CISOs Are Now Chief Resilience Officers, Leading Companies Through the AI Security Paradox

The boardroom conversation has changed. When executives discuss artificial intelligence in 2026, they’re not asking whether to adopt it—they’re demanding faster deployment. Marketing wants AI-powered personalization. Finance wants automated forecasting. Customer service wants intelligent chatbots. Every department has discovered that AI can dramatically improve efficiency and decision-making.

And sitting in the middle of this innovation imperative is the CISO, facing an uncomfortable paradox: the same technology driving business transformation is simultaneously creating unprecedented security risks that legacy controls were never designed to address.

The Mandate That Can’t Be Ignored

According to Fortinet’s 2025 Cybersecurity Skills Gap Report, only 49% of IT leaders say their boards are fully aware of AI-associated risks. This represents a critical failure in risk communication at precisely the moment when those risks are accelerating.

Carl Windsor, CISO at Fortinet, frames the challenge bluntly: “There have already been multiple breaches of AI LLMs. 2026 will see this increase in both volume and severity.”

The data supports this assessment. Organizations now average 223 generative-AI data policy violations per month, primarily involving employees sending sensitive data to AI applications. The number of enterprise users observed using generative AI has tripled in a single year, while the rate of sensitive data policy violations has doubled. Half of all organizations still lack enforceable data protection policies specifically for generative AI applications.

Yet despite these alarming trends, many CISOs find themselves struggling to get leadership attention on AI security—even as those same leaders push for faster AI adoption.

Why Traditional CISO Competencies Aren’t Enough

The CISO playbook that worked for the past decade relied on a relatively stable set of challenges: secure the perimeter, manage identities, patch vulnerabilities, monitor for intrusions, respond to incidents. These fundamentals haven’t disappeared, but AI has introduced an entirely new class of risks that don’t fit neatly into traditional security frameworks.

The Shadow AI Problem Exceeds Shadow IT

Shadow IT—employees deploying unapproved applications—has plagued security teams for years. Shadow AI is exponentially worse.

When an employee installed an unapproved file-sharing app in the shadow IT era, they created a data governance problem. When an employee uses an unapproved AI service in 2026, they potentially:

• Feed sensitive corporate data into training models beyond your control

• Enable autonomous decision-making systems without governance oversight

• Create compliance violations that may not be discovered until an audit or breach

• Expose intellectual property through prompt interactions that lack monitoring

• Grant AI agents access to systems and data without security review

Research from BlackFog reveals that 86% of employees now use AI tools at least weekly for work-related tasks. More concerning, 34% admit to using free versions of company-approved AI tools, and 58% rely on completely unsanctioned AI services—which often lack enterprise-grade security, data governance, and privacy protections.

The kicker? 63% of employees believe it’s acceptable to use AI tools without IT oversight if no company-approved option is provided. They’re not trying to circumvent security—they’re trying to do their jobs efficiently in an organization that hasn’t kept pace with their needs.

Autonomous Agents Operate Faster Than Security Can Follow

As AI systems move from simple query-response models to autonomous agents that can take actions independently, the security challenge evolves from “what data is the AI processing?” to “what decisions is the AI making and what actions is it taking?”

IBM’s 2026 cybersecurity predictions highlight the core issue: autonomous AI agents replicate and evolve without leaving clear audit trails or conforming to legacy security frameworks. They move faster than conventional monitoring can follow.

This creates what IBM calls a new “exposure problem"—organizations will know that data was exposed, but won’t know which agents moved it, where it went, or why. The traditional incident response playbook of "identify the system, isolate it, investigate the logs” breaks down when the “system” is a distributed collection of AI agents making autonomous decisions across multiple environments.

The Shift to Resilience-First Thinking

Windsor articulates what’s becoming the new CISO mandate: “The CISO title belies the fact that the role is not purely security focused. CISOs enable business transformation and innovation while ensuring this happens safely.”

This isn’t a semantic shift—it represents a fundamental rethinking of what security leadership means in 2026.

The old model: Prevent breaches through layered defenses. When prevention fails, detect and respond quickly.

The new model: Assume disruption is inevitable. Build organizational resilience so that when (not if) AI systems are compromised, the business can continue operating.

