Tag Archives: AI

Governing AI Agents

Introduction to Agents (Google)

As organisations accelerate AI adoption, a familiar pattern is emerging: security teams – often the CISO – are increasingly asked to own or coordinate AI governance. That outcome is not an accident. Security leaders already operate across departmental boundaries, manage data inventories, run cross-functional programs and are trusted by executives and boards to solve hard, systemic problems. AI initiatives are inherently cross-disciplinary, data-centric and integrated into product and vendor ecosystems, so responsibility naturally flows toward teams that already do that work. This operational reality creates an opportunity: security can (and should) move from firefighting to shaping safe adoption practices that preserve value and reduce harm.

In this blog I outline key strategies on how to be successfully in leading AI governance initiatives in your organisation.

More

AI Agents and Security

We are entering the agentic era – an inflection point defined by AI systems that can reason, plan and take action autonomously. This shift may be among the most consequential technological transformations of our generation, and it carries an equally significant obligation: to ensure these systems are designed, governed and deployed in ways that earn and sustain trust.

I completed a 5-Day AI Agents Intensive Course where we dove deep in Google’s open source Agent Development Toolkit. In this blog, I’ll share key takeaways and practical suggestions so you can navigate this shift and learn to build AI agents of your own.

More

FinTech, AI and Cyber

I recently took the stage to talk about one of the most consequential inflection points facing FinTech: the rapid arrival of agentic AI – systems that plan, decide and act autonomously – and what it means for risk, reputation, regulation and customer trust. Below is a distillation of the talk: what agentic AI actually is, why FinTechs are racing to adopt it, the real cyber threats it brings, and a pragmatic playbook leaders can use today.

More

AI and Cyber for Board Directors

It was good to attend the Essential Director Update – a timely reminder that good governance now requires foresight as well as oversight.

Staying on the forefront of contemporary governance demands AI and cybersecurity competency.

My key takeaways for boards and executives:
☑️ Data is the fuel: protect data integrity (accurate, consistent, timely) and focus governance where it creates the most value.
☑️ AI is everywhere, no longer just an IT challenge: adopt a human-centred approach, define guardrails around intent, and factor legal and ethical considerations into every deployment.
☑️ Balance innovation with risk: prioritise highest-value use cases, automate safety controls where possible, but don’t outsource accountability.
☑️ Cybersecurity must be risk-based: know your crown jewels, expect incidents, build crisis response plans and regularly test your defences.
☑️ People first: changing work practices will affect roles and culture; steer the transition and invest in policy and education.

Evolution of third-party risk, accountability and trust

It was great to join last night’s panel, where I shared practical lessons from managing AI in vendor ecosystems – including ethical implications, regulatory uncertainties and resilience at scale.

If you run a restaurant, your supplier gives you a batch of ingredients and you use them in meals for customers. You’re responsible if the food makes people sick. AI vendors are ingredient suppliers – you are the chef.

Guardrails don’t have to block progress – they can make AI reliable and trustworthy.

Responsible Management Prize

I’ve been awarded the Responsible Management Prize 🏆

This award recognises the values that guide me every day: honesty, integrity and leading with purpose.

In today’s evolving business landscape, where AI, risk management and cybersecurity intersect, ethical practice is essential. Because what we stand for today shapes the world we build tomorrow.

As algorithms power more of our decisions, we must ensure they’re transparent, fair and aligned with human values. Balancing innovation with resilience means anticipating unintended consequences, protecting stakeholders and driving sustainable outcomes.

Safeguarding data and privacy isn’t merely a technical challenge – it’s a trust imperative that underpins every relationship.

Thank you to the selection committee for recognising the work we’ve done together to build an inclusive, principled and forward-looking learning community.

AI guardrails and governance

Just wrapped up an engaging panel on AI guardrails where we explored the shifting ground beneath enterprise AI adoption.

The best AI governance starts not with controls, but with culture. When people start asking not just ‘Can we do this?’ but ‘Should we?” that’s when you know you’re on the right path.

Secure by Design is a widely understood concept in cybersecurity, it can be extended to Ethics by Design when building and adopting AI capabilities. Ethical considerations should be embedded from the start, with continuous assurance throughout the lifecycle.

AI in the Enterprise: Balancing Innovation and Security

It was great to have a debate on balancing innovation and security keynote panel, where we dug into both the promise and the perils of AI adoption from the CISO and CIO perspectives.

Your biggest AI risks really depend on where and how you’re using it. I recommend reviewing your product roadmap for AI-powered features to anticipate potential gaps.

Map out whether AI is home-grown, vendor-sourced or embedded. When it comes to governance, we can borrow from what we learned with BYOD, cloud and shadow IT. Extend existing security reviews, supply-chain checks and third-party assessments into your AI program. For quick wins, manage it like a SaaS risk: think privacy controls and boundaries around sensitive data.

Championing AI for not‑for‑profits

I’ve completed the train the trainer workshop on AI skills organised by the CyberPeace Institute, equipping me with the knowledge to help not‑for‑profits harness the power of AI for good.

I look forward to supporting not‑for‑profits in building their AI capabilities, from foundational training on responsible use of AI to hands‑on guidance on transforming data into actionable insights.

Navigating the intersection between AI and cybersecurity can be tricky. If you’re looking to elevate your AI skills, or if you’re curious about how AI can amplify your mission, please reach out!