SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
AI trust & governance seen as key to safe adoption

AI trust & governance seen as key to safe adoption

Tue, 14th Jul 2026 (Today)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

Security and technology leaders warn that trust and governance will determine how far businesses can safely push artificial intelligence, as AI Appreciation Day draws attention to the technology's rapid spread.

Senior executives at Entrust, CYGNVS and Gravwell say organisations are underestimating the risks created by autonomous agents, deepfakes and new AI attack surfaces, even as they embed the technology more deeply into core operations.

AI adoption is accelerating across sectors, from finance and healthcare to software development and customer service. Many businesses now deploy agentic AI systems that can trigger actions and workflows with limited human involvement. Analysts and regulators are also tracking a sharp rise in AI-related incidents that expose organisations to legal, security and reputational damage.

Anudeep Parhar, Chief Information Officer at Entrust, said the focus is shifting from AI's technical potential to whether companies can rely on it in high-stakes environments.

"AI is becoming more intelligent every day. The bigger question now is whether organizations can trust it with greater autonomy. Organisations are using AI to accelerate innovation, drive growth, streamline operations, and unlock new levels of productivity. At the same time, AI has enabled threat actors to create deepfakes, synthetic identities, and increasingly convincing scams that can compromise sensitive information at scale. As organizations rapidly adopt agentic AI, existing models for identity, authorization, governance, and accountability must evolve to support machine-scale activity. Even in a more autonomous, agentic future, some level of human-in-the-loop oversight will remain critical-particularly for high-consequence decisions and actions. As AI continues to evolve, trust will be the challenge of the next era. It's on organizations to understand the risks and integrate AI safely, with trust as the foundation," said Anudeep Parhar, Chief Information Officer, Entrust.

His comments reflect growing concern that AI-generated deepfakes and synthetic identities will erode existing trust frameworks. Security teams now treat convincing audio and video fabrications as routine elements of phishing, fraud and social engineering campaigns. Organisations are also reviewing identity and access management systems built for human users rather than large fleets of software agents.

Incident data suggests that AI failures and misuse are already widespread. Arvind Parthasarathi, Chief Executive Officer and Founder at CYGNVS, pointed to both sanctioned and unsanctioned deployments inside enterprises.

"AI is now being embedded in customer service, software development, financial operations, healthcare and countless other business-critical processes, helping organizations work faster and make better decisions. But what happens when the AI goes wrong? Have organizations considered their response? Gartner research found that sixty-one percent of senior professionals report observing AI agent automation deployed through approved enterprise software, while 59% report evidence of, or strong suspicion of, unsanctioned, employee-driven AI agents operating outside governed pathways. The OECD AI Incidents and Hazards Monitor recorded 596 AI incidents in January 2026 alone, up 200% year-over-year. AI incidents include model bias violating laws and regulations, hallucinations creating legal and customer exposure, data leakage triggering GDPR and HIPAA violations, and autonomous agents pursuing objectives in unintended or destructive ways. When an AI agent misbehaves, organizations need to activate a cross-functional machinery spanning IT, security, legal, executives, as well as external providers like law firms. Without a playbook of what to do or a response platform to do it in, organizations reach for email and internal messaging, exactly the systems that may be influenced by or accessible to the AI under investigation," said Arvind Parthasarathi, Chief Executive Officer and Founder, CYGNVS.

Those remarks highlight a gap between AI deployment and incident preparedness. Many organisations treat AI as an extension of software rather than a source of complex, multi-jurisdictional risk. When models hallucinate, leak data or breach policy, companies often lack clear ownership, communication channels and containment procedures.

New Attack Surface

Alongside governance concerns, security specialists are reassessing how AI changes the nature of cyber risk. Corey Thuen, Chief Executive Officer and Co-Founder at Gravwell, said AI changes the interface between humans and machines rather than the underlying computing model.

"I'm going into AI Appreciation Day with a healthy dose of skepticism, which I think we all need as we learn to coexist with and utilize it responsibly. One of the biggest misconceptions about AI is that it's changing how computers work...but it actually isn't. Computers still work the way they always have. What's changed is the interface. For the first time, users are interacting with systems that don't always produce the same output from the same input. We're no longer just exploiting software. We're social engineering computers; instead of convincing a person to ignore the rules, you're convincing an AI model to ignore its guardrails. That's a new attack surface for machines and one that's evolving extremely fast. AI deserves credit for helping security researchers uncover vulnerabilities at scale, but it also creates a dangerous misconception. Too many people assume that because AI's writing sounds pretty good, it understands all situational context and knows what it's doing. It doesn't, plain and simple. It's predicting language, not reasoning about security, policy or intent. That's exactly why prompt injection works here: attackers manipulate AI models using language, because those models can't distinguish between a legitimate instruction and a cleverly crafted one with malicious intent. Security teams that understand those limitations and balance AI's weaknesses with human intelligence will build stronger defenses than those who assume it's smarter than it really is," said Corey Thuen, Chief Executive Officer and Co-Founder, Gravwell.

Thuen's warning underlines a shift in attacker tactics from exploiting code vulnerabilities to exploiting model behaviour. Security teams now test prompts and outputs alongside traditional penetration testing and log analysis. Many also build human review into workflows that rely on AI for security decision support or automated responses.

Together, the comments from Entrust, CYGNVS and Gravwell point to a convergence of trust, governance and security questions as AI systems act with more autonomy. Executives argue that organisations that combine human oversight, clear incident playbooks and realistic expectations of AI's limits will be better placed to manage the technology's next phase.