Discussion Topics
Two AI problems landed on the same desk this year. Most security teams are treating them as separate workstreams. They aren’t.
The first is the AI you didn’t build. Employees pasting sensitive data into LLMs your DLP wasn’t trained for. SaaS tools that quietly added “AI features” in a release note. Agents running 24/7 with admin access to your CRM, ticketing, and code repos, authenticating as service accounts no one has reviewed.
The second is the AI you did build. Detection, triage, and response automation increasingly making decisions before any human sees the alert. 77% of organizations already use AI in security operations. The money is moving. The results are mixed.
Different teams own these. Different budgets fund them. They share the same underlying problem: how do you govern systems that reason and act probabilistically, at scale, in production, every day?
What You’ll Learn:
- Why shadow AI is the new shadow IT, and why blocking a few LLM URLs at the proxy isn’t a control
- How non-human identities became a top cybersecurity trend for 2026, and what to do about agents authenticating as unreviewed service accounts
- Why data flow is the actual control surface for AI governance, and why blanket bans drive shadow AI
- What separates AI SOC programs that pay off from the ones running a broken process faster
- Why “auto-closed alerts” is a dashboard number, not ROI, and which lifecycle metrics actually prove the investment is working
- How double-layer governance gives you control without blocking automation entirely
- The three priorities to fund in 2026 if you only get to pick three
Download the guide to stop treating AI governance and AI in the SOC as two separate problems.
