A New Operational Reality for IT Leaders

As organizations increasingly leverage artificial intelligence, the traditional separation between resilience and data security is becoming untenable. Steve MacIntyre of Fidelity Investments and Wim Geurden of EY recently emphasized this convergence at VeeamON, noting that it’s no longer a future trend but an immediate operational necessity.

AI isn’t creating new vulnerabilities as much as exposing existing ones. MacIntyre recounted how a Microsoft 365 Copilot pilot quickly surfaced outdated presentations and documents employees had created years prior - demonstrating that AI amplifies both productivity gains and previously hidden risks.

The Data Audit Imperative

Geurden echoed this sentiment, noting EY took the step of temporarily restricting unlicensed AI access after similar discoveries. He highlighted that unstructured data repositories often contain vast amounts of outdated or misclassified information - a challenge particularly acute in large organizations with high employee turnover.

The takeaway for CIOs is clear: if you haven’t audited your unstructured data, you likely already have an AI security exposure.

The Escalating Threat Landscape

The urgency extends beyond hypothetical concerns. A recent BCG CISO survey found that 50% of cyberattacks now involve non-human identities - meaning adversaries are actively deploying AI agents to conduct attacks. Additionally, nearly half of business-sponsored AI projects resulted in unintended data leakage.

These incidents underscore a critical risk: as AI adoption outpaces governance frameworks, organizations create new attack surfaces that malicious actors can exploit.

Three Governing Principles for the AI Era:

  1. Know your data foundation: Before deploying any AI application, complete a thorough inventory of where data resides, who owns it, and what access controls are in place.
  2. Establish risk-based governance: Prioritize security efforts based on business impact rather than treating all data equally.
  3. Build adaptive controls: Implement automated processes that can keep pace with the rapid evolution of AI threats.