Weekly news roundup: Siri AI, Salesforce layoffs, xAI lawsuit and Anthropic expands Mythos access

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Mon, 15 Jun 2026 06:30:07 GMT https://www.techtarget.com/searchcio editor@techtarget.com <p>This week in tech was defined by a wave of AI-driven restructuring and escalating industry tension, as Salesforce laid off more staff, xAI faced a lawsuit over AI safety and Oracle was hit with fresh breach. Meanwhile, Anthropic moved to expand access to its Mythos system through a guarded public release and Apple pushed deeper into the AI race with a major Siri overhaul.</p> <p>Here's what you need to know from the week starting June 8, plus the latest updates in IPOs and executive leadership.</p> <section class="section main-article-chapter" data-menu-title="Apple unveils new Siri AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Apple unveils new Siri AI</h2> <p>This week, Apple unveiled Siri AI, a redesign of its voice assistant, at its Worldwide Developers.</p> <p>According to a <a href="https://www.apple.com/uk/newsroom/2026/06/apple-introduces-siri-ai-a-profoundly-more-capable-and-personal-assistant/">blog post</a> by Apple, the new Siri AI will be a “profoundly more capable and conversational assistant with personal context understanding, broad world knowledge, and onscreen awareness.” The new assistant can carry out multi-step requests, understand information across apps, analize images and access real-time information from the web, according to the company.</p> <p>Apple is positioning the <a href="https://www.techtarget.com/searchmobilecomputing/definition/Siri">Siri</a> upgrade as the next phase of its Apple Intelligence strategy and a direct response to growing competition from OpenAI, Google, Anthropic and Microsoft.</p> </section> <section class="section main-article-chapter" data-menu-title="Salesforce cuts staff"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Salesforce cuts staff</h2> <p>On 8 June, Salesforce announced a further round of <a href="https://www.techtarget.com/whatis/feature/Tech-sector-layoffs-explained-What-you-need-to-know">layoffs</a>, with 86 employees affected. Many of those impacted were members of the Agentforce team, the company's flagship artificial intelligence platform.</p> <p>The cuts mark Salesforce's second round of layoffs in 2026, following the elimination of approximately 1,000 roles in January as part of a wider restructuring effort.</p> </section> <section class="section main-article-chapter" data-menu-title="Anthropic announces public version of Mythos AI model"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Anthropic announces public version of Mythos AI model</h2> <p>Anthropic launched Claude Fable 5, the first publicly accessible version of its highly capable Mythos AI system, but with specific guardrails in place.</p> <p>The first versions of Mythos were restricted to government agencies and a number of cybersecurity organizations due to concerns about its advanced capabilities.</p> <p>In order to secure Claude Fable 5, the company ran over 1000 hours of jailbreak testing.</p> <p>Claude Fable 5 has been designed with several capabilities, including: </p> <ul class="default-list"> <li>Advanced coding assistance.</li> <li>Software engineering workflows.</li> <li>Cybersecurity defense work.</li> <li>Research and analysis.</li> <li>Long-form task execution.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="xAI faces lawsuit over AI safety concerns"> <h2 class="section-title"><i class="icon" data-icon="1"></i>xAI faces lawsuit over AI safety concerns</h2> <p>Elon Musk's AI company, xAI, is facing a lawsuit from former engineer Devin Kim, who alleges he was dismissed after raising concerns about AI safety.</p> <p>The lawsuit claims that Kim voiced concerns about issues including discrimination, misuse and broader risks linked to advanced AI systems before being terminated. According to the lawsuit, Kim voiced his concerns while working on Grok, xAI’s chatbot. The lawsuit does not directly target Elon Musk, but instead focuses on Kim’s ex-supervisor, Jimmy Ba.</p> <p>Kim is seeking compensation and a court declaration that the conduct of xAI and SpaceX was unlawful.</p> </section> <section class="section main-article-chapter" data-menu-title="ShinyHunters claim Oracle breach"> <h2 class="section-title"><i class="icon" data-icon="1"></i>ShinyHunters claim Oracle breach </h2> <p>Cybercriminal group ShinyHunters claimed responsibility for a breach involving Oracle PeopleSoft servers, alleging that it accessed and stole sensitive customer information.</p> <p>PeopleSoft is an enterprise HR software thatmanages payroll, admin and other HR operations.</p> <p>The breach is said to have mainly impacted universities, with hackers claiming to have stolen student record data.</p> </section> <section class="section main-article-chapter" data-menu-title="Investors rush into historic SpaceX IPO"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Investors rush into historic SpaceX IPO </h2> <p>Investor enthusiasm surrounding SpaceX has reached unprecedented levels, with reports indicating that retail demand for the company's initial public offering has exceeded $70 billion.</p> <p>The surge in demand reflects both SpaceX’s dominant position in the market and the broader excitement around the company’s future. If the listing proceeds at this level of demand, it is likely to set a significant benchmark for future tech IPOs and could reshape expectations around valuation in the private space and deep-tech sectors.</p> </section> <section class="section main-article-chapter" data-menu-title="Iran-backed hackers threaten the World Cup"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Iran-backed hackers threaten the World Cup</h2> <p>On Friday, an Iran-linked hacking group known as Handala claimed that it had gained access to FBI surveillance drones, according to SITE Intelligence Group, a cybersecurity monitoring group. The drones could be used to threaten the 2026 World Cup.</p> <p>Handala said that it has had access to footage and data collected by the FBI's first-person view (FPV) drones "for months," according to SITE. The hackers claim that the World Cup could be under threat.</p> <p>In a statement cited by SITE, the group said: “Better tighten your World Cup security, we don’t like some of those teams at all. Don’t forget: FPVs are everywhere; you never know when one might end up right in your team’s bus.”</p> <p>The FBI is using drones around the stadiums hosting World Cup matches as part of security operations that prevent unauthorized aircraft activity.</p> </section> <section class="section main-article-chapter" data-menu-title="Executive moves"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Executive moves </h2> <ul class="default-list"> <li><b>Kemal Cetin.</b> Mars<b> </b>appointed Kemal Cetin as its new global chief digital and information officer, effective August 3. Cetin is currently chief business and digital solutions officer at global dairy company FrieslandCampina.</li> <li><b>Paul Colangelo.</b> Casepoint, a legal technology company, appointed Paul Colangelo as its new chief executive officer. Colangelo was previously founder and CEO of Neumo, a government software development firm.</li> <li><b>Sarang Fegde.</b> On June 10, Podean appointed former Amazon executive, Sarang Fegde, as chief technology officer. Fegde will also sit as a member of the company’s board of directors.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="IPO watch"> <h2 class="section-title"><i class="icon" data-icon="1"></i>IPO watch</h2> <p>The U.S. IPO market remains a key indicator of broader tech sentiment. Here's a look at the latest listings and activity from the past week, based on data from the Nasdaq IPO calendar:</p> <h3>Ocean Capital Acquisition Corp.</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Opening/trading day: June 9.</li> <li>IPO price: $10/share.</li> </ul> <h3>WhiteHawk Minerals Corp.</h3> <ul class="default-list"> <li>A natural gas mineral and royalty company.</li> <li>Opening/trading day: June 9.</li> <li>IPO price: $26/share.</li> </ul> <h3>Eloxx Pharmaceuticals, Inc.</h3> <ul class="default-list"> <li>A clinical-stage biopharmaceutical company.</li> <li>Opening/trading day: June 9.</li> <li>IPO price: $11/share.</li> </ul> <h3>Snow Rothschild Acquisition Corp.</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Opening/trading day: June 9.</li> <li>IPO price: $10/share.</li> </ul> <h3>Parabilis Medicines, Inc.</h3> <ul class="default-list"> <li>A clinical-stage biopharmaceutical company.</li> <li>Opening/trading day: June 10.</li> <li>IPO price: $20/share.</li> </ul> <h3>JAB Acquisition Corp I</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Opening/trading day: June 10.</li> <li>IPO price: $10/share.</li> </ul> <h3>ERock, Inc.</h3> <ul class="default-list"> <li>A power generation systems company.</li> <li>Expected opening/trading day: June 10.</li> <li>IPO price: $21.50/share.</li> </ul> <h3>RMG ML Sports Holdings</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Opening/trading day: June 10.</li> <li>IPO price: $10/share.</li> </ul> <h3>Forbright, Inc.</h3> <ul class="default-list"> <li>A financial services platform.</li> <li>Expected opening/trading day: June 11.</li> <li>IPO price: $18-20/share.</li> </ul> <h3>Space Exploration Technologies Corp.</h3> <ul class="default-list"> <li>An aerospace manufacturer, transport and satellite communications company.</li> <li>Expected opening/trading day: June 12.</li> <li>IPO price: $135/share. </li> </ul> <p><i>Rosa Heaton is a content manager and writer for the IT Strategy team at TechTarget.