CIO.works – Page 24

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

By CIO / Blog / security controls, threats, cybersecurity, AI

A report from Grip Security reveals that all analyzed companies operate SaaS environments embedded with AI, with a 490% year-over-year increase in public SaaS attacks, 80% involving sensitive data. The article highlights how “shadow AI”—agentic AI within SaaS apps often implemented without IT oversight—enables attackers to use stolen OAuth tokens to cascade breaches across multiple organizations, exemplified by the widespread 2025 Salesloft Drift breach, emphasizing the urgent need for better visibility, continuous governance, and risk-based controls of AI in SaaS to prevent massive cascading cybersecurity incidents.

https://www.securityweek.com/the-shadow-ai-problem-how-saas-apps-are-quietly-enabling-massive-breaches/

Companies Say the Risks of ‘Open’ Artificial Intelligence Models Are Worth It

By CIO / Blog / AI, risk management

The article reports that many companies are adopting open or partially open AI models despite security and governance concerns, because they offer lower cost, greater customization, and more control than proprietary systems. Firms say smaller, adaptable models are often better suited for business-specific tasks, and most organizations use a mix of open and closed models depending on the use case. The article concludes that while open models introduce risks such as supply-chain vulnerabilities and potential backdoors, companies believe the flexibility and performance benefits make those risks manageable.

https://www.wsj.com/cio-journal/companies-say-the-risks-of-open-artificial-intelligence-models-are-worth-it-0d3ee664

AI Still Doesn’t Work Very Well, Businesses Are Faking It, and a Reckoning Is Coming

By CIO / Blog / critique, productivity, AI

Experts from AI advisory firm Codestrap warn that enterprise AI applications often fail to deliver expected benefits due to underlying model limitations and lack of proper metrics to assess AI-generated code quality and business content. They predict a reckoning in 8-9 months as AI misuse leads to failures, lawsuits, pricing pressures, and insurance challenges, urging businesses to adopt clearer strategies, measure true outcomes, and address the hype around AI capabilities.

https://www.theregister.com/2026/03/17/ai_businesses_faking_it_reckoning_coming_codestrap/

Every Layer of Review Makes You 10x Slower

By CIO / Blog / critique, productivity, AI

The article argues that each additional layer of review in a process slows progress by a factor of ten, primarily due to waiting time rather than effort, and this bottleneck is not alleviated by AI coding tools. While reviews are necessary to maintain quality and reduce costly mistakes as organizations grow, excessive layers can degrade efficiency and mask root causes of problems, leading to a culture that values checks over genuine quality improvement. The author suggests adopting a Deming-inspired approach emphasizing trust, continuous systemic improvements, and modular small teams that produce high-quality components to reduce reliance on slow review cycles and create a more effective, scalable engineering culture.

https://apenwarr.ca/log/20260316

We Are All AI Philosophers Now

By CIO / Blog / AI, threats, regulation

The article emphasizes that AI systems inherently carry the biases and values of their creators through design choices, data, and policy decisions, meaning AI is never truly neutral. It calls on IT leaders to recognize that adopting AI is a governance decision that requires disciplined oversight, transparency, and accountability to manage risks and ensure AI-driven decisions align with organizational and societal values.

https://www.cio.com/article/4145026/we-are-all-ai-philosophers-now.html

Security and Generative AI Are Learning to Get Along

By CIO / Blog / cybersecurity, AI, risk management

IT professionals are navigating the challenge of integrating generative AI into cybersecurity without compromising safety, as the technology’s reliance on large volumes of raw data can expand threat surfaces. Experts emphasize the need for strong security architecture and domain expertise to ensure AI tools are both effective and secure, a priority underscored by the recent White House cyber strategy calling for AI-enabled cyber defense and innovation stewardship.

https://www.itbrew.com/stories/2026/03/12/security-and-generative-ai-are-learning-to-get-along

AI Is Everywhere, But CISOs Are Still Securing It With Yesterday’s Skills and Tools, Study Finds

By CIO / Blog / AI, risk management

A 2026 study by Pentera reveals that most Chief Information Security Officers (CISOs) are struggling to secure AI systems using outdated skills and legacy security tools, with 67% reporting limited visibility into AI usage within their organizations. The primary challenges are not budget-related but stem from a lack of specialized expertise and insufficient AI-tailored security controls, leading many to rely on traditional defenses unsuited for the complexities of AI infrastructure.

https://thehackernews.com/2026/03/ai-is-everywhere-but-cisos-are-still.html

Top 5 Things CISOs Need to Do Today to Secure AI Agents

By CIO / Blog / security controls, AI

The article emphasizes the critical need for Chief Information Security Officers (CISOs) to secure autonomous AI agents by treating them as first-class digital identities and shifting focus from traditional AI guardrails to strict identity-based access controls. It outlines five key actions: managing AI agents as distinct identities with clear ownership and permissions, eliminating shadow AI through continuous identity visibility, securing agents based on their intent, and implementing full lifecycle governance to prevent risk accumulation, highlighting that identity is the foundational and scalable control plane essential for safe AI deployment.

https://www.bleepingcomputer.com/news/security/top-5-things-cisos-need-to-do-today-to-secure-ai-agents/

SailPoint Launches Shadow AI Remediation to Empower Enterprises With Real-time Visibility and Control Over AI Usage

By CIO / Blog / AI, cybersecurity, tools

SailPoint Technologies has launched Shadow AI Remediation, a new solution that provides enterprises with real-time visibility and control over employees' use of unauthorized generative AI tools like ChatGPT and Gemini. This platform-centric tool enables organizations to monitor AI usage, prevent unauthorized data uploads, and enforce compliance by integrating AI governance into SailPoint's unified identity security framework.

https://www.globenewswire.com/news-release/2026/03/17/3257245/0/en/sailpoint-launches-shadow-ai-remediation-to-empower-enterprises-with-real-time-visibility-and-control-over-ai-usage.html

How Agentic AI Will Self-assemble the Enterprise Stack

By CIO / Blog / technology, AI

The article discusses how agentic AI is transforming enterprise application modernization by enabling autonomous, continuous, and dynamic self-assembly and optimization of technology stacks, moving beyond traditional human-led, project-based approaches. However, the key challenge lies not in technology but in governance, cultural readiness, and trust, as leadership must adapt to distributed accountability and policy-driven control to successfully govern AI-driven autonomous modernization at scale.

https://www.cio.com/article/4145777/how-agentic-ai-will-self-assemble-the-enterprise-stack.html