This resilience-first approach requires CISOs to focus on capabilities that many security teams have historically underinvested in:

• Minimum viable business definitions. What are the absolute core functions your organization must maintain to survive a disruption? Not the full suite of services—the essential baseline. For each critical function, what’s the minimum viable technology stack required? If your AI systems are compromised or need to be taken offline, what manual or alternative processes can maintain operations?

• Segmentation and containment. When an AI agent is compromised, how do you contain it without taking down interconnected systems? This requires rethinking network segmentation, data access controls, and system dependencies with AI-specific scenarios in mind. An AI agent isn’t contained the same way you’d isolate a compromised server—it may have already propagated across multiple environments.

• Recovery testing and tabletop exercises. How long would it take to restore operations if your primary AI infrastructure was unavailable for 24 hours? A week? Do you have the playbooks, the trained personnel, and the tested procedures to execute that recovery? Most organizations don’t, because they’ve never practiced it.

As one industry expert noted: “CISOs are looking at how they can recover from operational events, not just cyber events.” The distinction matters. A traditional cyber incident has a discrete scope. An AI operational event might cascade across business processes in ways that aren’t immediately apparent.

Translating Technical Risks into Business Language

Perhaps the most critical evolution in the CISO role is the ability to communicate AI risks to boards in terms they understand and care about.

Technical explanations don’t resonate: “Our RAG pipelines have data poisoning vulnerabilities” or “Prompt injection could enable AI hijacking.”

Business impact explanations do: “A competitor could manipulate the AI system that recommends pricing to our sales team, causing us to systematically underprice deals by 15%, costing $X million in margin before we detect the problem.”

Industry analysts and cloud security leaders increasingly note that boards are demanding financial and operational translations of security exposure as AI adoption accelerates. This means CISOs need to quantify:

• The revenue impact of AI system downtime

• The competitive disadvantage of not adopting AI versus the financial exposure of adopting it unsafely

• The cost of data breaches specifically involving AI-processed information versus traditional data breaches

• The compliance penalties associated with AI governance failures in increasingly regulated environments

Windsor emphasizes this evolution: “More than ever the CISO’s place in the boardroom is critical. CISOs must communicate the benefits of new technologies like AI along with their associated business risks.”

Building AI Fluency Across the Organization

Here’s an uncomfortable truth: the cybersecurity skills gap isn’t getting better, and AI is making it more complex.

The Fortinet report identifies that 56% of breaches tie to awareness gaps and 54% to training deficits. These aren’t new problems, but AI introduces a twist: it is reshaping security roles and skill requirements while simultaneously requiring broader, organization-wide understanding of AI-specific risks.

Windsor predicts: “AI fluency will become a baseline skill.” Not just for security teams—for everyone in the organization who interacts with AI systems.

This creates a training challenge across multiple dimensions:

• For end users: Understanding what constitutes risky behavior with AI tools (sharing sensitive data in prompts, using personal accounts for work tasks, trusting AI outputs without verification).

• For security teams: Developing expertise in AI-specific attack vectors (prompt injection, model poisoning, RAG vulnerabilities, agent misuse) that weren’t part of traditional security training.

• For leadership: Grasping the strategic implications of AI security decisions well enough to make informed risk/reward tradeoffs.

Organizations that treat AI security training as a one-time checkbox exercise will struggle. Those that build continuous learning programs—recognizing that the AI threat landscape is evolving month by month—will develop the institutional knowledge needed to innovate safely.

The Governance Imperative

Shadow AI, autonomous agents, and AI-accelerated attacks all share a common challenge: they operate in governance blind spots.

Research from Bitdefender highlights the enforcement failure: a mid-sized organization with an official licensed AI policy (specifically ChatGPT access) discovered through analysis that employees not only favored personal ChatGPT accounts over licensed versions but actively used 16 other unsanctioned LLM services, including voice-cloning capabilities.

The policy existed. The approved tools existed. Employees used unapproved alternatives anyway.

This governance gap emerges from a mismatch between what security teams can provide and what employees need. When sanctioned tools feel slow, restrictive, or lack features available in consumer AI services, employees will find workarounds. Bans alone won’t stop shadow AI—they’ll just drive it further underground.

Effective governance in 2026 requires:

• Discovery before control. You can’t govern what you can’t see. Deploy monitoring to identify all AI usage, sanctioned or not, as the first step toward bringing it under policy frameworks.