</i></p> </section> Stay up to date with the latest U.S. tech news, IPOs and executive moves shaping the industry each week. https://cdn.ttgtmedia.com/rms/onlineimages/maze_g467037520.jpg https://www.techtarget.com/searchcio/feature/Weekly-news-roundup-Siri-AI-Salesforce-layoffs-xAI-lawsuit-and-Anthropic-expands-Mythos-access Fri, 12 Jun 2026 11:01:00 GMT Weekly news roundup: Siri AI, Salesforce layoffs, xAI lawsuit and Anthropic expands Mythos access <div> <p paraeid="{7cd1bbed-e797-43f3-aab5-5e16a3bbf650}{125}" paraid="38"><span xml:lang="EN-US" data-contrast="auto">At the end of May, just 20 of the S&P 500 members closed at a record. Thirteen of these stocks were directly linked to AI. This is </span><span xml:lang="EN" data-contrast="auto"></span><a rel="noreferrer noopener" target="_blank" href="https://www.cnbc.com/2026/06/01/the-stock-market-just-did-something-eerily-similar-to-the-dotcom-bubble-top-in-2000.html"><span xml:lang="EN-US" data-contrast="none">strikingly similar</span></a><span xml:lang="EN-US" data-contrast="auto"> to March 2000, when, </span><span xml:lang="EN-US" data-contrast="auto">strangely</span><span xml:lang="EN-US" data-contrast="auto">, 20 stocks also hit new </span><span xml:lang="EN-US" data-contrast="auto">highs</span><span xml:lang="EN-US" data-contrast="auto"> and the dotcom bubble reached its peak. </span><span xml:lang="EN-US" data-contrast="auto"></span><span data-ccp-props="{"335559739":200}"> </span></p> </div> <div> <p paraeid="{7cd1bbed-e797-43f3-aab5-5e16a3bbf650}{147}" paraid="39"><span xml:lang="EN" data-contrast="auto">Could this similarity signal the impending end of an AI bubble that could prompt a fresh start for some AI technology companies?</span><span xml:lang="EN" data-contrast="auto"></span><span data-ccp-props="{"335559739":200}"> </span></p> </div> <p>AI technology has captured the attention of consumers and investors alike due to its rapid innovation and potential for profit, resulting in a surge of <a href="https://www.techtarget.com/whatis/feature/AI-content-generators-to-explore">AI tools</a> flooding the market. But, despite a wave of innovation, few initiatives made it past the development phase. This was because they were built on fragmented tools and were too disconnected from business goals, according to Juan Jose Lopez Murphy, head of data science at Globant.</p> <p>The situation made some investors uncomfortable.</p> <p>"The frustration we experience, which some call deflation, is fatigue from too many models and too little strategy," Lopez Murphy said. "Instead of investors and executives pulling back completely, we are starting to see a shift of focus from volume to value."</p> <p>Investors are now looking for projects that deliver measurable outcomes that are sustainable across teams and systems, resulting in a more disciplined market, he said.</p> <p>The big difference between what's happening now and <a href="https://www.techtarget.com/searchcio/feature/The-AI-hype-bubble-might-parallel-the-dot-com-era-bust">previous investment bubbles</a> is that AI technology is real in terms of actual value that it brings, said Matt Hasan, PhD and CEO of aiRESULTS Inc. As an AI strategist and an economist, Hasan said he looks at the market through two lenses -- the technology and the money chasing it.</p> <p>Unrealistic expectations have led to overinvestment in <a href="https://www.techtarget.com/searchenterpriseai/definition/generative-AI">generative AI</a>, and according to an MIT <a href="https://mlq.ai/media/quarterly_decks/v0.1_State_of_AI_in_Business_2025_Report.pdf">report</a>, 95% of organizations are experiencing zero return. Investment is currently outpacing value.</p> <p>"The risk comes from how fast investors have piled in," Hasan said. "Money is flowing into data centers, chips and startups a lot faster than real adoption can keep up. The hype is moving ahead of actual business value."</p> <p>Three critical factors differentiate this bubble from others, according to Jonathan Bittner, CEO of Dimensional Analytics. Those ways include the following:</p> <ul class="default-list"> <li><b>Circular financing.</b> Major players in the AI industry are investing in each other, creating the illusion of economic activity. Bittner cites the example of Nvidia investing $100 billion in OpenAI, which buys Nvidia chips, while Oracle buys Nvidia chips for OpenAI centers.</li> <li><b>Profitability timeline.</b> Many startups lose money initially, but they have a plan for achieving profitability. OpenAI is losing $12 billion per quarter and expects $44 billion more in losses through 2029. Bittner said. "They're spending $2.25 to make $1. No dot-com company survived with that kind of burn rate."</li> <li><b>National security framing.</b> AI companies are embedding themselves in defense contracts, which could potentially lead to a bailout request, Bittner said.</li> </ul> <section class="section main-article-chapter" data-menu-title="Early indicators of a bubble deflation"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Early indicators of a bubble deflation</h2> <p>Forrester <a href="https://investor.forrester.com/news-releases/news-release-details/forresters-2026-technology-security-predictions-ais-hype-fades-0/#:~:text=LONDON%20%2D%2D(BUSINESS%20WIRE)%2D%2D,and%20smart%20manufacturing%20and%20mobility.">predicted</a> an AI market correction in 2026 as organizations grapple with the ever-widening gap between inflated vendor promises and actual value delivered. With fewer than one-third of decision-makers able to tie the value of AI to their organization's financial growth, CEOs will rely on CFOs to approve AI investments based on ROI in 2026, according to the report.</p> <p>"In 2026, the AI hype period ends as the pressure to deliver real, measurable results from secure AI initiative intensifies," Sharyn Leaver, chief research officer at Forrester, said in a <a href="https://www.forrester.com/press-newsroom/forrester-tech-security-2026-predictions/">report</a>. "As the era of volatility continues, tech and security leaders will be called upon to recalibrate investments under tighter financial scrutiny and governance while navigating increasingly complex geopolitical and economic risks."</p> <p>Hasan has seen some deflation as venture funding cools off, valuations level out and companies realize that promised gains are taking longer to show up.</p> <p>"That's not collapse -- that's a pause to catch our breath," Hasan said.</p> <p>More red flags are visible if you look deeper, Bittner said, including the following:</p> <ul class="default-list"> <li><b>Economic dependency.</b> Without AI investment, economists suggest we may already be in a recession, Bittner said. Manufacturing has contracted for seven straight months.</li> <li><b>Infrastructure bottlenecks.</b> The country is projected to face a 35 GW electricity shortfall by 2028, Bittner said. Data centers need 57 GW but only 21 GW will be available. "Most new data centers in the internet hub of Ashburn, Va., are being powered by natural gas generators because the electricity supply doesn't even have a date to catch up," Bittner said. "This isn't a temporary <a href="https://www.informationweek.com/machine-learning-ai/breaking-through-the-ai-bottlenecks">bottleneck</a>. It's physics."</li> <li><b>Public sentiment shifts.</b> Consumer confidence has reached its lowest point since 1997, and AI is not showing the promised ROI returns. "Public perception matters a lot," Hasan said. "When excitement outpaces results, people start to question whether AI is really improving their work or their lives. Once that doubt creeps in, the emotional fuel behind the boom starts to fade."</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What a burst could mean for businesses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What a burst could mean for businesses</h2> <p>A bubble burst won't kill AI, just the unrealistic expectations surrounding it, Hasan said. He believes that companies focused on solving real problems will emerge stronger.</p> <p>Bittner shares Hasan's optimistic outlook. He said the burst itself would hit organizations in three waves, including the following:</p> <ul class="default-list"> <li><b>Wave 1.</b> There will be layoffs at AI companies, including many AI startups. "We're talking tens of thousands of highly paid engineers suddenly on the market," Bittner said.</li> <li><b>Wave 2.</b> Bittner said 56% of companies are missing AI cost projections by 11% to 25% and one in four are missing by more than 50%. When CFOs demand results, entire AI divisions will get cut, Bittner said.</li> <li><b>Wave 3.</b> Real innovation accelerates. <a href="https://www.techtarget.com/searchcio/feature/The-AI-plateau-What-smart-CIOs-will-do-when-the-hype-cools">True builders will survive the crash</a> and start solving actual problems with appropriate technology, Bittner said. He points to companies such as Google, Amazon, and PayPal, which strengthened after the dot-com crash because they had solid business models. He believes the same will happen with AI.</li> </ul> <p>"The <a href="https://www.techtarget.com/searchenterpriseai/feature/Is-the-AI-bubble-about-to-burst-or-is-it-recalibrating">AI bubble</a> burst could mark the beginning of a healthier, more focused innovation cycle for AI. Enterprises may start consolidating budgets for projects or slow down hypothetical projects," Lopez Murphy said. "This period doesn't mean that innovation is stopping altogether but rather showing maturity in prioritizing projects."</p> <p>He believes that emphasis will shift to building frameworks that will last in the long term.</p> </section> <section class="section main-article-chapter" data-menu-title="How CIOs can adapt and protect their organization"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How CIOs can adapt and protect their organization</h2> <p>As the threat of an AI bubble burst looms closer, industry leaders will have to see through the hype and focus on AI technology that solves tangible business problems. Hasan advises leaders to stay grounded, tie <a href="https://www.techtarget.com/searchenterpriseai/tip/How-to-effectively-manage-AI-projects">AI projects</a> to clear results and track costs.</p> <p>"If businesses keep their heads and focus on real impact, a correction won't be a disaster. It'll be a reset, and a healthy one," he said.</p> <p>Bittner added his own recommendations, including the following:</p> <ul class="default-list"> <li><b>Demand measurable ROI up front.