The Accountability Gap Nobody Wants to Talk About

There is a pattern playing out in organizations across every sector right now. The board approves an AI strategy. The CTO selects a vendor. The business units begin deploying tools. And somewhere along the way — usually after the fact — the CISO is handed responsibility for securing it all.

This is not anecdotal. The SANS 2025 AI Survey, one of the most comprehensive annual assessments of AI's impact on security, found that 100% of organizations plan to incorporate generative AI within the next year, yet it identifies a "concerning lack of security team involvement in governing GenAI" as one of its most significant findings. Only 20% of security professionals report even limited involvement in governing generative AI at the enterprise level [1].

The result is a structural accountability gap: CISOs are expected to own the risk of systems they had no hand in designing, selecting, or deploying.

This has always been part of the job — CISOs have never controlled every technology decision in their organizations. But AI changes the stakes fundamentally. Traditional software executes instructions. Agentic AI makes decisions and takes autonomous actions. It operates continuously, at machine speed, touching sensitive data across systems in ways that are often invisible to the security team.

As Cybersecurity Insiders' 2025 State of AI Data Security report puts it plainly: "You cannot secure an AI agent you do not identify, and you cannot govern what you cannot see" [2].

The question for CISOs is not whether to accept this responsibility — it will be assigned regardless. The question is how to establish enough control to manage it responsibly.

Why Traditional Security Frameworks Break Under AI

Most organizations are making a critical mistake: treating AI security as a simple extension of their existing privacy and data protection frameworks. The CSA and Google Cloud 2025 State of AI Security and Governance report — based on 300 responses from IT and security professionals — found that organizations are widely "failing to account for new, AI-specific threats," with data exposure (52%) dominating concerns while genuinely AI-native risks like model integrity compromise (12%) and data poisoning (10%) barely register [3].

This approach fails for three reasons.

First, AI introduces a new class of actor into your environment. An AI agent is not a user, and it is not traditional software. It is an autonomous, non-human identity with persistent access to data, systems, and actions. Your existing IAM policies were built for humans. They assume deliberate, observable behavior. According to Obsidian Security's 2025 AI Agent Security Landscape report, AI agents routinely hold 10 times more privileges than required, and 90% of agents are currently over-permissioned [4]. Applying human-centric identity models to machine-speed actors creates compounding blind spots.

Second, the attack surface is fundamentally different. The 2025 Cybersecurity Insiders report found that 76% of security professionals identify autonomous AI agents as the hardest systems to secure, while 57% lack the ability to block risky AI actions in real time [2]. The threat is not only external: a compromised or misdirected agent can operate under valid credentials, execute legitimate-looking workflows, and exfiltrate data before any detection threshold is triggered.

Third, and most critically, visibility is the core problem — not the perimeter. The same Cybersecurity Insiders report found that nearly half of organizations have no visibility into AI usage, and another third have only minimal insight, leaving most enterprises unsure where AI is operating or what data it touches [2].

A Practical Governance Framework for the CISO

What follows is not a compliance checklist. It is an operational framework for CISOs who need to establish meaningful control over AI risk in environments where deployment has already outpaced governance.

Step 1: Build Your AI Asset Inventory

Before anything else, you need to know what AI is running in your environment. This means active discovery — not relying on what the business reports, because shadow AI is a growing and material problem. According to Acuvity's 2025 State of AI Security report, 49% of organizations expect a shadow AI incident within the next 12 months [5]. Use your existing DLP, CASB, and network monitoring tools to detect API calls to known AI services. Conduct departmental audits. The goal is a living inventory that maps every AI tool, the data it accesses, the actions it can take, and who owns it. This inventory is the foundation of everything that follows.

Step 2: Establish a Formal AI Procurement Gate

Every AI tool — whether enterprise platform or departmental point solution — must pass through a security review before deployment. The CSA/Google Cloud research found that organizations with comprehensive governance policies are nearly twice as likely to successfully adopt agentic AI (46%) compared to those with only partial policies (25%) [3]. The gate should include: data handling and residency assessment, third-party risk evaluation, review of autonomous action scope, and explicit sign-off from security, legal, and data protection before any pilot proceeds.

