AI at Scale: Annual Meeting

1. AI Opportunity Outpaces Governance as SaaS Becomes the New Frontier 

AI and Agentic AI continue to advance dominate discussions for both the opportunity they present and as organizations realize the technology is scaling faster than governance, security and operational maturity. Across industries, enterprises are struggling to manage the growing volume of AI requests, rapid introduction of embedded AI capabilities within SaaS platforms and the emergence of autonomous AI agents capable of taking action rather than just prompt returns.

2. Shadow AI Is Here—Real-Time Visibility Is No Longer Optional

The challenge is no longer theoretical. Shadow AI usage has expanded as employees independently adopt tools to improve productivity and automate workflows. While many organizations have implemented foundational controls such as DLP, CASB, proxy filtering or leveraged acceptable use policies, visibility into actual AI interactions remains limited. As a result, more mature and purpose-built controls are required. Vendors such as Reco, CrowdStrike, ProtectAI, Sysdig are gaining traction by providing proactive discovery, monitoring and/or automated enforcement capabilities.

3. From Outputs to Actions: The Next AI Risk Frontier Has Arrived

Organizations are also acknowledging that early-stage AI adoption will involve missteps. The conversation is increasingly shifting from concerns around wrong answers to concerns around wrong actions! Traditional generative AI risk focused primarily on hallucinations or inaccurate outputs. Agentic AI fundamentally changes that dynamic. When AI agents are connected to APIs, workflows, ticketing systems, identity platforms, cloud environments or financial systems, the risk becomes operational. The concern is no longer whether the model generated incorrect information but whether the AI autonomously executed an incorrect action, exposed sensitive data, modified infrastructure or initiated unauthorized transactions.

4. AI ROI Moves from Aspiration to Executive Mandate

To that end, many organizations are still working through the fundamental challenge of identifying meaningful and sustainable AI use cases. The dilemma is no longer whether to adopt AI but instead how to prioritize initiatives that create measurable business value while remaining governable and secure. Effectively measuring and quantitively showing ROI is still pervasive. 

5. AI Control Shifts to Identity, Data, and System Integration

Industry trends increasingly suggest a broader architectural shift away from a purely model-centric mindset toward a system + data + identity centric control model. The strongest AI capabilities will not simply come from access to powerful models but from the combination of model capability, high-value data access and tightly integrated identity and access controls. Organizations leading in AI maturity are converging around centralized governance with federated execution that supports continuous monitoring and risk-based oversight. Centralized AI intake and approval processes are quickly becoming table stakes. Formal AI-approved catalogs and risk-tiering models that classify AI use cases based on sensitivity, autonomy and business impact is core to adaption and sustainability.

6. Zero Trust Expands: AI Agents Become Managed Identities

One of the most important emerging practices is the treatment of AI agents as non-human Identities (NHIs). This approach extends modern identity and zero-trust architecture (ZTA) principles directly onto AI operations. Identity-centric control models have always been fundamental to design of IAM and RBAC frameworks, explicit AI agent governance and autonomous workflows. Essential safeguards including: 

• Least-privilege access
• Scoped API permissions
• Just-in-time elevation
• Identity segmentation
• Continuous monitoring 
• Telemetry are equally critical 

7. Foundations First: Frameworks Anchor Scalable AI Security

Organizations are beginning to monitor not only user interactions, but also AI actions themselves including API calls, workflow execution, tool utilization and decision chains. Input and output validation aligned to frameworks such as OWASP Top 10 principles are becoming common practices, particularly around prompt injection, data exfiltration, hallucination detection and unsafe tool invocation. More advanced programs also implement observability and traceability requirements that capture what data an AI accessed, what decision it made, why the decision occurred, and whether a human approved the action before execution.

8. Human Oversight and Kill Switches Define Responsible AI Execution

Human-in-the-loop remain especially important for high-risk decisions involving financial, legal, regulatory, or customer-impacting outcomes. In conjunction, pre-deployment testing and runtime protections are rapidly evolving into mandatory control layers. Organizations are increasingly conducting simulation testing against prompt injection, adversarial prompts, workflow abuse, and tool misuse scenarios before deployment, while also implementing runtime guardrails, containment boundaries, and emergency “kill switch” capabilities once AI systems are operational.