</b> If an AI vendor can't show you hours saved, errors prevented or revenue generated within 90 days, walk away.</li> <li><b>Favor narrow, focused solutions over general AI.</b> A tool that does one thing exceptionally well beats a general-purpose tool that does everything poorly, he said.</li> <li><b>Don't assume you need state-of-the-art models. </b>This is where most organizations waste money, Bittner said. Many production AI applications work fine with smaller, open source models that can run at the edge.</li> <li><b>Look at who's profitable.</b> An AI company losing billions quarterly is not building sustainable technology. Partner with companies that have actual business models, he said.</li> <li><b>Audit your AI spending.</b> Most organizations find that 80% of AI spending is on experiments that never ship. Invest in the 20% that works.</li> </ul> <p>For Hasan and Bittner a bubble burst would signal a new, more efficient approach to AI technology investments.</p> <p>"The bubble pop won't be a disaster. It will be a reset. And America's hard-working, smart people will use that reset to revolutionize the economy with AI -- the right way," Bittner said. "It will always be about the people. Not the algorithms."</p> <p><i>Julie Hanson is a freelance writer who has reported on local news across Massachusetts and New Hampshire.</i></p> </section> AI is nearing a reset, shifting focus from hype to measurable value. CIOs must reassess investments, prioritize ROI and guide their organizations toward a sustainable AI strategy. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1183318665.jpg https://www.techtarget.com/searchcio/feature/An-AI-bubble-burst-Early-warning-signs-and-how-to-prepare Thu, 11 Jun 2026 09:00:00 GMT An AI bubble burst? Early warning signs and how to prepare <p>The massive data centers and power requirements of modern AI workloads have a non-trivial effect on the environment and sustainability. And many organizations have signed sustainability commitments that don't align with AI usage.</p> <p>Goldman Sachs research <a target="_blank" href="https://www.goldmansachs.com/insights/articles/us-data-center-power-demand-projected-to-double-by-2027" rel="noopener">projects</a> that U.S. data center power demand will more than double, climbing from 31 gigawatts in 2025 to 66 gigawatts by 2027, driven by <a href="https://www.techtarget.com/searchenterpriseai/news/366643507/Beautiful-insanity-AI-buildouts-lead-to-long-lead-times">AI infrastructure buildout</a>. AI workloads account for 14% of global data center demand today and are expected to reach 27% by 2027. Those numbers make it difficult to meet carbon targets or build sustainable AI infrastructure without changing where inference workloads run.</p> <p>To mitigate the power issue, organizations could turn to <a href="https://www.techtarget.com/searchdatacenter/definition/edge-computing">edge computing</a>, which moves AI inference closer to where data is generated, rather than routing everything to centralized cloud facilities.</p> <section class="section main-article-chapter" data-menu-title="Understanding edge AI's sustainability advantage"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding edge AI's sustainability advantage</h2> <p>Edge AI offers a series of potential sustainability advantages, including the following:</p> <h3>Reduced data transmission energy</h3> <p>Routing raw data to a centralized cloud data center consumes energy at every <a href="https://www.techtarget.com/searchnetworking/definition/Next-Hop-Resolution-Protocol">network hop</a>. Edge architectures reduce that load, as they process locally and send only events, exceptions or summaries upstream rather than continuous raw data streams.</p> <p>In applications such as industrial monitoring or video surveillance, where devices continuously generate high data volumes, reduced energy can also lower network energy costs and cloud compute requirements.</p> <h3>Localized processing efficiency</h3> <p>Cloud GPU infrastructure is generally optimized for training at scale. Applying it to repetitive, targeted inference tasks means running at a fraction of its designed capacity while still carrying the full overhead cost. In contrast, edge hardware is <a href="https://www.techtarget.com/searchenterpriseai/tip/AI-inference-vs-training-Key-differences-and-tradeoffs">designed for low-power inference</a>.</p> <p>"If you deploy overpowered hardware at every site, run models continuously, underutilize the equipment and do not account for hardware lifecycle, the energy story gets weaker fast," said James Sheridan, CEO of Sheridan Technologies, which designs and builds embedded systems and AI-enabled products.</p> <h3>Lower cooling and infrastructure overhead</h3> <p>Cooling is one of the biggest power draws for AI data centers. Cooling accounts for up to 30% of data center energy consumption, according to the International Energy Agency's April 2026 <a target="_blank" href="https://www.iea.org/news/data-centre-electricity-use-surged-in-2025-even-with-tightening-bottlenecks-driving-a-scramble-for-solutions" rel="noopener">analysis</a>.</p> <p>Higher GPU densities drive more heat per rack, pushing facilities toward more intensive cooling infrastructure. Edge devices require neither active cooling systems nor water-cooled infrastructure.</p> </section> <section class="section main-article-chapter" data-menu-title="When does edge AI make sense?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>When does edge AI make sense?</h2> <p>Edge AI is not a universal fix for all AI deployments, but it does make sense in specific situations.</p> <p>"I would start with the workload, not the architecture preference," Sheridan said.</p> <h3>Where edge computing works best</h3> <p><a href="https://www.techtarget.com/searchcio/feature/4-edge-computing-use-cases-delivering-value-in-the-enterprise">Edge performs well</a> for latency-dependent and always-available applications, in connectivity-limited or data-sensitive environments where cloud transmission creates compliance risk. Manufacturing quality control, autonomous systems and point-of-care diagnostics are common examples. For continuous high-volume inference, upfront hardware costs are typically offset by lower ongoing cloud, transmission and energy spend.</p> <p>Not every organization has the option to use cloud, though.</p> <p>"The question should not be: 'Is edge better than cloud?' The question should be: 'What environment does this system actually need to survive in?'" said Tyler Saltsman, CEO of EdgeRunner AI, who works across defense and mission-critical infrastructure deployments.</p> <p>Despite those advantages, edge deployments also have drawbacks. <a href="https://www.techtarget.com/searchenterpriseai/feature/How-to-build-scalable-edge-AI-systems">Edge AI runs</a> on neural processing units (NPUs), purpose-built chips with no dominant market standard, often requiring models to be re-engineered for each chip variant.</p> <p>"The NPU ecosystem is deeply fragmented right now; models need hand-tuning per chip variant, which kills the ROI case for most IT departments that don't have specialist ML [machine learning] engineering teams," said David Viney, CIO at Alchemy Consulting and an AI governance consultant who works across enterprise organizations.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/iota-edge-to-cloud_architecture_layers-h.png 1280w" alt="A chart detailing how compute moves from cloud to edge environments." height="466" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Edge computing happens closer to the device than cloud computing. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Companies like Rentokil and General Electric's rail division have made it work, Viney said. Both built IoT infrastructure years before AI adoption accelerated and have the engineering depth to manage model updates, patching, drift monitoring and hardware replacement at scale.</p> <h3>Where cloud works best</h3> <p><a href="https://www.techtarget.com/searchcloudcomputing/tip/Demystify-the-cloud-and-edge-computing-relationship">Cloud works best</a> for large-scale model training and general AI workloads that require significant compute. Applications with frequent model updates and situations requiring centralized data aggregation all remain better suited to cloud infrastructure.</p> <p>There is also a sustainability counterargument to edge that IT leaders should consider.</p> <p>"Cloud AI providers are already dealing with power, cooling, utilization and infrastructure efficiency at scale," Sheridan said. "If their infrastructure is much more optimized than yours, moving the workload local does not automatically improve ROI or sustainability."</p> </section> <section class="section main-article-chapter" data-menu-title="Sustainability metrics for edge AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Sustainability metrics for edge AI</h2> <p>IT leaders building or evaluating edge AI programs should track the following metrics as part of any green AI strategy:</p> <ul class="default-list"> <li>Power usage effectiveness<b>.</b> <a href="https://www.techtarget.com/searchdatacenter/definition/power-usage-effectiveness-PUE">PUE</a> is the ratio of total facility energy consumption to IT equipment energy use. It's useful for benchmarking centralized infrastructure but has limited direct applicability to edge deployments, where there is no facility overhead to measure. The relevant comparison for edge is energy consumed per inference task, not facility-level efficiency.</li> <li><b>Energy consumption per inference.</b> This is a more effective metric for edge than PUE. It measures the joules or watt-hours per AI transaction, across edge and cloud options for the same workload. A site running edge inference on a workload previously handled in the cloud can produce a direct before-and-after comparison.</li> <li><b>Carbon footprint per AI workload. </b>Total greenhouse gas <a href="https://www.techtarget.com/sustainability/feature/Generative-AIs-sustainability-problems-explained">emissions attributable to a defined AI workflow</a>, including electricity source, hardware efficiency and network transmission energy.