Step 3: Apply Zero Trust Principles to AI Agents

Treat every AI agent as a privileged non-human identity. This means least-privilege access scoped to the minimum data and systems required for each specific function. It means full action logging covering every tool invocation, every data access, every output. It means runtime guardrails that can block unsafe actions before they execute. Microsoft's 2026 Cyber Pulse AI Security Report, drawing on first-party telemetry from tens of thousands of deployed agents, calls this explicitly: organizations must apply Zero Trust principles to AI agents with the same rigor applied to privileged human users, including identity enforcement, scope boundaries, and behavioral monitoring [6].

Step 4: Establish Continuous AI Monitoring

Static assessments are insufficient for systems that adapt over time. The 2025 Acuvity State of AI Security report found that 38% of organizations identify the runtime phase as their most vulnerable AI security point — the moment when AI components interact with real data and users in production [5]. Monitoring must be continuous: prompts and outputs, tool calls, agent-to-agent interactions, data access patterns, and behavioral drift. Build this into SOC workflows now, before volume makes it unmanageable.

Step 5: Reframe AI Risk for the Boardroom

The CISO's ability to govern AI depends significantly on how well they communicate AI risk upward. Technical explanations of model vulnerabilities, prompt injection, or data poisoning will not move a board to action. What will is connecting AI risk to what boards already care about.

Proofpoint's 2025 Voice of the CISO report — based on 1,600 CISOs across 16 countries — found that boards now rank business valuation as their top concern following a cyberattack, up from the bottom of the list in previous years [7]. That is the hook. An ungoverned AI agent accessing sensitive customer data is not a technical incident — it is a GDPR and NIS2 data breach with notification obligations and financial penalties. An AI system making autonomous decisions in a regulated process is an EU AI Act audit finding waiting to happen. Frame it this way: every AI deployment without governance is an unquantified liability. The cost of governance is known and controllable. The cost of a regulatory action or breach is not.

The Bigger Picture

The data is unambiguous. Boardroom alignment with CISOs has declined from a high of 84% in 2024 to 64% this year Proofpoint — even as AI adoption accelerates and the CISO's scope of responsibility expands. The CSA/Google Cloud research found that only 26% of organizations have comprehensive AI security governance in place, and that the gap between those organizations and the majority still developing partial policies is widening across every dimension: leadership awareness, workforce readiness, and confidence in AI protection [3].

The CISO's impossible position — securing what you didn't build — is not going to resolve itself. The pace of AI adoption will not slow to accommodate governance maturity. The governance must be built while the deployment is already in motion.

That is difficult work. But it is the work. The CISOs who build it now — methodically, with business language that boards can act on — will be the ones who remain credible partners to their organizations rather than perpetual firefighters.

The goal is not to stop AI. It is to make AI governable. Those are very different ambitions. Only one of them is achievable.

Sources

[1] SANS Institute. SANS 2025 AI Survey: Measuring AI's Impact on Security Three Years Later. Available at: https://www.elastic.co/pdf/sans-2025-ai-survey-elastic.pdf

[2] Cybersecurity Insiders / Cyera. 2025 State of AI Data Security Report. December 2025. Available at: https://www.prnewswire.com/news-releases/cybersecurity-insiders-warns-ai-adoption-is-outpacing-governance-in-new-2025-report-302630674.html

[3] Cloud Security Alliance / Google Cloud. State of AI Security and Governance Survey Report. December 2025. Available at: https://cloudsecurityalliance.org/press-releases/2025/12/18/csa-and-google-cloud-study-finds-governance-maturity-is-strongest-predictor-of-ai-readiness

[4] Obsidian Security. 2025 AI Agent Security Landscape: Players, Trends, and Risks. January 2026. Available at: https://www.obsidiansecurity.com/blog/ai-agent-market-landscape

[5] Acuvity. 2025 State of AI Security. Available at: https://acuvity.ai/2025-state-of-ai-security/

[6] Microsoft Security. Cyber Pulse: An AI Security Report. 2026. Available at: https://www.microsoft.com/en-us/security/security-insider/emerging-trends/cyber-pulse-ai-security-report

[7] Proofpoint. 2025 Voice of the CISO Report. August 2025. Available at: https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-2025-voice-ciso-report