9. AI Governance Bodies Become Mission-Critical Infrastructure

Governance structures require simultaneously evolution to accommodate the unique demands of GenAI and agentic AI. Many enterprises are establishing formal AI councils or advisory groups composed of security, legal, privacy, audit, technology and business leadership. Mature governance programs integrate traditional risk models while ensuring validation, testing, lifecycle management and approval workflows.

10. Layered Governance Emerges as the Control Plane for AI Risk

Layered governance models are becoming the prevailing approach. Organizations are implementing technology enforcement layers using tools such as Collibra and Cyera, AI-aware proxies and SSPM solutions. Additional governance layers include model validation and lifecycle management, output filtering and human review processes, continuous monitoring and audibility, and controls governing training data, behavioral drift, and model retirement.

Data architecture and governance establishes parameters and guardrails for success

GenAI elevates the risk domains that include prompt injection attacks, retrieval-layer data leakage, hallucination-driven decision errors, tool misuse, and autonomous “agent chaining” behaviors. As such, AI systems interact recursively with other systems or agents in unintended ways.

Data governance remains central, including data classification enforcement, tokenization and masking, retrieval-layer access controls for RAG architectures, and restrictions preventing sensitive enterprise data from being used to train external models. Identity and access protections include:

• Least-privilege access for AI agents, 
• Just-in-time authorization models
• Scoped API tokenization

Output and model controls include prompt filtering, toxicity and hallucination detection, and provenance tracking for generated content. Monitoring layers increasingly focus on behavioral anomaly detection, model drift monitoring, output auditing, and full telemetry logging. Infrastructure protections include secure model hosting, private endpoints, API gateway enforcement, and workload isolation strategies.

11. Embedded AI in SaaS Explodes the Vendor Risk Landscape

Organizations are also confronting the growing challenge of embedded AI within existing SaaS and cloud ecosystems. AI functionality is now deeply integrated into platforms such as Microsoft Copilot, Salesforce AgentForce, Google Gemini, Snowflake Cortex, Databricks Mosaic. and developer platforms such as Github Copilot. This creates new concerns around data exposure, model training practices, tenant isolation, API integrations, external connectors and data residency requirements.

As a result, vendor risk assessments are expanding to include AI-specific evaluation criteria such as data usage policies, model training methodologies, retention practices, and geographic data processing considerations. SaaS security controls such as SSPM and CASB technologies are increasingly being used to monitor AI usage, detect sensitive data exposure, and govern AI-enabled SaaS integrations. Organizations are also placing greater emphasis on enforcing data boundaries, preventing sensitive information leakage into external AI systems, and validating encryption and tenant isolation controls.

12. Cyber Insurance Tightens as AI Risk Outpaces Coverage Models

Cyber insurance markets are reacting as well. Rather than broadly covering AI-related risk, insurers are tightening language, introducing exclusions or sublimits, and increasingly requiring evidence of AI governance, monitoring, and control frameworks before underwriting exposure.

13. AI Security Tooling Proliferates at Unprecedented Speed

Within the emerging AI security tooling landscape, organizations are beginning to organize capabilities into several functional domains. One area focuses on business enablement and shadow AI governance through prompt firewalls and AI-aware policy controls using platforms such as Palo Alto Networks Prisma AIRS and Microsoft Purview. Another centers on retrieval-augmented generation (RAG) security, data lineage, and exfiltration monitoring through vendors such as Cyera and Concentric AI. Agentic AI workflow security and behavioral monitoring are also emerging rapidly through providers including CrowdStrike Charlotte AI and Tora, while SaaS embedded AI governance is increasingly addressed by vendors: Grip Security and AppOmni.

Notably, the AI vendor ecosystem is evolving at extraordinary speed. New products, security platforms, orchestration engines, governance tools, and AI startups are appearing almost daily. In many cases, market recognition is occurring faster through brand imagery and vendor logos than through clear understanding of product differentiation or capability maturity.

