SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Madhu
#
Data Protection
#
DevOps
#
Digital Transformation

Leading security in the AI era: Why CISOs must secure AI while using AI to secure the enterprise

Tue, 17th Mar 2026
By Madhu K, Chief Information Security Officer, Sonata Software

Artificial intelligence has moved beyond hype to implementation and impact. It has firmly established itself as a transformative force in cybersecurity. Across industries, AI is reshaping how organizations build software, interact with customers, analyze data, and automate decision-making. In this environment, cybersecurity leaders are confronting a pivotal question: how do we harness the power of AI without compromising resilience, governance, and trust?

For today's Chief Information Security Officer (CISO), the rise of AI presents a dual mandate. The first is strategic: how do we ensure that AI systems themselves are secure, governed, and aligned with enterprise risk tolerance as they become embedded across business functions? The second is operational: how can AI be used to transform security operations and engineering?

Avoiding AI is not a viable strategy. Organisations are adopting AI rapidly to accelerate innovation, improve efficiency, and gain competitive advantage. The role of the CISO is therefore not to slow this momentum, but to ensure it unfolds responsibly. Security leadership must establish structured guardrails that enable innovation while protecting the enterprise from unintended risk.

This article explores the two dimensions of this transformation: Security in AI, ensuring that AI-driven systems are secure and trustworthy, and AI for Security, where intelligent technologies fundamentally reshape how security teams operate.

Security in AI – Protecting Innovation Without Slowing It

Across industries, organizations are racing to bring AI-powered solutions to market. Development teams are building minimum viable products at unprecedented speed, using AI-assisted coding tools, automated testing frameworks, and generative models to accelerate development cycles. AI copilots are now assisting developers in writing code, generating application logic, suggesting libraries, and even automating documentation.

While this speed creates significant business value, it also introduces a subtle but important risk: security can easily become an afterthought.

Historically, insecure code was often the result of rushed development, lack of secure coding awareness, or deliberate compromise. Today, the dynamics are changing. A well-intentioned developer using an AI coding assistant may unknowingly introduce insecure code patterns into production systems. AI-generated code can include outdated libraries, unsafe API integrations, insecure authentication logic, or improper input validation. Because AI tools often generate functional code quickly, developers may assume it is also secure - an assumption that is not always valid.

The result is a shift in the risk landscape. Instead of isolated vulnerabilities introduced by individual developers, organizations may see systematic vulnerabilities replicated across multiple applications when AI-generated code patterns are reused.

The amplification effect is real. AI accelerates innovation, but it also accelerates the propagation of design flaws and insecure development practices.

In this environment, CISOs must ensure that security is embedded into AI adoption from the outset. This does not mean imposing roadblocks that slow innovation. Rather, it requires implementing governance mechanisms that allow teams to move quickly while operating within secure boundaries.

Responsible AI governance begins with disciplined control frameworks.

First, organizations must clearly define the problem AI is intended to solve. Is the AI system generating application code, assisting with analytics, automating customer interactions, or supporting operational decisions? This clarity helps ensure appropriate security controls are embedded into the development lifecycle.

Second, measurable outcomes must be established. AI systems should be evaluated not only for performance and productivity but also for security outcomes - such as adherence to secure coding standards, reduction of insecure dependencies, and alignment with enterprise security policies.

Third, AI-driven development must incorporate business and regulatory context. Applications handling sensitive customer data, financial transactions, or regulated workloads require stronger guardrails than internal tools or low-risk environments.

Fourth, stakeholder accountability must be clearly defined. Development teams, product owners, platform engineers, and security teams must share responsibility for ensuring AI-generated code adheres to organizational security standards.

Finally, model training and validation must be governed rigorously. AI models used in development pipelines rely on large datasets that may contain insecure coding patterns. Continuous validation, code scanning, and security testing are essential to prevent insecure outputs from propagating into production environments.

Security in AI is therefore not achieved through optimism or technological enthusiasm alone. It requires structured governance, measurable controls, and continuous oversight.

The goal is not to slow innovation - but to ensure that innovation does not omit resilience.

AI for Security – Transforming How Security Teams Operate

While organizations must secure AI systems, AI itself is also becoming one of the most powerful tools available to security teams.

Modern security operations centers face enormous pressure. Security teams must monitor thousands of alerts daily across complex environments spanning cloud platforms, SaaS applications, endpoints, and third-party ecosystems. At the same time, the global cybersecurity talent shortage continues to widen, placing additional strain on already stretched teams.

Consider vulnerability management. Traditionally, organizations perform periodic scanning cycles that generate thousands of vulnerability findings. Security analysts must manually prioritize these findings and coordinate remediation across multiple teams. AI-driven systems can now correlate vulnerability data with asset criticality (asset exposed to internet or not), threat intelligence, and exploit availability to automatically prioritize risks. Routine vulnerabilities can be remediated automatically, while analysts focus on complex or high-risk exposures.

In security operations centers, AI-powered systems can analyze and correlate alerts across multiple detection tools, generate investigation timelines within seconds, and recommend containment actions. Instead of spending hours reconstructing attack sequences, analysts can begin investigations with contextual insights already assembled.

Compliance and governance functions are also being transformed. Evidence collection for regulatory audits often consumes a significant portion of analyst time. AI systems can continuously monitor control effectiveness, collect evidence automatically, and generate audit-ready reports on demand.

In data protection, machine learning can classify structured and unstructured data across enterprise environments, enabling dynamic and context-aware data loss prevention rather than static rule-based controls.

These capabilities allow AI to enhance security operations across five measurable dimensions.

The result is not the elimination of security professionals, but a shift in how they work.

The Evolution of Security Roles

AI is strengthening and evolving cybersecurity roles rather than replacing them.

As repetitive operational tasks become automated, security professionals will increasingly operate as supervisors and strategists overseeing intelligent systems.

In this new environment, the defining capabilities of security professionals extend beyond technical depth to include AI literacy, analytical reasoning, and governance oversight.

The shift is from manual execution to supervisory intelligence.

Guardrails, Not Roadblocks

Artificial intelligence is redefining cybersecurity at both operational and strategic levels. For CISOs, the real question is how organizations choose to govern and operationalize AI.

When implemented thoughtfully, AI enables security teams to detect threats faster, analyze risks more accurately, scale operations more efficiently, and deliver steadier outcomes. It transforms cybersecurity from a reactive firefighting function into an intelligent system of continuous monitoring and strategic risk management.

However, these benefits emerge only when AI is deployed with discipline. Strong governance, clear accountability, and high-quality data foundations are essential prerequisites. Security leaders must therefore think beyond tools and toward systems - systems of governance, accountability, and measurable value.

The organizations that succeed will be those whose security leaders embrace this dual mandate: leveraging AI to elevate security performance while embedding security into every AI initiative across the enterprise.

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
OVHcloud adds Quandela Belenos quantum computer to platform

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names