2026 Hack Report: Insights from CyberCX offensive security testing → 

The security innovation paradox: Why most AI initiatives are failing before they start

Secure AI

Published by Brendan Wilkinolls, Technical Director Secure AI on June 26 2026

This blog was originally published as part of CyberCX’s C-Suite Cyber Newsletter series on LinkedIn

 


 

Boards are increasingly asking the CISO one question that is virtually impossible to answer: “are we safe in an AI-enabled world?”

This blog explores why organisations that rush to approve, create and deploy AI systems and tools across their tech stack will often stall at the production decision due to lack of appropriate controls and governance in place.

The more control an organisation has over an AI initiative from a security perspective, the more autonomy it can exercise while maintaining trust, reducing risk exposure and lead to more opportunity and value.

What happened?

CyberCX has observed an uptick in organisations rushing to approve, create and deploy AI systems and tools across their tech stack. Data and AI teams are often being directed by executive leadership to fast-track initiatives. But when deployment outpaces governance readiness, organisations may be introducing unmanaged risk and exposing themselves to vulnerabilities.

While AI initiatives can progress seamlessly through the initial proof-of-concept stage, many stall or fail at the production decision. Most of the time, this stalemate is not caused by the model under-performing. It’s caused by a lack of appropriate controls and governance in place to support the initiative’s use in the organisation.

Read more: Research from IDC found that 88% of AI proof-of-concepts don’t reach widescale deployment.

Importantly, the models themselves aren’t failing, but the architecture or governance decision made or skipped can become the root cause of an incident. Just look at recent, high-profile examples like the Postmark email platform or the EchoLeak vulnerability discovered in Microsoft 365 Copilot.

 


 

Why it matters?

Boards are increasingly asking the CISO one question that is virtually impossible to answer: “are we safe in an AI-enabled world?”

The inability to answer this question is one of the biggest roadblocks to successful AI deployment and introduces two clear risks:

  1. Heavy investment in AI-enabled projects that consume time and budget and fail to progress past the proof-of-concept stage due to unclear scope, undefined value or inadequate controls.
  2. Organisations exposing themselves to critical vulnerabilities that could lead to cyber attacks, by rushing to adopt and deploy new AI systems and tools insecurely.
  3. The reassurance that AI investments will create more value without introducing unmanaged risk is the gap that must be filled in order for AI initiatives to progress.

Controlled AI use creates the conditions for a model to act reliably, predictably, and within authorised, monitored boundaries. This creates the trust required for organisations to scale AI initiatives and realise business value without exposing themselves to critical vulnerabilities.

 


 

How could this impact me and my organisation?

There is no such thing as zero-risk AI. Even the most contained system carries residual risk. However, organisations that deploy an AI agent without controls risk becoming prime targets for a cyber attack.

Consider what open-source developer (and coiner of the phrase ‘prompt injection’) Simon Willison calls the ‘lethal trifecta of capabilities’. That is, allowing access to your private data, exposure to untrusted content, and the ability to externally communicate.

While these three capabilities are reasonable on their own, Willison says that if your agent combines these three, “an attacker can easily trick it into accessing your private data and sending it to that hacker.”

When implemented with incorrect controls and lack of oversight, organisations expose themselves to an expanded attack surface. This can include prompt injection, jailbreaking, model poisoning, cloud infrastructure or supply chain compromise.

These risks can lead to catastrophic impacts at machine speed and cause exposure of sensitive data, unexpected system behaviour, financial loss, compliance breaches and significant system and organisational disruption.

On the other hand, correctly implemented security controls act as the enabler to help lower the residual risk of letting AI act autonomously.

The more control an organisation has over an AI initiative from a security perspective, the more autonomy it can act within while maintaining trust, reducing risk exposure and lead to more opportunity and value.

 


 

What should I do?

Have a clear understanding of what a successful AI-enabled project or product looks like for your organisation, beyond the tool working as it should. Define what outcome is trying to be achieved and what benefit it will provide, like faster service delivery, productivity, or reduced costs. Success requires a structure based on:

  1. Trust: Ask questions like: is the tool reliable? Does it act predictably under pressure and within boundaries? Is it safe to grant data and system access and is it auditable and reversible?
  2. Risk: There is no zero-risk AI. Determine your risk appetite by assessing potential consequences in line with your operational requirements.
  3. Security: The smallest defensible control set is to scope identity and access, implement guardrails and policy enforcement, then continually monitor and evaluate the system, maintaining ongoing data protection and auditability.

Create the right environment to manage the amount of acceptable risk, including additional assessments, policies or platforms. To define this, CISOs should ask questions like: where is AI in my environment? What can these agents access and do, and what’s the potential blast radius? Whose job is this when it goes wrong, and can I prove it to my board?

Introduce progressive guardrails to manage AI risk without stifling innovation. At a minimum, four controls should be implemented slowly, in sequence:

  1. Visibility to know what’s running and why, integration into asset inventories, and maintaining a view of the supply chain that supports it.
  2. Identity and data boundaries such as agentic and other non-human identities, token governance and scoped data reach.
  3. Evaluation gates including behavioural testing against the approved scope before proposed expansion, and full audit logging.
  4. Finally, introduce incremental expanding autonomy of the AI system based on evidence produced from the previous three controls.

 

Share
cta icon

Ready to get started with Secure AI?

Find out how CyberCX can help your organisation securely adopt and scale AI through strategy, governance, access control and training.

Other Cyber Security Resources

cta icon

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.