14. AI Reshapes Work: From Task Automation to Workforce Transformation

At its core, AI adoption is also reshaping enterprise risk management itself. Organizations are increasingly recognizing that risk management is becoming inseparable from cybersecurity, operational governance, and business enablement. This is especially true in cloud and SaaS environments where organizations often lack direct infrastructure control yet remain accountable for data security, compliance, operational resilience, and AI outcomes.

Simultaneously, organizations are beginning to recognize AI’s potential to automate repetitive and mundane work, allowing employees to focus more heavily on strategic activities, customer engagement, creativity, and functions requiring human judgment and empathy. Workforce re-skilling and AI fluency are therefore becoming critical organizational priorities. Increasingly, industry sentiment suggests that individuals capable of effectively leveraging AI will outperform those who cannot — not because AI fully replaces people, but because AI amplifies productivity, scale, and decision velocity.

15. AI Velocity Redefines Risk as a Systemic, Not Model-Centric, Challenge

Across industry leaders, the consensus is becoming increasingly clear: AI risk is no longer solely a model problem. It is fundamentally a data, identity, and system interaction problem. Organizations that are leading in maturity are centralizing governance, integrating AI into enterprise risk frameworks, extending zero-trust principles into AI ecosystems, and building continuous monitoring capabilities supported by identity-driven control models.

AI Time Machine Paradox & Mythos

From Controlled Advantage to Accelerated Reality

The new business dynamic and cybersecurity lies AI, where boundaries are no longer defined by isolated incidents but by a systemic shift in the physics of risk. Acceleration of forces that discovery vulnerabilities occur at the same rate of exploits being developed. When initiatives like Project Glasswing were conceived by industry leading consortium (NVIDIA, Apple, Google, Microsoft), it was rooted in a traditional philosophy of controlled advantage. The conception in granting elite cyber heroes’ early access to powerful models could patch the world’s vulnerabilities before adversaries find the issues and gaps. It was a rational strategy, aligned with the proactive testing frameworks and secure by designed championed by NIST, CISA and OWASP.

 

However, reality has revealed a more jarring truth that AI works at lightening speed and compresses time. What was once an epic process of discovery has become a continuous high speed wargames highway in the real world. In theory, the containment strategy worked however, the sheer pace it unleashed has outstripped our ability to govern it.

• Continuous Discovery: Vulnerability identification is moving from human-paced findings to machine-speed waves
• Control Illusion: Controlled access to a model does not equate to controlled impact once that model begins surfacing flaws at scale

 

The Inflection Point: Scaling the Search for Weakness

Evidenced by models such as Mythos, its capabilities are not necessarily inventing new categories of flaws but are mastering the art of chaining existing weaknesses. By performing multi-step reasoning and deep code analysis, these systems can identify complex patterns that manual audits miss or timely identification. The upshot is that as vulnerability disclosures rise, the time between discovery and exploitation shrinks and the window of exposure becomes exponentially minuscule.

While claims of thousands of autonomous zero-day discoveries remain confined to research environments, the likely reality is that AI-assisted workflows are already dramatically increasing the scale and speed of iteration. We have reached a point where the bottleneck is no longer finding a bug but instead the constraints of human capacity to fix it.

 

The Reality Check: New Power, Old Failures

The incident entry points remain stubbornly prehistoric and not futuristic at all. High-profile exposures involving advanced AI systems frequently trace back to foundational security failures: weak access and identity management, misconfigured storage and overexposed development environments.

• Amplify, Not Invent: Advanced AI does not eliminate foundational risk, instead it exasperates the consequences of basic human error
• The Weakest Link of Environments: Security failures are rarely flaws within the model itself but instead the access control and governance surrounding the model’s deployment.

 

The Asymmetry of the Modern Cyber heroes

In an AI-driven environment, the volume of discovery will always exceed the capacity to patch or address misconfiguration. This acceleration has rendered traditional metrics such as simple vulnerability measurements or static CVSS scores increasing obsolete. The result in further widening remediation gap we’ve all been challenged with for decades.