</li> <li><b>Total cost of ownership, including energy. </b>This includes hardware acquisition, operational overhead, energy costs and model management across the full deployment lifecycle.</li> <li><b>Compliance and ESG reporting, including </b>Scope 1, 2 and 3 emissions. Scope 1 covers direct emissions from owned or controlled sources. Scope 2 covers purchased electricity. Scope 3 extends to supply chain emissions, including cloud vendor infrastructure, hardware manufacturing and device replacement cycles. In the U.S., the Securities and Exchange Commission (SEC)'s climate disclosure rule requires public companies to report on Scope 1 and 2 emissions. In the EU, the Corporate Sustainability Reporting Directive (CSRD) and AI Act set additional energy reporting requirements for AI systems.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="The future of edge computing, AI and sustainability"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The future of edge computing, AI and sustainability</h2> <p>Two developments are reshaping edge AI infrastructure.</p> <p>The first is small language models (<a href="https://www.techtarget.com/whatis/definition/small-language-model-SLM">SLMs</a>). SLMs are compact task-specific AI models designed to run on lower-power hardware and, as such, are well-suited for edge AI use cases.</p> <p>The second major trend is agentic AI, which is creating new demand for persistent local compute and inference.</p> <p>The model that makes most sense routes routine work to local hardware and reserves cloud capacity for tasks that genuinely need it, Sheridan said. SLMs have improved enough to make that split practical.</p> <p>"More systems will use a hybrid pattern, small local models for fast, private, repetitive or event-driven work, and larger cloud models only when deeper reasoning or broader context is needed," Sheridan said.</p> <p><a href="https://www.techtarget.com/searchcio/feature/Agentic-ai-in-practice-lessons-from-real-deployments">Agentic AI is where</a> the efficiency case gets harder. Agents running continuously and calling models on every cycle can consume as much compute on local hardware as they would in the cloud.</p> <p>"The sustainability benefit depends on discipline: Use smaller models, run them only when needed, cache results, escalate selectively and measure the actual workload," Sheridan said.</p> <p>The shift toward agentic AI will pull infrastructure investment toward distributed colocation environments closer to existing enterprise systems, rather than expanding hyperscale capacity, Viney said. In his view, that pattern is inherently more efficient than routing everything to a large, centralized facility.</p> <p><a href="https://www.techtarget.com/searchenterpriseai/feature/Agentic-AI-compliance-and-regulation-What-to-know">Compliance requirements</a> are making workload-level energy tracking a business necessity. The EU's CSRD and AI Act require energy and carbon disclosure for AI systems. In the U.S., SEC climate disclosure rules require public companies to report Scope 1 and 2 emissions.</p> <p>Those pressures might change the question organizations ask about AI, Sheridan said, from "Can we use AI here?" to "What model, running where, at what cost, with what energy profile and what business value?"</p> <p>Viney sees the same shift coming and is blunt about where most organizations stand. <br><br>"Organizations that are already tracking carbon per workload will have a compliance head start. Most aren't," Viney said.</p> <p><em>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</em></p> </section> AI's power demands and associated environmental impact are significant. Edge computing can alleviate some strain, but it's not a universal solution and doesn't suit all workloads. https://cdn.ttgtmedia.com/rms/onlineimages/cloud_g1251263502.jpg https://www.techtarget.com/sustainability/feature/Can-edge-computing-make-AI-more-sustainable Tue, 09 Jun 2026 08:54:00 GMT Can edge computing make AI more sustainable? <div class="extra-info"> <div class="extra-info-inner"> <h2>Executive summary</h2> <ul class="default-list"> <li><b>The governance gap.</b> While 80% of Fortune 500 firms are deploying active AI agents, only 47% report having formal security controls in place.</li> <li><b>Shadow agents are the new shadow IT. </b>Approximately 29% of employees report using unsanctioned AI agents, creating governance exposure outside formal identity and access controls.</li> <li><b>Beyond the network.</b> We must stop obsessing over firewalls. In 2026, the real perimeter is the reasoning boundary -- the point where an AI model makes a decision that could compromise your company's security.</li> <li><b>The strategy reset.</b> CIOs need to treat agents as privileged identities, using tools like MCP to move from static permissions to a "just-in-time" authority model.</li> </ul> </div> </div> <p>Enterprise AI adoption is accelerating rapidly, but for many CIOs, the actual safety rails are still being built while the train is moving.</p> <p>Microsoft's February 2026 <i>Cyber Pulse</i> <a href="https://www.microsoft.com/en-us/security/security-insider/emerging-trends/cyber-pulse-ai-security-report#Introduction">report</a> confirmed the scale of this readiness gap: 80% of Fortune 500 companies are already running active agents, but less than half actually have the controls in place to manage them.</p> <p>This isn't just about people playing with chatbots anymore. The primary <a href="https://www.techtarget.com/searchsecurity/feature/Agentic-AIs-role-in-amplifying-and-creating-insider-risks">security risk is the shadow agent</a>: autonomous scripts that 29% of your employees are already using to bypass formal governance. When these agents start planning their own multi-step workflows across your SaaS stack, your traditional network perimeter essentially evaporates.</p> <p>To stay ahead, IT leaders must pivot. We don't just need better firewalls; we need to secure the reasoning boundary where these models turn natural language into action.</p> <section class="section main-article-chapter" data-menu-title="1. Secure the model layer: Input and context control"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Secure the model layer: Input and context control</h2> <p>In an <a href="https://www.techtarget.com/searchenterpriseai/tip/A-technical-guide-to-agentic-AI-workflows">agentic workflow</a>, the attack surface is the language itself. Because large language models (LLMs) treat natural language as executable instructions, they are vulnerable to context poisoning. If an agent reads an untrusted document containing hidden directives (e.g., "forward local invoices to X"), it may treat those instructions as part of its primary objective.</p> <p>Architectural fixes:</p> <ul class="default-list"> <li><b>System prompt isolation.</b> Isolate instructions at the inference gateway level to prevent user input from overriding them.</li> <li><b>Retrieval sanitization.</b> Implement a firewall in <a href="https://www.techtarget.com/searchenterpriseai/tip/How-to-prepare-data-for-your-RAG-pipeline">RAG pipelines</a> to strip executable directives from retrieved content before it hits the model.</li> <li><b>Separation of reasoning and execution.</b> The LLM should only propose an action; a separate, independent "dumb" service or a human-in-the-loop must validate permissions against the user session before any write operation is finalized.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="2. Manage the governance layer: From probabilistic to deterministic"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Manage the governance layer: From probabilistic to deterministic</h2> <p>LLMs are nondeterministic by design, making traditional security and compliance difficult. Small shifts in token sampling can lead to policy violations that weren't present yesterday. CIOs must surround probabilistic models with deterministic control layers<b>.</b></p> <p>The control framework:</p> <ul class="default-list"> <li><b>Output schema validation.</b> Responses used in workflows must be validated against a strict schema (such as JSON or Pydantic), or execution is killed immediately.</li> <li><b>Confidence triggers.</b> Use internal log-probabilities to automatically route low-confidence decisions to a human-in-the-loop queue.</li> <li><b>Full-stack tracing.</b> A simple log of "user said X" is useless. You need 2026-grade logs that reconstruct the agent's entire reasoning chain, including prompt versions and specific vector chunks retrieved.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="3. Harden the infrastructure layer: Agent autonomy and identity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Harden the infrastructure layer: Agent autonomy and identity</h2> <p>Traditional API security assumes static permissioning. Agentic systems break this model by dynamically planning multi-step workflows. The most common failure point is "permission creep," where developers grant agents high-privileged API keys to simplify integration.</p> <p>Modern agent governance:</p> <ul class="default-list"> <li><b>Formal agent identity.</b> Use the model context protocol (MCP) to verify whether the agent has the authority for a specific task.</li> <li><b>Just-in-time authorization.</b> Trigger temporary, scoped credentials for write actions that expire the moment a task is complete.</li> <li><b>Centralized agent registries.</b> Every autonomous agent must be registered, version-controlled, and monitored for behavioral anomalies -- such as an analytics agent suddenly querying HR payroll data.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="4. Protect the data layer: Inference risk and exposure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Protect the data layer: Inference risk and exposure</h2> <p>In RAG architectures, documents are turned into vector embeddings. Data exposure can occur without a breach if misconfigured retrieval filters allow an AI to summarize a document for a user without appropriate clearance.