CISOs are becoming more integrated into these decisions. Their role includes influencing design choices, overseeing identity models for both people and AI agents, and guiding organizations toward structures that reduce exposure.
Survey data referenced in the publication shows that technology leadership spans CIOs, CTOs, chief data analytics officers, and CISOs. This reflects how tightly AI, data, architecture, and security are connected.