preloader
Resources

AI Security: Control, Chaos, or Catch-Up?

RANT Roundtable June 2026

In Partnership With

AI is moving from personal experimentation to enterprise-wide adoption at pace. However, security strategies are reportedly struggling to keep up.

At a recent roundtable held in Manchester on the hottest day of the year, attendees were asked why they had come along, and the responses reflected the wide range of concerns organisations currently have around AI:

  • See use of AI across estates, do assurance and help people understand risks
  • Squeeze AI into everything, consider what to give access to
  • Everyone wants to use AI, but have optimistic dread
  • We are implementing it
  • Worried AI will replace jobs; my job is to make sure there is assurance
  • Concerned about what employees and contractors do with AI
  • How can I use AI for what I do, while managing, protecting and defending against AI threats?
  • How everyone else approaches AI adoption and deals with access requests

Opening the discussion, Merlin Gillespie, director at Cybanetix, said there is a vested interest in securing technology, which is difficult enough, while also developing policies that encourage innovation. Meanwhile, Tim Gibbs, director of sales for EMEA at Noma Security, said he was relatively new to the security space but had spoken to hundreds of organisations about AI adoption and the security challenges they face every day. “We strive to keep up with the agents of change,” he said.

He noted that AI adoption continues to rise, although organisations are at very different stages of maturity. Some are well advanced, while others are only beginning their AI journey, yet all are faced with managing hundreds, if not thousands, of AI agents.

Chair Rob Black asked the table where they were with AI adoption. One attendee said they were trying to “wrap guardrails” around AI while running at “1,000mph”, while others commented that they did not want to stifle innovation but instead wanted to understand how to control AI while continuing to use the models available.

Others observed that some organisations simply “want to be the first to do everything and implement it”, while another attendee questioned who is responsible when AI does something unexpected.

The discussion centred on the theme that AI is moving from experimentation to enterprise-wide adoption at pace, but security strategies are struggling to keep up, with many organisations still grappling with what that means in practice.

Restrict and Manage Risk

Moving the discussion on, Black asked how organisations can define and manage their risk appetite without simply restricting AI altogether.

The conversation quickly turned to how AI is being used, whether internally or externally, and the implications of what external tools can ingest and what internal tools may inadvertently disclose. One attendee described AI as “the Wild West”, suggesting that some organisations are willing to be first movers, while others are happy to accept the associated risks.

Another attendee argued that business leaders are under pressure but are not necessarily discussing AI strategically. Instead, CIOs and CTOs are expected to improve productivity, while CISOs are expected to remain cautious, restrictive and sensible.

Others noted that developers are already downloading and training models, with several admitting to using tools such as Claude and Gemini. One attendee explained that AI had already helped respond to client audit requests and could “chop time from the process”.

The discussion highlighted a familiar dilemma: restrict AI and risk falling behind, or open the floodgates and attempt to retrofit controls later. Alongside this are the practical challenges of preventing sensitive data leakage, securing AI models themselves and enforcing policy-driven controls.

This is why there needs to be a broader conversation about the real challenges behind AI security in modern enterprises, cutting through market noise to explore practical approaches that enable organisations to use public AI securely.

Another attendee argued that organisations should learn from history. They pointed out that industries have successfully introduced controls around mobile banking, cloud computing and internet usage, so there is no need to overcomplicate AI governance. Instead, organisations should build on the controls and lessons that already exist.

Gillespie added that the pace of change has accelerated dramatically over the past five years and that AI is now approaching a tipping point. Organisations can almost guarantee they are using AI every day, yet the speed of adoption remains difficult to measure.

Others described AI as “more of a black box”, questioning what happens inside the models and whether they can truly be trusted.

How Do You Use It?

Asked by Black how organisations are using AI today, one attendee said behavioural AI can monitor business activity, identify anomalies and alert users. AI can then summarise those alerts, providing context around what constitutes normal behaviour.

Another attendee said AI can provide an overview of key information and help pull together sources, allowing users to generate an initial statement or draft much more quickly. However, everyone agreed that there must always be a human element involved.

On the subject of trust, Black asked where attendees were in their AI journey. One participant said they had no inherent trust in AI and instead approached it with a “zero trust” mindset, reviewing and understanding each tool before deployment. Without properly assessing and accepting the risks, they argued, users would inevitably find ways around the controls.

Another attendee said the situation is made more complicated because every AI platform is different, with no standardised set of effective controls that organisations can consistently apply.

Others noted that mapping AI outputs back to existing security controls requires considerable time and effort. While AI can often complete tasks faster than an individual, it is only trustworthy when organisations understand how it arrived at its conclusions and can validate the results.

Another attendee said AI often falls down on explainability. Organisations need to be able to ask why an AI made a particular decision and determine whether its reasoning can be trusted. AI models require tuning, and anyone expecting immediate results should instead expect improvements over several months.

Ultimately, one attendee concluded that organisations should embrace AI and innovate with it, but treat anyone using generative AI as if they were a developer.

Who Owns AI?

In the final section, Black asked who is driving AI adoption within organisations.

The discussion focused on how organisations are structuring ownership, including whether responsibility for AI security should sit with the CISO or whether new roles, such as Chief AI Officer, are beginning to emerge.

One attendee said the pressure comes from two directions: CEOs looking to improve workflows and software developers eager to adopt AI as quickly as possible.

Another argued that organisations should first identify where AI genuinely delivers efficiencies and assess whether it is appropriate for each team. They also stressed the importance of understanding where AI provides value, where it does not, and communicating those decisions in business language.

Others said organisations must determine who the users are, how AI will improve their work and why it should be used in the first place. One attendee suggested that many boards see AI as a panacea, failing to understand its limitations and associated risks. Instead, there is an expectation that AI will simply make everything better, and organisations are often expected to deliver on that belief.

Concluding the discussion, Gillespie said there is ultimately a question of trust: organisations need to get more value out of AI than they put into it, while ensuring a human remains involved. He admitted that “the world moves on” and described this as “the most interesting time in the technology landscape”. Regardless of whether AI proves to be wholly good or bad, he said, it is certainly interesting.

Gibbs said he had listened closely to the discussion around leveraging AI within the SOC, particularly the points raised around trust, data security and the rise of agentic AI. He stressed that he was not dismissing the technology, but organisations need to understand which AI agents are legitimate, what capabilities they have and how they are being used.

“The only thing is no one knows where we’re going,” he said. Although he personally vets everything AI produces, he concluded that it is “fantastic” and that he “cannot live without it”.