</p> <p>Data safeguards:</p> <ul class="default-list"> <li><b>Token-level redaction.</b> Strip PII and regulated fields before sending data to the embedding model.</li> <li><b>Segmented vector stores.</b> Do not use one giant bucket. Segment stores by tenant and classification level to prevent agents from accessing unauthorized data.</li> <li><b>Regulatory readiness.</b> Under 2026 standards, an AI that leaks sensitive info during a session is legally equivalent to a data breach.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="90-day CIO strategic roadmap"> <h2 class="section-title"><i class="icon" data-icon="1"></i>90-day CIO strategic roadmap</h2> <p>This is a strategic pivot, not just a technical one. Here is how to regain control of your AI ecosystem security challenges over the next quarter:</p> <ul class="default-list"> <li><b>Days 1-30 (visibility reality check).</b> Stop guessing and start auditing your security vulnerabilities. Map out every unsanctioned agent in your environment and tier them by data risk, focusing specifically on those that touch PII or financial data.</li> <li><b>Days 31-60 (hardening the handshakes).</b> Pilot the separation of reasoning and execution. Ensure the LLM only proposes an action, while a separate "dumb" service actually checks permissions before anything is deleted or sent.</li> <li><b>Days 61-90 (platform consolidation).</b> <a href="https://www.techtarget.com/searchcio/feature/AI-sprawl-vs-CIOs-The-battle-to-control-enterprise-AI">Get rid of the sprawl</a>. Establish a centralized agent registry and use behavioral monitoring to flag an analytics agent that suddenly decides it needs to see HR payroll.</li> </ul> <p>The goal of agentic security isn't to slow down innovation, but to provide the structural integrity required to scale it safely.</p> </section> As AI agents move from pilot to production, traditional security perimeters are being replaced by the reasoning boundary. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a352095729.jpg https://www.techtarget.com/searchcio/tip/AI-agents-are-running-wild-Secure-the-reasoning-layer-now Mon, 08 Jun 2026 12:57:00 GMT AI agents are running wild: Secure the reasoning layer now <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Executive summary</h3> <p>Here's what seven IT leaders had to say about AI's affect on IT costs:</p> <ul class="default-list"> <li>AI has not reduced IT costs in most organizations and is often adding new ones.</li> <li>New spending on AI tools, licensing, integration and governance is offsetting savings.</li> <li>Productivity gains are easier to see than measurable cost reductions.</li> <li>AI often shifts costs across the business rather than eliminating them.</li> <li>Organizations are seeing the strongest returns when they apply AI to specific operational problems.</li> </ul> </div> </div> <p>AI has not reduced IT costs in most organizations -- in many cases, it's adding new ones.</p> <p>IT departments are paying new costs for AI model usage, software licensing, system integration and governance, but are not seeing straightforward savings. AI is reducing some costs in specific areas, such as manual work and certain hiring needs. However, these savings rarely offset the cost of AI, especially since it is not a one-and-done expense. It requires ongoing investments in model updates and retraining, infrastructure upgrades, and integration maintenance that leaders often underestimate. </p> <p>To find out how AI is affecting IT costs in practice, TechTarget asked seven IT leaders the same question: "Is AI reducing your IT costs, or is it just adding to them?"</p> <p>What they describe is not a single outcome, but a combination of rising costs and limited efficiency gains that do not yet reduce overall IT spending.</p> <section class="section main-article-chapter" data-menu-title="Is AI reducing your IT costs, or is it just adding to them?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Is AI reducing your IT costs, or is it just adding to them? </h2> <p>"The honest answer is no. AI has increased the IT costs instead of bringing them down. We made a deliberate decision not to limit AI tools to the developer team only, but gave them to everyone -- operations, compliance, middle office and finance. That's over 700 people, most of whom would be alarmed to be called engineers.</p> <p>That costs more than equipping a handful of developers, and we watch the spend carefully. But costs are only half the ledger -- the half that is easy to read. They have a number, a currency and a date. Productivity gains don't have these metrics. So, when a developer tests code faster, or someone in operations builds their own dashboard in an afternoon instead of joining a three-year backlog, the savings never show up as a credit on an invoice.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Anyone claiming they can already prove the gains beat the costs is making it up. </figure> <figcaption> <strong>Richard Forss</strong>CTO, Exante </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>AI costs money -- as everything useful does -- and that is not a big deal. Costs are easy to count and benefits are not, so organizations that only trust what they can count will decide AI has failed. Six months in, we see code tested faster and non-technical staff building tools that genuinely make their jobs easier -- not yet as a clean percentage that would survive a board paper, but often enough to see that it isn't a fluke.</p> <p>Anyone claiming they can already prove the gains beat the costs is making it up. But most useful technology works this way -- you pay the bill before you can show the benefit. Ask me again in a year. I don't expect a different answer."</p> <p>-- Richard Forss, CTO of Exante, a global prime brokerage firm</p> <p>----------------------------------------------------</p> <p>"AI is adding costs while creating the illusion of savings. Enterprises <a href="https://www.techtarget.com/searchsecurity/tip/Calculating-the-ROI-of-AI-in-cybersecurity">measure AI ROI</a> by output volume, including things like tickets processed, reports generated or lines of code. They do not measure the downstream cost of acting on that output. The hidden cost stack nobody budgets for includes <a href="https://www.techtarget.com/searchcio/feature/Tokenmaxxing-How-CIOs-extract-maximum-value-AI-tokens">token consumption at scale</a>, engineer hours fixing hallucinated code and wrong architecture decisions, and rework cycles when AI-generated analysis leads strategy in the wrong direction. It also includes compliance exposure from unreviewed AI output that gets signed off and acted upon, and customer experience recovery after AI interactions drive net promoter score down.</p> <p>When leadership signs off on AI-generated analysis without reading it, the cost is not in the AI. It is in the undetected error multiplied at scale. AI is not reducing IT costs yet for most organizations. It is redistributing them upward and making them invisible until they surface as project failures, <a href="https://www.techtarget.com/searchcio/feature/the-ai-agent-governance-gap-how-cios-can-gain-control">compliance gaps</a> or strategic misdirection. CIOs who are ahead of this have stopped measuring AI by what it produces and started measuring it by what it causes."</p> <p>-- Frank Meltke, CEO of Contraco, a digital transformation consulting firm</p> <p>----------------------------------------------------</p> <p>"AI is not reducing costs at all for many organizations. In some cases, it's proving <a href="https://www.techtarget.com/searchcio/feature/Is-AI-cheaper-than-human-workers">more expensive than the workforce it was supposed to replace</a>. Companies spent the last two years building business cases around productivity gains, headcount reductions and operational efficiency, but many are now discovering that the long-term cost of AI extends far beyond the initial software purchase.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Organizations moved faster on deployment than they did on financial analysis. </figure> <figcaption> <strong> Linda Zecher</strong>Co-founder, Cyber Knowledge Partners </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Part of the problem is that organizations moved faster on deployment than they did on financial analysis. AI initiatives were often championed by innovation teams, business units or technology leaders eager to demonstrate progress, while finance teams entered the conversation later. By that point, companies were already absorbing growing cloud consumption costs, model usage fees, integration expenses, governance requirements, cybersecurity controls, compliance reviews and vendor management overhead that were never fully reflected in the original projections.</p> <p>Organizations are discovering that <a href="https://www.techtarget.com/searchenterpriseai/feature/Humans-and-AI-The-role-of-people-in-the-new-AI-world">AI has not eliminated the need for people</a>. It simply changed the nature of the work. Employees are still needed to validate outputs, monitor performance, review decisions, manage risk and intervene when systems produce inaccurate results. In some cases, companies reduced headcount expecting AI to fill the gap, only to find themselves operating with fewer experienced employees and a costly technology platform that is not being utilized to its full potential."</p> <p>-- Linda Zecher, co-founder of Cyber Knowledge Partners, a cybersecurity and AI advisory firm</p> <p>----------------------------------------------------</p> <p>"It depends on where and how you apply it. The companies that treat AI as a blanket cost-cutting measure are going to be disappointed, while those that treat it as targeted leverage can see real returns. Companies that are <a href="https://www.techtarget.com/searchcio/feature/agentic-ai-case-studies-for-cios">deploying AI strategically</a> to solve specific problems and are committed to finding savings are seeing results.