Bad actors operate with low-cost, high-scale automation, low operational constraints and limited consequences. Cyber heroes however, are bound by balancing daily patching against business continuity, system uptime and operations to “keep the lights on.” To survive this imbalance, organizations must shift from point-in-time evaluations to the continuous threat monitoring models emphasized by the NIST AI Risk Management Framework for “trustworthy AI”.

 

Baseline Resilience Strategy for the Future

The response to this systemic shift is not to chase novelty but to combine foundational discipline with automated acceleration. AI must become a baseline capability for defensive or blue-teams (penetration testers), using aggressive code reviews, threat modeling and triage automation to keep pace with the adversary.

 

Essential Organizational Call to Act

• Reinforce Fundamentals: Strict least-privilege access to prevent basic exposure, practical phishing-resistant MFA and adherence to zero-trust architecture
• Prioritize Relentlessly: Use the CISA KEV (Known Exploited Vulnerabilities) catalog to focus on what is being attacked rather than trying to patch everything at once
• Expand Remediation Capacity & Threshold: Invest in automated patching, internal and continuous red-teaming (penetration testers) and run tabletop exercises for simultaneous high-severity incidents to prepare for a higher volume of crises

Anticipate when exposure will happen not if. The era where machine-speed discovery meets human-constrained response is now. Resilience will no longer be defined by how few bugs we have but by how quickly and ruthlessly we can absorb the shocks of a transparent high-speed threat landscape. 

 

Anthropic’s Mythos Security Crisis Timeline

• Late March Breach: Small group accessed Mythos Preview environment by exploiting URL naming conventions and stole credentials from a 3rd-party
• Early April Code Leak: Human error and CMS misconfiguration led to public exposure of Claude Code
• Mid April Disclosure: Anthropic announced Project Glasswing and Claude Mythos Preview model existence and capabilities
• Late April Validation: Confirmed Mythos release including 32-step autonomous attack sequences 

Proof in that “security by obscurity” has never been acceptable since bugs can be found, asymmetric warfare through overwhelming traditional security teams is possible via speed of AI, and supply chain vulnerability is highlighted by AI safety is only as strong as the most peripheral vendor.

 

Mindset Transformation

• Shift from Discovery to Remediation: Software bugs, misconfigurations and zero-day alerts require resolution with speed and validation
• Set Contractor Guardrails: Identity, credentials and access management require tighter scrutiny and mandate least privilege architectures since it’s the primary entry point
• Security by Obscurity is Not Security: From lack of micro-segmentation to URL obfuscation is not protection since hidden or predictable patterns are now readily discovered and become critical failure points

2 Forces: Supply Chain Mgmt. & AI

 

Two forces are reshaping enterprise risk and performance at the same time. AI is accelerating decision-making and automation while supply chains are becoming more digital and therefore more exposed through third parties. These aren't separate conversations. As organizations embed GenAI into workflows, they also expand their dependency on vendors, platforms, models and data pipelines they don't fully control. The result is a single leadership mandate: scale AI and supplier ecosystems with governance that is continuous, risk-based and operational so that innovation doesn't outpace trust.

 

AI is Dominating Every Conversation — But Governance Must Catch Up

AI has moved from experimentation to expectation and most organizations are adopting faster than they are governing. Early wins with GenAI are real but so are the exposures. These include uneven data quality, unclear accountability and a growing reliance on third parties whose controls we don't fully see. Generative AI are only one slice of enterprise AI, often deployed selectively; the bigger story is the gap between enthusiastic adoption, advancing agentic technology and disciplined risk management at scale.

