Across conversations with security leaders featured in Feats of Strength, one thing is clear: artificial intelligence is no longer a future consideration. It is actively reshaping how organizations operate and how risk is introduced.
But while AI is the catalyst, the story is not about technology alone. It is about leadership. It is about how security leaders are adapting to a faster, more complex environment while still maintaining control and trust.
There is also a noticeable shift in how these leaders talk about their role. The conversation has moved beyond tools and threats. It is now centered on decision making, prioritization, and how to guide an organization through change that is happening faster than most teams are built to handle.
The following themes reflect what leaders are experiencing today. Not in theory, but in practice.
AI Is Now a Core Security Priority
AI has moved beyond experimentation. It is now embedded in how organizations build and compete.
Security leaders are no longer asking if AI will impact their programs. They are managing that impact in real time, often while the business is already moving ahead.
At Paychex, Bradley Schaufenbuel describes the urgency clearly. “Most businesses see its adoption as essential to their survival,” he says on page 9 of the April 2026 Feats of Strength Magazine, “Non-adoption or slow adoption of AI is seen as an existential threat.”
This shift is forcing a change in how priorities are set. AI is not replacing other risks, but it is influencing how they are evaluated. Leaders are looking at how AI intersects with existing programs, from data protection to third party risk, and adjusting accordingly.
In many cases, AI is also becoming a forcing function. It exposes gaps that may have existed for years but were not as visible. Data classification, access control, and visibility into usage patterns all become more urgent when AI is introduced.
The role of the CISO is evolving alongside this shift. AI is not a project to evaluate. It is a capability that must be enabled and secured at the same time. That requires a different mindset, one that is comfortable operating without complete information and making decisions as conditions change.
AI Is Already Scaling Security Operations
While much of the conversation around AI focuses on risk, leaders are already using it to improve how security operates.
The most immediate impact is scale. AI allows teams to handle increasing workloads without adding headcount, while also improving speed and decision making.
At Paychex, AI is already embedded in operations. “We are using AI agents to automate alert triage, alert data enrichment, and investigative processes in our security operations center,” Bradley explains on page 8.
At Fortitude Re, Elliott Franklin has taken a similar approach. “We have implemented over 100 automated responses and playbooks,” he says on page 12.
For Jacob Combs at Tandem Diabetes Care, the value goes beyond automation alone. “Automation has always been here, but now we have context,” he explains on page 16.
This shift toward context driven automation is critical. It allows teams to prioritize faster and reduce noise so they can focus on what matters most.
It is also changing expectations. What once required multiple analysts and several hours can now happen in minutes. That creates a new baseline for performance. Leaders are not just asking how to improve efficiency. They are asking how to redesign workflows entirely.
There is also a cultural shift that comes with this. Teams must learn to trust automation while still maintaining oversight. That balance is not always easy, especially in environments where accountability is high and the cost of mistakes is significant.
The leaders who are making progress are the ones who are treating AI as an extension of their team, not as a replacement. They are defining where automation adds value and where human judgment remains essential.
Governance Is Becoming an Ongoing Discipline
As adoption accelerates, governance is no longer a theoretical framework. It is becoming an active discipline that must keep pace with the business.
Leaders are building structures that can evolve alongside how AI is used across the organization.
At Paychex, this takes the form of a formal governance body. “We assembled an AI Governance Council that includes all lines of defense,” Bradley explains on page 9.
Jacob Combs reinforces that governance is not static. “You can’t just set it and forget it,” he says on page 16. “You must manage it into the long term to make sure it’s still functioning and not drifting.”
At NETSCOUT, Deb Briggs highlights the reality of keeping pace. “There is an AI governance committee,” she says on page 11, pointing to how quickly these efforts must evolve.
What is changing is not just the presence of governance, but how it is applied. Instead of acting as a checkpoint, governance is becoming part of the workflow. It must operate at the same speed as the business, which requires clarity and simplicity.
Leaders are also recognizing that governance is not just about policy. It is about visibility and accountability. Understanding where AI is being used, what data it is accessing, and who is responsible for it becomes essential.
In many organizations, this is still a work in progress. The pace of adoption often outstrips the ability to govern it. That gap is where risk begins to accumulate.
The Business Is Moving Faster Than Ever
One of the most consistent themes across leaders is the pace at which the business is moving.
AI has lowered the barrier to entry for innovation. Development cycles are faster, and new capabilities are being introduced at scale.
At Accela, Fred Bret-Mounet sees this firsthand. “We are getting flooded with new business ideas, new solutions, new internal tools,” he says on page 14.
Elliott Franklin captures the pressure this creates. “Many businesses want everything immediately,” he says on page 12.
This acceleration is not limited to one part of the organization. It is happening across development, operations, and even business units that previously had limited technical involvement.
For security leaders, this creates a fundamental shift. They are no longer reviewing decisions after they are made. They are being asked to participate in them as they happen.
This requires a different approach to engagement. It is less about enforcement and more about partnership. Leaders must understand the business context, provide guidance quickly, and help teams move forward without unnecessary friction.