</p> <p>The biggest misunderstanding in the market is that the savings show up as straight reductions in cost or headcount. They do not. Across the industry, licensing is shifting toward consumption, usage is climbing and <a href="https://www.techtarget.com/searchcio/feature/What-Big-Techs-AI-spending-means-for-your-IT-budget">AI spend is rising</a> as licensing models and model costs go up. Our own costs reflect that. We have spent the last two-plus years making strategic investments to place AI into our software development lifecycle (SDLC) where we can automate tasks, build at higher velocity and improve quality.</p> <p>For us, the value showed up in how we build and test software. AI now writes about 95% of our test cases, which lets us reduce that team by roughly 20% and redeploy those people to more strategic work. On the build side, we carried <a href="https://www.techtarget.com/searchcio/tip/The-CIOs-playbook-for-reducing-tech-debt">years of tech debt</a> and a roadmap that always outran our capacity. AI let us accelerate that roadmap and ship faster than we could have staffed for, which has translated into better customer retention and sales. We have automated a good portion of our SDLC, with 53% of all our code now AI-generated and code volume per developer up almost 200%. That is the capacity we did not have to hire to deliver the same roadmap.</p> <p>On the same note, the industry can oversell how evenly these cost opportunities show up and to what degree. We have looked at AI for many specific tasks and found that, in some cases, it adds cost, even when the output quality is higher.</p> <p>It is also worth watching how this plays out on the vendor side. Nearly every software vendor is looking at how to monetize AI by adding new capabilities to their products, and they will charge for it -- even though most companies are likely using less than 25% of the functionality they already pay for today."</p> <p>-- Greg Ingino, CTO of Litera, a legal technology software company</p> <p>----------------------------------------------------</p> <p>AI is not reducing IT costs yet in a broad, clean, CFO-friendly way. In most enterprises, it is still adding a new cost layer on top of cloud, security, data engineering, integration, governance and training. AI savings sound great in board decks, but the bill shows up first in infrastructure, licenses, pilots and people trying to make the technology usable.</p> <p>That said, AI is starting to create real savings in narrow, repeatable workflows. Help desk triage, code documentation, knowledge search, test automation and basic reporting are where the early ROI is showing up. But those savings only happen when the company has clean data, clear process ownership and the discipline to shut down old tools after the AI workflow works.</p> <p>The bigger issue -- and this is a huge deal -- is that many companies are treating AI like a magic budget cutter instead of an operating model change. AI does not lower costs by itself. It lowers costs when CIOs redesign workflows, remove manual steps, consolidate platforms and hold teams accountable for measurable productivity gains.</p> <p>-- Mark Vena, CEO and principal analyst at SmartTech Research, a technology research firm</p> <p>----------------------------------------------------</p> <p>"We are starting to see AI reduce costs in very practical ways, but I think <a href="https://www.techtarget.com/searchcio/feature/AI-job-losses-Transformation-expected-not-mass-layoffs">the bigger impact is productivity rather than outright headcount reduction</a>. Last year we rolled out AI to our development team and the feedback has been positive, particularly around code generation, automating repetitive tasks and reducing time spent context switching between tools and documentation.</p> <p>One developer used it to create tools that automated painful migration and environment setup processes that would previously have taken days or weeks manually. In one case, a utility to parse and correct migration errors reduced a task that would have taken weeks down to under eight hours, while also creating a reusable tool for future projects. That is where we are seeing the value right now -- not AI replacing experienced developers but helping skilled people remove repetitive bottlenecks and move faster.</p> <p>That said, AI is still adding costs in other areas. There are licensing costs, <a href="https://www.techtarget.com/searchdatamanagement/tip/AI-data-governance-is-a-requirement-not-a-luxury">governance considerations</a>, security reviews and the need for oversight to make sure outputs are accurate. I think many organizations are still in the phase of balancing those additional costs against longer-term efficiency gains. The companies that will see the best return are probably the ones using AI to solve very specific operational problems rather than implementing it simply because they feel they should be."</p> <p>-- Rhys Collins, managing director at Total Systems, a UK-based insurance software provider</p> <p>----------------------------------------------------</p> <p>"AI has not reduced our IT costs -- it has restructured them. Whether that nets out as a saving depends entirely on what you treat as the baseline. Our actual infrastructure spend is roughly flat year over year, but the work that spend is supporting has expanded materially, including content production, internal automation, intake and routing, and content systems that would have required additional headcount to operate at this volume.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The trap many CIOs fall into is expecting AI to reduce the line item it is adding spend to. </figure> <figcaption> <strong>Elijah Fernandez</strong>CTO, Cerevity </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>So, if you measure cost per unit of output, AI has reduced our costs significantly. If you measure cost in absolute dollars on the IT line, you find that the savings showed up somewhere else on the P&L, not as a smaller cloud bill.</p> <p>The trap many CIOs fall into is expecting AI to reduce the line item it is adding spend to, when in reality AI tends to shift cost across categories. We are paying more for model APIs and orchestration than we were a year ago, but we are paying less for things we used to need that are no longer required, such as contract writers, certain operational coordinators and third-party tools whose function got absorbed into our own AI workflows.</p> <p>The CIOs who tell you AI is just adding cost are usually looking at one column of the spreadsheet and ignoring the columns that got smaller. The ones telling you it has dramatically reduced costs are often understating the new line items they had to add to make that possible.</p> <p>Where I do see clear net reduction is in the categories where AI replaces work that was either expensive or never going to scale -- the kind of operational labor that did not produce visible output but quietly consumed headcount and attention. The discipline that determines whether you end up in net savings or net cost is whether you are willing to actually retire the <a href="https://www.techtarget.com/whatis/feature/Will-AI-replace-jobs-9-job-types-that-might-be-affected">workflows AI is replacing</a>, rather than running both in parallel out of caution.</p> <p>The companies that are net positive on AI investment are the ones that made the harder organizational decisions, not just the ones that adopted the tools the fastest. The companies still arguing about whether it is paying off are usually still hedging on whether they trust it enough to fully commit."</p> <p>-- Elijah Fernandez, CTO of Cerevity, a telehealth therapy platform for high-achieving professionals</p> <p><em>Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.</em></p> </section> IT leaders say AI is adding new costs faster than organizations can measure the benefits. This forces CIOs to weigh rising spending against uncertain productivity gains. https://cdn.ttgtmedia.com/rms/onlineimages/money_g1021600178.jpg https://www.techtarget.com/searchcio/feature/is-ai-reducing-it-costs-tech-leaders-weigh-in Fri, 05 Jun 2026 10:50:00 GMT Is AI reducing IT costs? Tech leaders weigh in <p><span style="font-family: arial, helvetica, sans-serif;">In today's climate of uncertainty and rapidly evolving technologies, the cost for CIOs of falling behind is higher than ever.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Technology industry conferences and events offer the best opportunities for CIOs to stay ahead of the curve and gain a deeper understanding of how to align <a href="https://www.techtarget.com/searchenterpriseai/tip/Agentic-AI-vs-generative-AI-Whats-the-difference">emerging innovations</a> with business value.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">While there's a wealth of technical information you can gather at a <a href="https://www.techtarget.com/searchdatamanagement/feature/The-top-2026-data-conferences-to-plan-enterprise-strategy">quality technology conference</a>, there are other good reasons to attend. Conferences provide opportunities to engage directly with peers, industry experts, potential vendors and other technology and business leaders to discuss <a href="https://www.techtarget.com/iotagenda/tip/Top-advantages-and-disadvantages-of-IoT-in-business">similar challenges</a>, build best practices and compare strategies.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Here are some conferences and events that CIOs will want to put on their calendars.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">If you have a tech conference or event that you would like to appear in this calendar, email <a href="mailto:sarah.amsler@informatechtarget.com">harriet.jamieson@informatechtarget.com</a>. Check in frequently for conference calendar updates.</span></p> <div> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>FinOps X 2026 </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When:</b> June 8-11, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>San Diego, Calif.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost:</b> From $499 to $1,999.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics include FinOps for SaaS; FinOps adoption; AI for FinOps; FinOps for data centers; running FinOps at scale.