In a recent closed-door CISO roundtable, security leaders shared candid perspectives on how generative AI (GenAI) is being governed inside their organizations. While maturity levels varied, there was broad agreement on one point: GenAI governance is no longer theoretical. It is operational, changing, and tightly intertwined with vendor risk, data protection, and organizational trust.
What follows is a synthesized view of the discussion, intentionally anonymized, reflecting what CISOs are seeing, debating, and implementing today.
A Deliberate, Cautious Start
Many CISOs described intentionally slowing down GenAI adoption rather than racing to deploy tools broadly. Early efforts focused on awareness including acceptable-use guidance, internal education, and visibility, before moving toward firmer technical controls.
In practice, this has evolved into a common operating model:
- Public GenAI tools are blocked by default.
- Only explicitly approved GenAI platforms and vendors are permitted.
- Separate guardrails exist for knowledge-worker use cases versus internally developed AI applications.
The intent is not to stifle innovation, but to avoid early missteps that could expose sensitive data or create regulatory and contractual risk that is difficult to unwind later.
Where Traditional Controls Fall Short
Network-based controls such as firewalls and secure web gateways remain a starting point, but CISOs were clear that they are insufficient on their own. These measures work only when users are on corporate networks and do little to address personal devices, remote access, or AI functionality embedded directly into SaaS platforms.
To compensate, several organizations are deploying internal GenAI platforms or private LLMs and actively steering employees toward sanctioned tools. The goal is to provide a safe alternative rather than relying solely on enforcement.
The Growing SaaS Visibility Gap
One of the most pressing concerns raised was the rapid introduction of GenAI features into existing SaaS products, often without clear notice. CISOs described discovering that trusted vendors had enabled AI capabilities that materially changed data handling and risk assumptions.
Rather than trying to block SaaS outright, CISOs are responding by tightening expectations with vendors. Common focus areas include:
- Mandatory notification when AI capabilities are added
- Clear opt-in requirements instead of default enablement
- Explicit restrictions on using customer data for model training
For many organizations, AI has become the forcing function that reopens contracts signed years ago under very different assumptions.
Trust, but Only with Verification
Trust surfaced repeatedly in the discussion, but always with limits. CISOs acknowledged that vendor relationships inherently rely on trust yet emphasized that AI materially changes that equation.
Several security leaders shared examples of walking away from long-standing vendors after AI-related changes weakened liability protections or shifted risk unfairly to the customer. In these cases, the issue was not simply AI itself, but whether the vendor could still be trusted to safeguard data in a way that aligned with customer and regulatory obligations. Overall, it's clear that trust is conditional, continuously reassessed and revocable.
Why Data Classification Alone Is Not Enough
While data classification remains foundational, CISOs agreed it does not fully address AI-specific risk. GenAI introduces new challenges that traditional controls were not designed to handle, including inference attacks, model poisoning, and shifting definitions of sensitivity across business units.
As a result, many organizations are revisiting data classification frameworks through an AI lens, often refining them by use case and line of business rather than relying on a single, static model.
Pushing Data Protection Further
To reduce exposure, CISOs discussed a range of advanced data protection strategies that go beyond encryption at rest and in transit. These efforts are still emerging, but common themes included:
- Data minimization to avoid sharing full datasets
- Tokenization for high-risk data such as payments and regulated information
- Masking and anonymization in non-production environments
- Early exploration of confidential computing and encryption-in-use
While promising, these approaches were described as costly, complex, and not yet well supported across the SaaS ecosystem. CISOs emphasized the need to educate both internal teams and vendors on why these controls are increasingly critical in AI-driven workflows.
Rethinking Cloud, On-Prem, and AI Placement
AI is also prompting a reevaluation of long-held infrastructure assumptions. Several cybersecurity leaders noted a shift away from an “everything in the cloud” mindset toward a more nuanced, use-case-driven approach.
Organizations are increasingly asking whether sensitive data truly needs to be processed in third-party LLMs, or whether private or localized models make more sense. Recent cloud outages and limited contractual remedies have only reinforced the need for this reassessment.
The result is a pendulum swing toward balance: placing AI workloads where risk, performance, and control are best aligned.
A Volatile Vendor Landscape
CISOs expressed caution around the AI security vendor market. New startups appear constantly, while established vendors race to add AI features through acquisition or integration.
Rather than committing early to unproven platforms, many cybersecurity leaders described a strategy of deliberate experimentation:
- Short, outcome-driven pilots
- Minimal long-term dependency on early-stage vendors
- Learning what “good” looks like before the market stabilizes
The objective is to be ready to consolidate capabilities into trusted, foundational platforms as they mature.
Governance as a Business Enabler
Despite the challenges, participants were clear that governance is not about saying no. When framed correctly, GenAI governance becomes an enabler, protecting customer trust, supporting revenue growth, and reducing friction over time.
Several leaders pointed to tangible business outcomes, including deals supported or preserved because strong AI governance controls were already in place. By tying security decisions directly to customer commitments and business value, CISOs are gaining broader organizational alignment.
What’s Next
Participants agreed that GenAI amplifies existing strengths and weaknesses. Organizations with mature foundations in data protection, third-party risk, and governance are better positioned to adopt AI safely, while those without them will feel the pressure quickly.
