"Security organizations are better able to secure the enterprises they defend when they are given a chance to act strategically, rather than react tactically. When it comes to application security, that necessitates involving the security team and building in security much earlier in the software development lifecycle."
"In recent years, most security practitioners have been watching the AI hype cycle very carefully. Indeed, the explosion of AI onto the scene brought with it many unresolved questions around governance, risk, and compliance. While security practitioners considered these questions strategically and carefully, they were left wondering why, if AI was such a hot topic, they weren't seeing it affect their lives very much operationally."
"Unfortunately, as we are very well accustomed to in the security field, security seems to have been an afterthought in many instances. While there are exceptions, in many enterprises, security was not in the loop with application owners, development teams, and others that were experimenting with AI use cases."
"Not surprisingly, when some of these AI use cases showed value, enterprises began moving those AI use cases to production. This phase has been happening more in recent months than it had previously, and not surprisingly, the security team has often not been in the loop."
Surprise questions and remarks lead to reactive, tactical responses that often produce poor results. A similar security lesson applies to enterprises defending against threats. Security organizations secure better when they can act strategically rather than react tactically. For application security, this requires involving security teams and building security earlier in the software development lifecycle. AI adoption has raised governance, risk, and compliance questions, but operational impact lagged because security was often treated as an afterthought. Many enterprises experimented with AI use cases without including security teams alongside application owners and development teams. When AI use cases proved valuable, they moved to production, frequently without security involvement, creating avoidable surprise and suboptimal outcomes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]