While the adoption of AI tools has skyrocketed, security adoption has not kept up.
McKinsey’s State of AI: Global Survey 2025 found that 88% of organizations are currently using AI in at least one business function. Meanwhile, IBM’s Cost of a Data Breach Report 2025 found that 13% of organizations experienced a breach of an AI model or application, and of those compromised, 97% lacked adequate AI access controls.
The challenge for CISOs is twofold. It’s about building guardrails that protect your organization without blocking the innovation enabled by AI. Internal AI tools such as LLMs, co-pilots, assistants, and autonomous agents pose risks that traditional security programs were not designed to address. Addressing these risks requires governance, technical controls, and careful monitoring.
First, establish governance
Establish governance before designing technical controls. Appoint a single role responsible for overseeing AI across your organization. This person should have both the authority to enforce policy and the authority to coordinate security, privacy, legal, and business teams.
Build a risk register that tracks both the benefits and threats of AI. Define AI-specific policies covering acceptable use, data processing, and training requirements. Frameworks such as NIST’s AI Risk Management Framework and ISO/IEC 42001:2023 provide tested structures for this work. NIST Special Publication 800-221A provides a practical starting point organized around two core capabilities:
- Governance — roles, context, benchmarks, policies, and communications.
- Management — identifying, analyzing, prioritizing, responding to, and monitoring risks.
Connect AI governance to corporate strategy. When AI risks are relevant to business objectives, leaders pay attention and act.
Design AI security guardrails
Technical guardrails should address several threat categories specific to internal AI deployments.
- Data protection. Prevent sensitive data from leaking into AI systems. Classify data before it enters a model or agent. Apply data loss prevention (DLP) controls to your AI interfaces and monitor personally identifiable information in prompts and output.
- Access and identity. AI agents occupy a space between tools and users, creating an identity gap that traditional IAM models can’t cover. Apply Zero Trust principles to agent privileges. Grant only the minimum access needed for each task, and time-limited approvals automatically expire. Critical operations require human approval.
- Fast and security of interactions. Prompt injection remains the primary attack vector for AI systems. Validate and sanitize all input. Separate system prompts from user-supplied content. Restrict agent actions through whitelisting and introduce anomaly detection to flag anomalous command sequences.
- Surveillance and human supervision. Logs all agent actions and authentication attempts. Use SIEM to correlate agent activity across your systems. Build escalation paths so anomalous behavior triggers human review before it causes more damage.
Extend guardrails to your SDLC and supply chain
Security guardrails should extend to the software development lifecycle and supply chain. Vet third-party AI models, plugins, and integrations before deployment. Incidents involving fully authorized agents such as OpenClaw demonstrate how exposed management interfaces, compromised API keys, and missing sandboxes can create cascading vulnerabilities across connected instances.
Agents that obtain updates from external sources or accept third-party skills introduce supply chain risk. Apply the same scrutiny used for traditional software dependencies. Test models against adversarial inputs, check agent privileges during code reviews, and include AI-specific threat modeling in your SDLC.
activate the guardrail
Guardrails only work if they operate continuously. Create an incident response plan for AI-specific scenarios. These include compromised agents, credential revocation cascades, prompt injection campaigns, and data leakage through AI interfaces.
Be especially wary of situations where employees use unapproved AI tools. According to an IBM report, shadow AI incidents increased the average cost of responding to a breach by approximately $670,000. Monitoring should detect unauthorized AI usage along with authorized deployments.
Set a recurring frequency for AI risk meetings. Review your risk register, assess the effectiveness of your current controls, and adjust as threats evolve. Compliance increases urgency. EU AI laws impose mandatory requirements on high-risk AI systems, and automated decision-making is subject to US state-level regulations such as New York City Local Law Section 144 and the California Privacy Rights Act. An organization’s guardrails must meet these requirements by design, not as an afterthought.
What CISOs should do now
To secure your organization’s use of AI, start with the following steps:
- Appoint an AI governance leader with clear authority and responsibilities.
- Build a risk register that covers both the benefits and threats of AI.
- Classify the data that AI systems can access and apply DLP controls.
- Apply Zero Trust identity principles to all AI agents and co-pilots.
- Audit third-party AI components for supply chain risks.
- Create AI-specific incident response playbooks.
- Schedule regular AI risk reviews tied to your company goals.
Avoid pitfalls such as:
- Treat AI security as a one-time project rather than an ongoing program.
- For convenience, grant broad permissions to agents.
- Ignore the Shadow AI until a breach forces a conversation.
- Delay governance until regulation forces action.
AI adoption will accelerate. Organizations that secure it now will innovate with confidence.
Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI.