• Keep humans in the loop by design. "Human-in-the-middle" isn't a temporary workaround, it's the control plane for context, judgment, and accountability.
• Trust is the constraint. Successful AI programs clear the hard hurdles first: data quality, scalability, bias, model reliability, and reproducibility.
• Control and visibility will consolidate around an "LLM mesh." Centralizing access to model services enables consistent safeguards (like PII redaction), usage logging, performance monitoring, and cost tracking across teams.
• Invest where AI becomes operational not just experimental. Prioritize enablement in:
• MLOps + AIOps: integrate models into governance and continuously improve the health and security of the infrastructure they run on.
• RAG governance: ensure retrieval is relevant, authorized, and auditable – the difference between a helpful copilot and a confident hallucination.
• Synthetic data plus federation: expand training and testing safely while preserving context and reducing unnecessary exposure of sensitive data.
• Threats are already here – Model exfiltration, prompt injection, data poisoning, model tampering and AI supply-chain compromise are practical, not theoretical, risks.
• Security basics still win, apply them to AI. Secure credentials, treat agents like human users, monitor behavior and use time- and task-bound tokens to reduce blast radius.
• Scaling is the problem and it shows up in familiar ways:
• Many demos, few durable outcomes.
• Clear market appetite, but uneven maturity and safety in deployment.
• Early friction with data controls, access, and auditability.
• AI technical debt accumulates quietly. Weak data lineage, shifting behavior patterns (including fraud), and silent model degradation can erode outcomes long before anyone notices.
• Where AI earns its keep: automation, contract comparison (penalties/credits), SLA variance reporting, stronger vendor vetting loops, and help closing persistent skills gaps.
• Next, agentic AI will supplement prediction, correlation, and message delivery but only if we constrain autonomy with clear permissions and measurable guardrails.

 

Supplier Risk Is Now a Top Breach Driver—And We're Treating It Like Paperwork

Supply-chain and third-party attacks scale. That is precisely why they now rival and often surpass ransomware as a primary enterprise threat vector. When a vendor is compromised, risk doesn't stay with the vendor, it transfers to the enterprise that depends on them. Yet many programs still rely on periodic questionnaires and point-in-time attestations, even as the digital ecosystem shifts weekly. The result is predictable: incomplete assessment coverage, slow remediation, and cascading impact when something goes wrong.

The fix is not a single tool, its leadership intent, enforceable governance, and operational integration.

• Assume third-party risk is first-party risk. It affects brand trust, regulatory exposure, and resilience just as directly as internal failures.
• Risk transfers regardless of ownership. If a vendor runs a critical workflow, their incident becomes your incident operationally and reputationally.
• Questionnaires are necessary but insufficient. Move from annual paperwork to continuous, intelligence-led oversight that reflects how vendors actually operate.
• Build a program that runs continuously. Align tiering, monitoring, and response to enterprise risk strategy not procurement cycles.
• Leadership intent determines maturity. Sustainable outcomes require commitment to governance, funding, and the unglamorous foundational work.
• Treat vendor incidents as enterprise incidents. Pre-integrate escalation paths, containment playbooks, and communications so response time doesn't start at contract review.
• Identity, access, and monitoring reduce blast radius. Enforce least privilege, segment access, and log activity across third-party integrations.
• Make governance risk-based and enforceable. Tier vendors by criticality; require contractual security outcomes (SLAs, audit rights, verification); and define escalation tied to operational impact.
• Prefer independent validation over self-attestation. It improves confidence in control effectiveness and produces defensible evidence for customers, regulators, and leadership.
• Embed supplier risk into existing operating rhythms change management, awareness, and SDLC so it becomes durable, not episodic.
• Policies and process are foundational; tools should amplify discipline, not replace it.
• Threat intelligence and IT operations belong together shared asset inventories and access controls make monitoring actionable.

 

Journey Through Asia: Reflections, Lessons & the Power of Family

Arriving in Tokyo always brings a sense of order and discipline, but this time it felt even more pronounced. Like many long international flights I've taken, we landed under the cover of darkness nearly 24 hours after leaving home—with only carry-on bags to stay nimble for a three-country journey in under three weeks.

Returning to Tokyo after almost a decade was both nostalgic and refreshing. Instead of staying in the heart of the city, we opted for an Airbnb an hour outside the capital. A quaint two-story flat with all the essentials and a few quirks we've learned to embrace when traveling. This time, it was the cruise-ship-sized shower on the second floor and the red-painted walls on the first that made work Zoom calls interesting. Still, the location gave us an authentic slice of suburban Japan and made our visits to the Samurai Museum, Sensō-ji Temple, and a traditional & memorable tea ceremony even more special.

