CIO.works – Page 23

Shadow AI Has Already Moved Into Your Organization

By CIO / Blog / security controls, cybersecurity, AI, risk management

The article explains that “shadow AI” is already widespread in organizations, as employees use public or unapproved AI tools to speed up work without going through IT or security review. Because these tools can be accessed instantly in a browser, blocking them is often ineffective, resulting in lost visibility into how company data is used. The article concludes that organizations must shift from trying to prohibit AI use to creating governance frameworks, approved tools, and clear policies that enable productivity while maintaining security and compliance.

https://www.forbes.com/sites/tonybradley/2026/03/19/shadow-ai-has-already-moved-into-your-organization/

Broadcom Delivers the World’s First End-to-End PQC-safe, In-flight Network Encryption Solution

By CIO / Blog / post-quantum, network, technology, encryption, cybersecurity

Broadcom Inc. has announced the shipment of the world’s first end-to-end Post-Quantum Cryptography (PQC)-safe, in-flight network encryption solution, integrated into Everpure's FlashArray storage platform via Emulex SecureHBAs. This solution enables automatic, high-performance encryption of all in-flight Fibre Channel data, protecting against future quantum computing threats and complying with CNSA 2.0 and NIS2/DORA standards without impacting system performance or existing storage services.

https://investors.broadcom.com/news-releases/news-release-details/broadcom-delivers-worlds-first-end-end-pqc-safe-flight-network

What It Takes to Level up Your Org’s AI Maturity

By CIO / Blog / strategy, AI, leadership

In an interview with AI transformation practitioners Afshean Talasaz and Zar Toolan, key insights are shared on how organizations can advance their AI maturity from initial adoption to driving significant business impact. They emphasize the importance of a combined innovator-operator leadership mindset, detailed preparation, and aligning AI investments with long-term business strategies, supported by strong C-suite and CEO commitment. This approach helps companies move beyond treating AI as an operational tool to embedding it as a strategic asset that delivers measurable value and competitive advantage.

https://www.cio.com/article/4146645/what-it-takes-to-level-up-your-orgs-ai-maturity.html

AI Without Sovereignty Is Just Outsourced Intelligence

By CIO / Blog / AI, strategy, leadership

In his opinion piece, Floyd DCosta argues that enterprises adopting AI often gain capability but lack sovereignty—control over how AI models and data are used—creating long-term risks and dependencies on third-party vendors. He emphasizes AI sovereignty as essential, encompassing governance, transparency, data and model control, operational autonomy, and strategic independence, warning that without it, organizations may inadvertently cede their competitive intelligence and face regulatory and operational challenges.

https://www.cio.com/article/4147102/ai-without-sovereignty-is-just-outsourced-intelligence.html

Deterministic AI: What It Is and When to Use It

By CIO / Blog / AI, automation

Deterministic AI refers to systems that produce the same output every time they receive the same input, combining AI’s ability to interpret data with deterministic workflows that ensure consistency and control. This hybrid approach uses probabilistic AI models to analyze and classify inputs while embedding their outputs in rule-based automation that executes reliably, making it ideal for enterprise workflows needing predictable, repeatable results. Zapier exemplifies this by orchestrating AI-powered workflows that maintain deterministic execution, blending AI’s flexibility in understanding complexity with automation’s dependability.

https://zapier.com/blog/deterministic-ai/

Focus Areas When Implementing Data Protection by Design and by Default in 2026

By CIO / Blog / compliance, privacy, regulation, GDPR, data protection

Data protection by design and by default, a key principle of the EU GDPR, remains inconsistently implemented nearly a decade after its adoption, requiring organizations to consider four main factors—state of the art, cost of implementation, processing context, and risks to individuals—for effective compliance. In 2026, evolving technologies and regulations, especially concerning AI, demand a dynamic, risk-based approach that integrates ongoing assessment and adaptation of technical and organizational measures from the system design stage through deployment to safeguard personal data and uphold individuals' rights.

https://iapp.org/news/a/focus-areas-when-implementing-data-protection-by-design-and-by-default-in-2026

Stop Building Security Goals Around Controls

By CIO / Blog / cybersecurity, leadership, compliance, security controls

Devin Rudnicki, CISO at Fitch Group, emphasizes that security goals should be aligned with business outcomes rather than focused solely on controls, advocating for strategies anchored in corporate objectives, real cyber threats, and industry standards. She highlights three key metrics for security programs—value, risk, and maturity—and stresses the importance of presenting risk in actionable terms for leadership, balancing innovation speed with measured risk, and using automation to free human resources for higher-value work.

https://www.helpnetsecurity.com/2026/03/18/devin-rudnicki-fitch-group-ciso-business-alignment/

CISOs Rethink Their Data Protection Strategies

By CIO / Blog / data protection, cybersecurity

Chief Information Security Officers (CISOs) are rethinking their data protection strategies in response to the rapid expansion of artificial intelligence (AI) use, which magnifies the risks to sensitive data through increased data sharing and exposure. Organizations are enhancing data classification, access management, and monitoring tools, adopting zero-trust frameworks, and frequently updating policies to keep pace with evolving technologies, regulatory requirements, and emerging AI-enabled cyber threats, underscoring the critical need for continuous adaptation in data security programs.

https://www.csoonline.com/article/4143384/cisos-rethink-their-data-protection-strategies.html

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

By CIO / Blog / AI, cybersecurity, threats, security controls

A report from Grip Security reveals that all analyzed companies operate SaaS environments embedded with AI, with a 490% year-over-year increase in public SaaS attacks, 80% involving sensitive data. The article highlights how “shadow AI”—agentic AI within SaaS apps often implemented without IT oversight—enables attackers to use stolen OAuth tokens to cascade breaches across multiple organizations, exemplified by the widespread 2025 Salesloft Drift breach, emphasizing the urgent need for better visibility, continuous governance, and risk-based controls of AI in SaaS to prevent massive cascading cybersecurity incidents.

https://www.securityweek.com/the-shadow-ai-problem-how-saas-apps-are-quietly-enabling-massive-breaches/

Companies Say the Risks of ‘Open’ Artificial Intelligence Models Are Worth It

By CIO / Blog / risk management, AI

The article reports that many companies are adopting open or partially open AI models despite security and governance concerns, because they offer lower cost, greater customization, and more control than proprietary systems. Firms say smaller, adaptable models are often better suited for business-specific tasks, and most organizations use a mix of open and closed models depending on the use case. The article concludes that while open models introduce risks such as supply-chain vulnerabilities and potential backdoors, companies believe the flexibility and performance benefits make those risks manageable.

https://www.wsj.com/cio-journal/companies-say-the-risks-of-open-artificial-intelligence-models-are-worth-it-0d3ee664