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Speakers include Pooja Jumar -- vice president and chief technology officer, Prudential; Andrew Feig -- managing director and chief operating officer, FinOps strategy and practice lead for global technology, JPMorganChase; Anuthama Chandrasekaran -- senior director and head of DevOps and site reliability engineering, S&P Global; Ron Tatro -- director of technology, Target; Courtney Totten -- chief technology officer, Shutterstock; and Dann Berg -- cloud FinOps lead, Squarespace.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>welcome reception, networking sessions, closing party.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for FinOps Ex 2026 <a href="https://x.finops.org/register/">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>American CIO and Cybersecurity Summit </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>June 9-10, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> San Francisco</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include cybersecurity, AI; digital transformation; and data management.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference speakers include AJ Debole -- field CISO, Oracle; Lee Parrish -- CISO, Newell Brands; Roy Luongo -- CISO, U.S. Secret Service; and Jennifer Zmuda -- CIO, UnitedHealth Group.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for American CIO and Cybersecurity Summit <a href="https://cioamerica.com/">here</a>. </span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Info-Tech Live 2026 </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>June 9-11, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>Las Vegas</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>$4,675.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include AI; agentic AI; workflows; HR technologies; marketing technologies. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Speakers include Antonia Donaldson -- director analyst, Gartner; Brian Andersen -- senior director, Gartner; Viktoria Boyle -- vice president, Gartner; Elliott Long -- director, Gartner.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>workshops, analyst one-on-ones, industry roundtables, peer networking sessions.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for Info-Tech Live <a href="https://web.cvent.com/event/685ad8d7-310e-477c-b075-bf69fef77b8d/regProcessStep1?_gl=1*m32670*_ga*MTQwNzMxNDM0OC4xNzY4NDg5MDgw*_ga_V31WKD9P95*czE3Njg0ODkwODAkbzEkZzAkdDE3Njg0ODkyNTEkajYwJGwwJGgw*_gcl_au*MTAzNTMxMDg2My4xNzY4NDg5MjUy&rp=fa87a696-9bd8-4ba1-9ccb-823efb96c291">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Quantam.Tech World</b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>June 25-26, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>Boston</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>$2,499, vendor pass. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include </span><span xml:lang="EN-US" data-contrast="auto">quantum computing, AI, high-performance computing, hybrid workflows, secure and responsible computing, enterprise adoption strategies, cryptography, sensing, and networking. </span><span data-ccp-props="{"335559738":240,"335559739":240}"> </span></p> <div> <p paraeid="{3d5daa50-46cc-4876-81c2-b4d6b2475dac}{231}" paraid="291759238"><span xml:lang="EN-US" data-contrast="auto">Speakers include Michael Elmore -- senior vice president and global chief information </span><span xml:lang="EN-US" data-contrast="auto">security officer, GlaxoSmithKline; Rich Baich -- senior vice president and chief information security officer, AT&T; Peter Shor -- applied mathematics professor, </span><span xml:lang="EN" data-contrast="auto">Massachusetts Institute of Technology; Xiaojan Huang </span><span xml:lang="EN-US" data-contrast="auto">--</span><span xml:lang="EN" data-contrast="auto"> chief engineer, modeling, optimization and data science, ExxonMobil; and Paul Dabbar </span><span xml:lang="EN-US" data-contrast="auto">--</span><span xml:lang="EN" data-contrast="auto"> deputy secretary, Department of Commerce. </span><span data-ccp-props="{"134233117":false,"335551550":1,"335551620":1,"335557856":16777215,"335559738":0}"> </span></p> </div> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>breakfast briefing workshops, Harvard site tour, and evening cruise.</span><span style="font-family: arial, helvetica, sans-serif;"></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for Quantam.Tech World </span><a href="https://www.alphaevents.com/events-quantumtechus/srspricing">here</a><span style="font-family: arial, helvetica, sans-serif;">.</span></p> <div></div> <p></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Gartner Enterprise Risk, Audit and Compliance Conference 2026 </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Sept. 15-16, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> Grapevine, Texas.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>$4,350.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics include third-party risk management; business risk ownership; emerging risk landscape; employee engagement and compliance. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Speakers include Antonia Donaldson -- director analyst, Gartner; Brian Andersen -- senior director, Gartner; Viktoria Boyle -- vice president, Gartner; Elliott Long -- director, Gartner.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>Gartner expert one-on-one briefings, ask the expert sessions, workshops, and social events. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for Gartner Enterprise Risk, Audit and Compliance Conference 2026 <a href="https://www.gartner.com/en/conferences/na/enterprise-risk-audit-compliance-us/register">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Forrester Technology & Innovation Forum Central</b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Sept. 14-15, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>Austin, Texas</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost:</b> TBA</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Agenda and conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Get more information about this event <a href="https://www.forrester.com/event/technology-innovation-north-america/">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Dreamforce</b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Sept. 15-17, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>San Francisco</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>$2,299, standard.  </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include agentic AI development with Agentforce; AI development for the contact center, customer experience and field service management; Data 360; and Tableau analytics and insights.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference speakers include Marc Benioff -- chair, chief executive officer, and founder, Salesforce. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><strong>Extras:</strong> roundtables, workshops, and hands-on trainings.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for Dreamforce <a href="https://www.salesforce.com/dreamforce/register/?pr=https%3A%2F%2Fwww.salesforce.com%2Fdreamforce%2F&utm_variant=Control">here</a>. </span></p> <div> <h2 paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{118}" paraid="110" aria-level="2" role="heading"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">InfoSec World</span><span xml:lang="EN" data-contrast="auto"> </span> </strong></span></h2> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{127}" paraid="111"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">When:</span></strong><span xml:lang="EN" data-contrast="auto"><strong> </strong>Oct. 12-14, 2026</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{135}" paraid="112"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Where: </span></strong><span xml:lang="EN" data-contrast="auto">Kissimmee, Fla.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{143}" paraid="113"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Cost: </span></strong><span xml:lang="EN" data-contrast="auto">$3,395, early bird; $4,195, standard.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{151}" paraid="114"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Topics covered include AI regulation, bad actors, AI and the c-suite, AI security threats, and AI privacy and security.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{157}" paraid="11282416"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN-US" data-contrast="auto">Conference speakers include Mark Clancy </span><span xml:lang="EN" data-contrast="auto">--</span><span xml:lang="EN-US" data-contrast="auto"> chief security officer, T-Mobile; Akhila Nama </span><span xml:lang="EN" data-contrast="auto">--d</span><span xml:lang="EN-US" data-contrast="auto">irector and global head of enterprise security, Box; Candice Biamby </span><span xml:lang="EN" data-contrast="auto">--</span><span xml:lang="EN-US" data-contrast="auto"> vice president and project manager, cyber threat intelligence, JP Morgan Chase & Co.; and Jason Mortenson </span><span xml:lang="EN" data-contrast="auto">-</span><span xml:lang="EN-US" data-contrast="auto"> director, strategic information security, Lenovo.</span><span xml:lang="EN-US" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{163}" paraid="116"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto"><strong>Register</strong> for InfoSec World </span><a rel="noreferrer noopener" target="_blank" href="https://events.infosecworldusa.com/2026/begin"><span xml:lang="EN" data-contrast="none">here</span></a><span xml:lang="EN" data-contrast="auto">.