Artificial Intelligence (AI) is rapidly transforming the cybersecurity landscape, offering innovative solutions to complex challenges. However, this innovation raises critical questions: 

• How should we approach AI governance to ensure responsible use and minimize harm? 
• Is AI making it impossible to balance innovation and confidentiality?

At Swimlane, we’re committed to driving cutting-edge, forward-thinking innovation that’s both secure and impactful for your organization. We pair this with transparency to help the organizations cut through the noise and make informed decisions.

We recently partnered with Sapio Research to survey 500 cybersecurity leaders across the US and the UK to explore the ongoing debate around AI governance. The findings reveal a split in opinion on who should be responsible for overseeing AI, highlighting key perspectives on government and vendor accountability.

While our research provides valuable insights, there’s something uniquely powerful about the unfiltered perspectives of past and present chief information security officers (CISOs). In a recent webinar, AI Reality Check: CISOs Unpack its Role in Cybersecurity, TAG Cyber CEO and former AT&T CISO Ed Amoroso joined Swimlane CISO Michael Lyborg for an in-depth discussion on the research findings and the state of AI in cybersecurity.

This blog is the first in a three-part series summarizing both the research data and the expert perspectives shared during the webinar. Continue reading to explore the key findings, and download the full report for a deeper dive: Is AI Living Up to Its Cybersecurity Promises?

Key AI Research Findings

The Policy and Practice Paradox 

While 70% of organizations have protocols in place for data sharing with public Large Language Models (LLMs), 74% are aware of employees inputting sensitive data into these models. This indicates a gap between policy and practice.

The AI Hype Cycle: Fatigue and Adoption 

Amid growing AI fatigue and skepticism, the demand for AI and machine learning (ML) expertise continues to shape workforce priorities.

• 76% of respondents believe the current AI market is saturated with hype
• 55% of respondents expressed fatigue from the constant focus on AI

However, a counterpoint is 85% of respondents who acknowledge that AI and ML experience influences their hiring decisions. This suggests that despite the hype, AI skills are increasingly valued in the workforce.

Is AI just overhyped, or is it truly driving growth? While the question remains up for debate, our recent webinar revealed insights from current and former CISOs and delved deep into this topic. 

In AI Reality Check: CISOs Unpack Its Role in Cybersecurity, Swimlane CISO Mike Lyborg and Tag Cyber CEO Ed Amoroso agreed that AI provides tangible solutions today. However, they emphasized that vendors who oversaturate their messaging with AI, without demonstrating real-world use cases, only contribute to the noise, making it harder for security leaders and buyers to cut through. 

If you’re finding it difficult to navigate the overwhelming jargon of the AI industry, this blog on the 8 essential questions to ask AI security vendors will help you cut through the noise and make more informed decisions.

The AI Governance Debate 

Our research report also explores the key issue of AI governance, highlighting a divided perspective: 

• Limited Government Role: Only 28% of respondents believe the government should have primary responsibility for AI governance.
• Vendor Responsibility: Nearly half (46%) believe the companies developing AI should be primarily responsible for the consequences when AI systems cause harm.

To make sense of this divided landscape, we asked our CISO experts for their real-world perspectives. Here’s a recap of what they had to say. 

• Organic Governance: Both Amoroso and Lyborg emphasize the need for organic AI governance that evolves alongside the technology itself. They caution against heavy-handed government intervention.
• Individual Responsibility: While acknowledging the role of vendors and organizations, the CISO’s stressed the importance of individual responsibility in using AI tools ethically and responsibly.

Tips and Takeaways for CISOs in the Age of AI 

Both the research data and real-world expert perspectives highlight the need for a balanced approach to AI in cybersecurity. While AI offers immense potential for innovation, organizations must proactively address the risks to confidentiality. This involves:

• Clear Policies and Training: Establishing and enforcing clear policies around AI use, coupled with comprehensive employee training, is essential.
• Focus on Value: Cutting through the AI hype and focusing on solutions that deliver real value is crucial.
• Collaborative Governance: A collaborative approach to governance, involving government agencies, vendors, and individual users, is necessary to navigate the complex landscape of AI and ensure its responsible and ethical use.

AI is not a panacea for all cybersecurity challenges. However, with thoughtful governance and a focus on balancing innovation and confidentiality, it can be a powerful tool for enhancing security postures.Remember, the key is to harness the power of AI while mitigating its risks, ensuring that innovation doesn’t come at the cost of confidentiality.