The challenge is that speed and control are often in tension. Moving too slowly can create frustration and lead to workarounds. Moving too quickly can introduce risk that is difficult to unwind.
Navigating that tension is becoming one of the defining responsibilities of the modern security leader.
AI Risk Is Rooted in Data and Identity
While AI introduces new capabilities, the underlying risks are familiar. They are rooted in data and identity.
As AI systems access and process information at scale, controlling how data is used and who has access becomes critical.
Elliott Franklin reinforces this focus. “Identity and access management is an important area to focus on,” he says on page 13.
Jacob Combs highlights the speed of the challenge. “As this data starts flying around at superhuman speeds, how are we going to make sure that we’re not losing anything or sending anything out inappropriately?” he asks on page 17.
What is changing is not the nature of the problem, but the scale. AI increases the volume of data being processed and the number of systems interacting with it.
It also introduces new forms of identity. Machine identities, service accounts, and API driven interactions all expand the attack surface. Managing these identities becomes just as important as managing human users.
Leaders are focusing on visibility. They want to know where data is going, how it is being used, and what controls are in place. Without that visibility, it becomes difficult to manage risk effectively.
This is where foundational security practices become critical. Data classification, access control, and monitoring are not new concepts, but they take on new importance in an AI-driven environment.
Human Risk Is Expanding as the Threat Landscape Accelerates
AI is changing both sides of the security equation. It is making attackers more effective while increasing pressure on defenders.
At Paychex, Bradley describes the shift clearly. “Attackers are already leveraging AI to automate their attacks and improve the sophistication of those attacks,” he says on page 8.
“AI is also being leveraged to generate deepfakes that are driving up the success rate of phishing and social engineering techniques,” he explains.
Kathryn Burgner brings it back to people. “It lowers those barriers,” she says on page 18.
What this creates is a more dynamic threat environment. Attacks can be generated faster and at greater scale. They can also be more convincing, making it harder for individuals to detect them.
At the same time, defenders are using AI to improve detection and response. Automation helps reduce response times and allows teams to handle more incidents.
The challenge is that both sides are improving at the same time. This creates a constant race, where the advantage is not fixed.
As a result, leaders are placing more emphasis on human behavior. Training, awareness, and making secure actions easier are becoming critical parts of the strategy.
Human risk is no longer a secondary concern. It is central to how organizations think about security.
Security Teams Are Evolving, Not Shrinking
Despite concerns about automation, leaders are not reducing their teams. They are redefining how work gets done.
AI is taking on repetitive tasks and lower value work, allowing security professionals to focus on higher impact areas.
At Everpure, Rick Orloff puts it simply. “If AI is replacing my folks, I have them doing the wrong job,” he says on page 21.
Roland Cloutier highlights the shift in structure. “How do I reduce the number of people in my SOC by letting tier one and tier two work be done by AI?” he asks on page 23.
At NETSCOUT, Deb Briggs reinforces the intent. “Rather than replacing analysts, the goal is to augment and upskill them,” she says on page 10.
This evolution is not just about tools. It is about how teams are organized and how work is defined.
Entry level roles may change, and certain tasks may disappear, but the need for skilled professionals remains. In many cases, it becomes even more important.
Leaders are investing in their teams, helping them build new skills and adapt to changing expectations. The focus is on growth, not reduction.
This reflects a broader shift in the industry. Security is becoming more strategic, and the people within it must evolve accordingly.
What Comes Next
Before looking ahead, the patterns across leaders are clear:
-
AI is already embedded in how organizations operate
-
The business is moving faster, and security is expected to keep pace
-
Risk is centered on data, identity, and human behavior
-
Governance must evolve alongside adoption
-
Security teams are being redefined, not reduced
These are not isolated trends. They are interconnected shifts that are redefining how security programs are built and led.
Across all of these themes, one thing stands out. AI is accelerating everything, but leadership is what determines the outcome.
The leaders who are succeeding are not the ones who have all the answers. They are building programs that can adapt and teams that can evolve. They are comfortable operating in environments where the pace is high and the direction is not always clear.
At Fortitude Re, Elliott Franklin captures this mindset. “We cannot say no. Instead, the focus is on helping the business move forward safely by establishing clear guardrails and frameworks,” he says on page 13.
That shift, from control to guidance, is defining the next generation of security leadership.
Looking ahead, the priorities are becoming more concrete. Leaders are focusing on strengthening the foundations that will allow AI to scale safely. This includes improving visibility into data, tightening identity controls, and making governance part of how work gets done rather than a separate process.
There is also a growing recognition that speed will not slow down. If anything, it will increase. That means security programs must be designed to operate under pressure. They must be able to respond quickly, make decisions with limited information, and adjust as conditions change.
At the same time, the human element cannot be overlooked. As AI becomes more embedded, the role of people becomes more important, not less. Communication, trust, and clarity will continue to shape how effectively organizations navigate this shift.
The future of security will not be defined by technology alone. It will be shaped by leaders who can translate complexity into action and guide their organizations through uncertainty.
And the organizations that succeed will not be the ones that move the fastest or the safest.
They will be the ones that can do both.
Subscribe
Stay up to date with cyber security trends and more