The CISO's Dilemma: AI Security vs. AI Innovation

Q: What is the biggest AI security risk for CISOs in 2026?

The biggest AI security risks for CISOs in 2026 are: shadow AI (employees using unapproved AI tools that exfiltrate sensitive data), prompt injection attacks on AI systems with access to internal data, and model supply chain risk — where a third-party AI model embedded in a vendor product contains compromised training data.

Q: How should CISOs approach AI governance?

The most effective CISO approach to AI governance starts with classification: categorize all AI use cases by data sensitivity and decision autonomy. Low-sensitivity, low-autonomy use cases get fast-tracked. High-sensitivity or high-autonomy use cases go through formal risk assessment. This creates a posture that says yes to most things quickly while applying scrutiny where it actually matters.

Q: How can CISOs enable AI innovation without compromising security?

The CISOs enabling AI innovation without unacceptable security exposure are doing three things: providing approved alternatives to shadow AI tools before employees find their own, building AI risk frameworks proportionate to actual risk rather than maximal restriction, and building relationships with business leaders so security is consulted before deployment rather than after an incident.

Every CISO who is honest about their position in 2026 will tell you the same thing: the tension between AI security and AI innovation is real, it is daily, and the easy answers don't work. Blanket restriction doesn't work. Unconditional enablement doesn't work. What works is a risk-proportionate framework that says yes quickly to most things and no credibly to the things that actually matter.

What the Default Postures Get Wrong

The Blocker

The CISO who defaults to "no" as a first response creates a predictable outcome: business units work around security, shadow AI tools proliferate, and the CISO ends up managing incidents they could have prevented if they had been consulted before deployment. Security that is bypassed is not security. It is the illusion of security with all of the compliance cost and none of the protection.

The Unconditional Enabler

The second failure mode is the CISO who swings too far in the other direction and approves AI deployments without adequate scrutiny. You become the CISO who says yes, who is seen as a business partner, who gets invited to strategy meetings. The problem is that some AI use cases genuinely do create unacceptable risk, and a CISO who cannot say no when it matters has abdicated their core responsibility.

"The best CISOs I know are not the ones who say yes the most. They're the ones whose yes actually means something — because their no is credible."

The Third Path: Risk-Proportionate Enablement

The CISOs who have navigated this well share a specific approach: they have built governance frameworks proportionate to risk rather than maximal in restriction. In practice, this means classifying AI use cases on two axes: data sensitivity and decision autonomy.

01Low sensitivity, low autonomy: Fast-track with standard terms review. Don't make the business wait weeks for this.
02Low sensitivity, high autonomy: Review the action scope carefully. What can the system actually do? Is there a kill switch?
03High sensitivity, low autonomy: Focus on data governance. Where does the data go? Who trains on it?
04High sensitivity, high autonomy: Full risk assessment. This is where you earn your role — and where the slowdown is justified.

This framework does something important: it gives the business a predictable answer to "how long will this take?" for most use cases (fast), while reserving scrutiny for the cases that actually warrant it. That predictability is worth an enormous amount in organisational goodwill.

The Shadow AI Problem

The single biggest security risk from AI in most enterprises right now is not the tools the CISO approved. It is the tools they didn't know about. Shadow AI — employees using personal ChatGPT accounts, unapproved browser extensions, or unsanctioned SaaS tools on work tasks involving sensitive data — is ubiquitous. The data leaves the corporate environment, goes into a model the company doesn't control, and potentially appears in training data accessible to other users.

The solution is not to ban personal AI use. Banning it doesn't stop it; it just makes it invisible. The solution is to provide a sanctioned alternative that is good enough that employees choose to use it. If the approved tool is worse than the personal one, employees will use the personal one regardless of policy.

What the Best CISOs Do Differently

They build relationships before incidents. The CISOs who are called before AI systems are deployed are the ones who have invested in relationships with business unit leaders outside of the context of security reviews. They attend strategy meetings. They express genuine interest in the business problems AI is being used to solve.

They lead with questions, not verdicts. When a new AI use case comes across their desk, the most effective CISOs' first response is not an assessment but a set of questions: What problem is this solving? What data does it touch? What decisions does it make autonomously?

They build their team's AI literacy before their team builds AI policy. A security team that doesn't understand how large language models work, what prompt injection is, or how model training pipelines can be compromised cannot write effective policy for AI systems.

Last updated: April 22, 2026

Murray Newlands

Founder, Open Future Forum

Murray Newlands has been building executive communities in Silicon Valley since 2019. Open Future Forum hosts private dinners for C-suite leaders navigating the AI era, grounded in a give-first philosophy.

About Murray LinkedIn Twitter / X Substack

Frequently Asked Questions

What is the biggest AI security risk for CISOs in 2026?

The biggest AI security risks are: shadow AI (employees using unapproved tools that exfiltrate sensitive data), prompt injection attacks on AI systems with access to internal data, and model supply chain risk — where a third-party AI model contains compromised training data.

How should CISOs approach AI governance?

Start with classification: categorise all AI use cases by data sensitivity and decision autonomy. Low-sensitivity, low-autonomy use cases get fast-tracked. High-sensitivity or high-autonomy use cases go through formal risk assessment. This creates a posture that says yes quickly to most things while applying scrutiny where it actually matters.

How can CISOs enable AI innovation without compromising security?

Provide approved alternatives to shadow AI tools before employees find their own. Build AI risk frameworks proportionate to actual risk. Build relationships with business leaders so security is consulted before deployment rather than after an incident.

What is shadow AI and why is it a security risk?

Shadow AI refers to AI tools used by employees without IT or security approval — personal ChatGPT accounts, unapproved browser extensions, unsanctioned SaaS tools used on work tasks. The risk is that sensitive data leaves the corporate environment. The best mitigation is providing sanctioned alternatives that are good enough to choose voluntarily.

CISO Executive Forum

Join the CISO Dinner Series

Open Future Forum hosts private dinners for CISOs and security leaders navigating AI risk and AI governance. No vendors. Candid conversation among peers.

Learn About CISO Forum Apply to Join