• Approved alternatives that meet real needs. If employees are using unapproved AI for translation, provide an approved translation tool that’s actually competitive with consumer options. Make the secure path the easy path.

• Clear, practical policies. Avoid vague guidance like “use AI responsibly.” Specify what data can and cannot be used in prompts, which tools are approved for which use cases, and what approvals are needed for new AI implementations.

• Continuous validation. AI systems and usage patterns change rapidly. Governance isn’t a one-time architecture—it’s an ongoing process of validation, adjustment, and enforcement.

Strategic Recommendations for CISOs in the AI Era

Based on current industry trends and emerging threats, security leaders should prioritize:

• Establish comprehensive AI visibility. Deploy tools specifically designed to discover and monitor AI usage across the organization. This includes sanctioned enterprise AI deployments, shadow AI from individual departments, and personal AI account usage for work purposes. Without complete visibility, every other security control is built on a foundation of unknown risks.

• Build cross-functional AI governance. AI security isn’t purely a technology problem—it spans legal, compliance, HR, and business units. Establish governance frameworks that bring these stakeholders together with clear ownership of AI-related decisions, risk assessments, and policy enforcement.

• Develop AI-native threat intelligence. Traditional threat intelligence focuses on malware signatures, IP reputation, and known vulnerabilities. AI-native threat intelligence requires understanding attack patterns specific to LLMs, monitoring for reconnaissance of your AI infrastructure, and tracking emerging techniques like prompt injection and model manipulation.

• Invest in resilience capabilities. Shift resources toward business continuity planning, recovery testing, and operational resilience specifically for AI disruptions. This includes defining minimum viable business operations, testing recovery procedures, and ensuring teams can operate if AI systems become unavailable.

• Enable safe innovation. The goal isn’t to prevent AI adoption—it’s to enable it safely. Work with business units to understand their AI needs, provide secure alternatives to shadow AI, and create fast-track approval processes for vetted AI tools. Speed matters, but it needs to be safe speed.

• Communicate in business impact terms. Translate technical AI risks into financial and operational terms that boards understand. Quantify the costs of potential AI security failures, but also articulate the competitive risks of moving too slowly on AI adoption relative to peers.

The CASR Advantage in an AI World

This evolution of the CISO role creates a natural partnership opportunity with specialized security services providers.

Most CISOs are simultaneously being asked to:

• Defend against increasingly sophisticated AI-powered attacks

• Secure the organization’s own AI deployments

• Enable faster AI adoption across business units

• Build new governance frameworks for AI usage

• Develop AI fluency across their teams

• Communicate AI risks to boards in business terms

All while addressing traditional security challenges that haven’t disappeared.

This is where Plurilock’s approach to Cyber Adversary Simulation and Response (CASR)  becomes valuable. Rather than generic penetration testing, our CASR team:

• Simulates AI-specific attack scenarios including prompt injection, model reconnaissance, proxy misconfiguration exploitation, and RAG pipeline vulnerabilities.

• Tests governance controls by attempting to deploy shadow AI, exfiltrate data through AI interactions, and bypass AI usage policies.

• Validates resilience by simulating AI infrastructure failures and testing whether recovery procedures actually work under realistic conditions.

• Provides actionable intelligence specifically focused on closing the gaps between current defenses and the threats that AI systems actually face.

The value isn’t just identifying vulnerabilities—it’s helping security leaders build the evidence they need to justify investments, the metrics they need to track progress, and the validation they need to assure boards that AI is being adopted safely.

Leading Through Uncertainty

The AI security paradox—needing to innovate rapidly while managing unprecedented risks—isn’t going away. If anything, it will intensify as AI capabilities advance and adoption accelerates across every sector.

The CISOs who succeed in this environment will be those who recognize that their role has fundamentally expanded. You’re not just securing systems anymore. You’re enabling transformation, building resilience, translating technical complexity into business wisdom, and navigating the tension between speed and safety.

Windsor’s advice provides a fitting conclusion: “Build resilience first. Assume disruption is inevitable and invest in business continuity, segmentation, and recovery readiness.”

The title may still say Chief Information Security Officer, but the job description increasingly looks like Chief Resilience Officer—and that evolution will determine which organizations thrive in the AI era versus which ones become cautionary tales. ■