One unexpected highlight: stamp collecting. Various places we went — from temples to train stations with each stamp felt like a small treasure. And of course, the ever reliable 7-Eleven became our go-to for late-night snacks, essentials, and TikTok-famous treats the kiddos were eager to try. Their willingness to sample local packaged meals was a small joy in itself.

From there, we journeyed to Kyoto and Osaka on the bullet train cruising at 150mph. We witnessed and experienced everything from the world's busiest crosswalk to majestic castles, exceptional sushi, and surprisingly delicious Japanese curry. Yet even with Japan's legendary order and efficiency, navigating train transfers proved challenging. Thankfully, my daughters took the lead from backtracking storage lockers to multi-line transfers while I hit my limit without knowing the language.

With clean clothes running low, we welcomed our next stop, Manila, for dry cleaning services. We expected but came to reality the drastic variance of wether changing fro 20 degrees Warner with just a 4 hour flight southward. After navigating traffic reminiscent of LA rush hour despite landing after 10 p.m. we arrived in a beautifully crafted Airbnb south of the city. From custom woodwork to a modern kitchen and a sunlit upper deck, it was a warm welcome. Our host's generosity, from freshly made morning coffee to lending his vehicle, allowed us to explore local neighborhoods with ease.

This visit felt different from my business trip 13 years earlier. This time, it was all about family, our "Asia Extravaganza," as we coined it when we decided to take this trip 7 months prior to initial plans. This was due in part of more than 300 cousins across four generations reuniting on my mom's side. Imagining the few who couldn't attend only amplified the magnitude of the moment. The celebrations stretched into the week and continued with my dad's side of the family, smaller in number but overflowing with gratitude, stories, and a shared sense of pride.

Understanding the local language made every conversation richer, especially when contrasted with Japan and later Bangkok, where cultural similarities were familiar but language barriers more pronounced. Across these countries, the influences of history, economics, and regional culture whether Chinese or Indian were evident.

Bangkok brought its own energy being vibrant, spiritual, and dynamic. From temples and Buddhas proudly on display to the Sky Tower (the Hangover filming location we recognized), a duck boat ride through Lumphini Park, and Muay Thai at Rajadamnern Stadium, the city delivered one experience after another. We even met a local student eager to practice English, offering insider tips on lesser-known temples which was an exchange that inspired us to pay it forward even more so when we get back home.

Of course, no trip to Bangkok is complete without a canal boat ride and a Tuk-Tuk adventure. And the Grand Palace and sacred Buddha temples offered a breathtaking reminder of Thailand's cultural soul.

Now, writing during an unexpected delay in Hong Kong (my first visit here). I'm taking advantage of the downtime to journal. My sister brought my folks across the globe and now it's our turn to bring them home. They're ready for their own beds, familiar routines, and the comforts of home after two months.

Leadership has taught me many things, and communication remains at the center of them all. In travel as in business clarity matters. As I wait for updates from our gate crew, I'm reminded how essential communication becomes, especially in unfamiliar surroundings. Through every step of this journey, my compass and soulmate and two daughters have been right there with me, exploring countries they're seeing for the first time.

Quick debrief…

• Family is the strongest anchor. Whether across a table or across continents, it's the connections that matter most.

• Cash is king abroad. Local currency remains essential, no matter how digital we've become.

• Pay it forward. Advice, kindness, local insights, small gestures shape meaningful experiences.

• We prefer structured agenda. While we enjoy the spontaneity of travel, this trip reaffirmed that a well-planned itinerary is our natural rhythm.

• Stay adaptable. From train stations to flight delays, flexibility is a powerful skill.

As we watch the United Airlines app, strategize backups for our now-uncertain LAX connection, and accept that a PTO day may be sacrificed to maintenance delays, one thing remains clear: this adventure has been priceless. 

And I can't wait for our next family journey.