How 14 Security Leaders Defended a Faster, Noisier, AI-Run Enterprise in Q2

July 7, 2026

Enterprise security spent years optimizing for a slower world in which you could draw a boundary, vet what crossed it, and revisit the decision on a schedule. The security Sages and vendors who shared insights for the Cybersecurity Resource Hub this quarter describe an environment that no longer sits still long enough for that to work. The systems being defended increasingly act on their own, and the ground under every assumption keeps moving.

Read together, their answers cluster around three problems. One is control, since AI now has access to company systems and needs the same owners, identities, and limits as any other privileged user. Another is timing, because an assessment only tells you the truth on the day you run it. The last is focus, since teams are finding far more vulnerabilities than they can act on and have to sort out which threats truly apply to them.

1. Governing AI Once It's Inside the Enterprise

AI has quietly acquired access inside most enterprises, and governance has not caught up. Maor Saubron (Global CISO Sage) frames it as an identity problem. Organizations are giving autonomous agents access to data, workflows, and code with inherited permissions and unclear accountability. His fix is to treat every agent like a managed identity, with a business owner, a defined purpose, least-privilege access, and an offboarding path, or it becomes shadow access at machine speed.

Viswanath Chirravuri (AI Security Governance Sage) argues against treating this as a brand new discipline. Securing AI, in his view, raises the same questions application security always has: Can you trust the input? Is access scoped? Can you prove where something came from? The only new variable is that the system no longer behaves the same way every time.

That unpredictability is what concerns Paolo del Mundo (AppSec Director Sage) about coding agents. He contends the real risk is not whether these tools write secure code but what they can do inside a developer environment, from reading secrets to following malicious instructions hidden in a file, which is why he wants a control layer between the agent and its environment at runtime.

Kevin Magee (CTO Sage) carries the runtime argument into customer-facing AI. Building a demo is the easy part; running it safely in production is the discipline, because model and prompt changes shift behavior in ways no release test predicts. His answer is continuous monitoring rather than fire-and-forget, combining aggressive automation with humans in the loop for judgment.

The same technology can also work for defenders. Greg Martin (Co-Founder & CEO at Ghost Security) sees agentic automation as the security operations center's next operating model, not to replace analysts but to clear the repetitive drag that keeps them from higher-judgment work, with humans retaining accountability as agents move teams from detection to resolution.

Beneath all of it sits data. Matthew Mudry (CISO Sage) argues that AI should solve a real business problem rather than answer a fear of falling behind, and warns that it mostly surfaces problems that already exist, such as overly broad access and weak data classification, which grow far more dangerous once a system can search and summarize everything at once.

2. Trading Point-in-Time Checks for Continuous Verification

A questionnaire, a scan, and an annual review each capture a single moment, and the picture they paint is out of date almost immediately. Matt Hillary (SVP of Security & CISO at Drata) makes the case for vendor risk, observing that a vendor can pass your assessment today and add an AI feature, change their own key vendors, or repurpose a workflow tomorrow, none of which surfaces until the next review. He favors continuous monitoring that turns periodic trust into verified, ongoing trust.

Bob Maley (CSO at Black Kite) puts a number on the stakes. Vendors take close to four months on average to disclose a breach, and a breach at your most-connected supplier cascades to everyone downstream. Rather than wait for a notification that may come too late, programs need to detect compromise themselves.

The same logic runs inside the organization. Sawan Joshi (CISO Sage) points out that pushing a patch is only the start. Mature vulnerability management confirms the patch reached a healthy state and tracks how long a vulnerability lingers, treating the work as a continuous improvement loop.

Harshal Mehta (VP of Security Sage) draws the same line between activity and outcome. He argues that finding vulnerabilities was never the hard part. What matters is the shift from counting findings to continuously prioritizing by business exposure, backed by governance and executive ownership.

3. Prioritizing Real-World Threats Over Noise

Running underneath the quarter's tooling debates is a blunter question: of all the threats in the feed, which ones are yours? Steven Gerry (VP of Sales at Tidal Cyber) argues that as AI-assisted discovery floods teams with more vulnerabilities than they can triage, severity scores and high-level technique mappings fall short. What reduces risk is a threat-led approach built on the specific procedures adversaries use in the field.

Scott Applegate (Global Security Director Sage) makes a related case from the legal sector. Law firms are targeted by specific, named threat groups, yet many still treat threat intelligence as a luxury. Knowing who is coming for your sector, and hunting for their tactics in your own environment, is what separates defending against attacks in general from defending against the adversary who has already chosen you.

Scott McCrady (CEO at SolCyber) reframes real-world impact as literal, physical harm. Breach notifications fixate on payment cards while treating home addresses as lower-tier data, but an address cannot be reissued like a credential, and digital breaches increasingly lead to coercion at people's doors. His guidance is to weigh data by real-world impact, default to deletion, and write breach notices that inform rather than reassure.

Aaron Rice (Founder & Former CIO Sage) applies the same realism to AI policy. People will use the tools they find useful regardless of policy, which is how sensitive data ends up in personal accounts and embedded AI features no one is monitoring. The realistic move is a permissive policy with guardrails that meets people where they already work.

Bottom Line

The autonomous agent, the third-party vendor, and the unpatched server are different problems, but these experts’ responses look similar: govern the AI you deploy, verify continuously instead of occasionally, and focus on the threats that are real rather than the ones a scanner ranks highest.

Explore all perspectives in the Cybersecurity Resource Hub.

Meet These Sages & Vendors on Sagetap
Get Started
Continue Reading
Access the entire report with exclusive data and actionable insights from your peers.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get Started

Join over 4,000+ startups already growing with Sagetap.