Security Teams Must Embrace What They Can't Control

Uploaded on 2025-08-05 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Recently, I joined a client call where a technical presenter was demonstrating how AI had compressed three days of manual work into mere minutes. The room was buzzing with excitement about productivity gains.

But as the security professional listening in, my reaction was quite different: "What tool is that? Who owns that platform? What data is being entered?"

Because this employee was feeding customer information - pricing data, potentially financial records -directly into these AI systems to streamline his workflow. When I asked the inevitable question, "Do you have an AI policy?" we discovered only vague language buried in their acceptable use documentation. The kind nobody reads after onboarding.

This scenario is playing out across organizations from London banks to Mumbai software companies to New York healthcare systems. The challenge isn't just technical—it's about bridging the gap between security concerns and business reality.

AI Adoption Is A Foregone Conclusion

Every industry conversation I have confirms the same truth: artificial intelligence isn't coming to your organization, it's already there. Whether leadership acknowledges it or not, your people are using these tools.

In Houston, an oil industry executive explained how his drilling teams use AI to analyze soil composition and weather patterns. "When we know it rained eighteen more days than usual in an area, we can predict higher oil capacity, allowing our equipment to drill deeper," he told me. Meanwhile, that same week, I used AI to plan a German vacation itinerary.

The applications span from mission-critical industrial processes to everyday productivity hacks. Healthcare organizations leverage AI for telehealth platforms. Finance teams run sophisticated risk models. I've even encountered a lemonade business owner implementing AI solutions.

Your employees are already experimenting with these tools. The question isn't whether AI will enter your workplace, it's whether you'll have visibility and influence over how it happens.

The Prohibition Effect Creates Greater Risk

When security teams issue blanket restrictions on AI tools, they trigger a prohibition effect. Just like telling teenagers never to drink, strict prohibition doesn't eliminate the behavior—it drives it underground where you lose all oversight.

Employees acquire secondary devices. They use personal smartphones unprotected by corporate security measures. They access AI platforms anyway, precisely creating the visibility gaps and data exposure risks that security policies aimed to prevent.

I've witnessed this pattern repeatedly. Organizations with the most restrictive security postures often have the most creative workarounds.

Breaking Down The Security Stereotype

Security teams face a persistent reputation problem. Many employees view us as "the introverted hacker wearing a hoodie in the basement” or the department that exists solely to reject requests and block innovation. This perception becomes particularly damaging with AI adoption because it kills the conversations we desperately need.

Recently, a developer approached me after a conference presentation. He'd been using APIs extensively but deliberately avoided engaging his security team about proper testing protocols. His reasoning? "Security will probably just say no anyway, so I'll handle it myself."

This assumption exposed his organization to months of unmonitored API usage. More critically, it prevented security from providing guidance when intervention could have been proactive.

The Right Conversation

Here's the interaction every security leader should want: a marketing manager approaches you saying, "I'm interested in this AI tool for our campaigns. How can I use it safely?"

That represents true partnership. Security gets to evaluate the tool, understand the use case, and provide guidance for safe implementation. We're not blocking AI adoption - we're facilitating it responsibly.

But when employees assume security will automatically reject their requests, they stop asking.

From Gatekeeping To Strategic Enablement

Successful AI governance requires proactive communication rather than reactive restrictions. Send newsletters promoting approved tools and safe usage guidelines. Host thirty-minute webinars titled "Using AI Safely in Our Organization" and record sessions for broader access.

Showcase successful partnerships. When employees collaborate with security to implement AI solutions safely, make those wins visible across the organization. Demonstrate that security enables innovation rather than preventing it.

Building trust requires consistent effort over time. Everyone uses AI in various ways—I used it for trip planning; your employees use it for work optimization.

Practical Governance For An Uncontrollable Reality

Perfect control over AI adoption is impossible. The realistic goal is informed adoption with practical guardrails that work in real-world conditions.
The answer lies in abandoning the illusion of control and embracing the reality of guidance. Security teams that position themselves as strategic partners in AI adoption will shape how these tools integrate into business processes. Those that maintain restrictive stances will find themselves reacting to decisions already made without their input.

The new risk isn't AI adoption itself, it's security becoming disconnected from AI usage that's happening with or without our involvement.

Jeremy Ventura is Field CISO at Myriad360

Image: Ideogram

You Might Also Read:

Data Compliance When Using MS Copilot:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.