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{163}" paraid="116"><span data-ccp-props="{"335559738":240,"335559739":240}" style="font-family: arial, helvetica, sans-serif;"></span></p> </div> <div> <h2 paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{177}" paraid="117" aria-level="2" role="heading"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Gartner IT Symposium/Expo</span><span xml:lang="EN" data-contrast="auto"> </span> </strong></span></h2> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{188}" paraid="118"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto"><strong>When:</strong> </span><span xml:lang="EN" data-contrast="auto">Oct. 19-22, 2026</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{198}" paraid="119"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Where:</span></strong><span xml:lang="EN" data-contrast="auto"><strong> </strong>Orlando, Fla.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{208}" paraid="120"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto"><strong>Cost:</strong> </span><span xml:lang="EN" data-contrast="auto">$8,200, standard; $5,925, public sector.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <div> <p paraeid="{ca6365ec-f7cc-4e5f-b5ec-3b849fcaccd4}{218}" paraid="121"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Topics covered include top technology trends for 2026; agentic AI; overcoming resistance and buildin</span><span xml:lang="EN" data-contrast="auto">g enthusiasm for AI adoption; and leading CIOs through uncertainty. </span> </span></p> </div> <div> <p paraeid="{ea3f7e22-5782-48d1-ae09-495bdf58e2e6}{40}" paraid="129225800" xml:lang="EN-US"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN-US" data-contrast="auto">Conference speakers include Gartner staff, such as Kristin Moyer -- distinguished vice president analyst; Daryl Plummer -- distinguished vice president analyst; Tori Paulman -- vice president analyst; and Gabriela Vogel -- vice president analyst.</span> </span></p> </div> <div> <p paraeid="{03b6aca7-5afb-4276-bea4-591429887b58}{13}" paraid="123"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Register for Gartner IT Symposium/Expo </span><a rel="noreferrer noopener" target="_blank" href="https://www.gartner.com/en/conferences/na/symposium-us/register"><span xml:lang="EN" data-contrast="none">here</span></a><span xml:lang="EN" data-contrast="auto">.</span><span xml:lang="EN" data-contrast="auto"> </span> </span></p> </div> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Securing New Ground  </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When:</b> Oct. 20-21, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> New York City</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b><span xml:lang="EN-US" data-contrast="auto">$995, early-bird. </span><span data-ccp-props="{"335559738":240,"335559739":240}"> </span></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Agenda and conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras:</b> networking breaks and receptions.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Find out more about Securing New Ground <a href="https://sng.securityindustry.org/registration/">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Gartner HR Symposium/Expo </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When:</b> Oct. 26-28, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>Orlando, Fla.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>$4,875, early bird; $5,475, standard; $4,440, public sector.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include HR's new domain in the AI era; navigating the multi-generational workplace; and building a growth-ready workforce in the AI era.</span><span style="font-family: arial, helvetica, sans-serif;"></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference speakers include Gartner staff, such as Jana Alancheril -- senior director, advisory; Brent Casell -- vice president, advisory; Ingrid Laman -- vice president, advisory; and Gaston Gomez Armesto -- senior director, advisory.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>networking receptions.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Register for Gartner HR Symposium/Expo <a href="https://www.gartner.com/en/conferences/na/hr-symposium-us/register">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Oracle AI World </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Oct. 26-29, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> Las Vegas</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b><span xml:lang="EN" data-contrast="auto">$1,699 early-bird; $1,399 public-sector.</span></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered at this event include Oracle vision and strategy, AI development in Oracle applications, and Oracle Cloud Infrastructure development.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras: </b>networking breaks and receptions.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Find out more about Oracle AI World <a href="https://www.oracle.com/ai-world/">here</a>. </span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>The Studio  </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Oct. 26-28, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> Nashville, Tenn.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b>free, but via approved application only.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered at this event include leadership in the AI age and building the right teams for AI success. Conference speakers include Pavan Pidugu -- chief digital and information officer, U.S. Department of Transportation; Eileen Bridges -- senior vice president, business information security officer, Truist; Tipu Swaran -- director, technology strategy and transformation, Discover; Howard Miller -- chief information officer, UCLA Anderson School of Management; and Crystal Broj -- chief digital transformation officer, Medical University of South Carolina.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Apply to attend The Studio <a href="https://hottopics.ht/hottopics-studio-nashville">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>ICMI Contact Center Expo </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Oct. 26-29, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> Orlando, Fla.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost:</b> Free for qualified registrants; from $1,799, super early bird.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference tracks include people and culture, service experience, strategy and leadership, maximizing productiving and operations, and AI in action.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Keynote speakers include Rachel Druckenmiller -- keynote speaker, facilitator, and leadership trainer; and Todd Honey -- host, The Daily Creative podcast.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Extras:</b> ICMI Global Contact Center Awards and networking sessions.</span></p> <p>Find out more about ICMI Contact Center Expo <a href="https://icmievents.com/">here</a>. </p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>GitHub Universe </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Oct. 28-29, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> San Francisco</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b><span style="list-style-type: disc;" xml:lang="EN" data-contrast="auto">$799, early-bird.</span></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Agenda and conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Sign up to find out when registration opens for GitHub Universe <a href="https://githubuniverse.com/">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Forrester Technology & Innovation Forum East</b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Nov. 4-5, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where:</b> New York City</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost:</b> TBA</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Agenda and conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Find out more about this event <a href="https://www.forrester.com/event/technology-innovation-north-america/">here</a>.</span></p> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>Microsoft Ignite </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When:</b> Nov. 17-20, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>San Francisco</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost:</b> TBA</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Agenda and conference speakers have not yet been announced.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Find out more about Microsoft Ignite <a href="https://ignite.microsoft.com/en-US/home">here</a>.</span></p> <div> <h2 paraeid="{40875328-3920-467a-8f36-48bc222302a1}{240}" paraid="172"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Forbes CIO Summit 2026</span> </span></h2> </div> <div> <p paraeid="{40875328-3920-467a-8f36-48bc222302a1}{246}" paraid="173"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto"><strong>When:</strong> </span><span xml:lang="EN" data-contrast="auto">Nov. 11, 2026</span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{3}" paraid="174"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Where: </span></strong><span xml:lang="EN" data-contrast="auto">New York City and virtual</span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{13}" paraid="175"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Cost:</span></strong><span xml:lang="EN" data-contrast="auto"> TBA</span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{21}" paraid="176"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN-US" data-contrast="auto">Topics covered include agentic AI, mitigating AI and the future of IT. </span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{27}" paraid="177"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Agenda and conference speakers have not yet been announced. </span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{33}" paraid="178"><span style="font-family: arial, helvetica, sans-serif;"><strong><span xml:lang="EN" data-contrast="auto">Extras:</span></strong><span xml:lang="EN" data-contrast="auto"> networking sessions.</span> </span></p> </div> <div> <p paraeid="{96ce9e61-d55b-42ae-9206-6f663e48cce7}{41}" paraid="179"><span style="font-family: arial, helvetica, sans-serif;"><span xml:lang="EN" data-contrast="auto">Find out more about the Forbes CIO Summit </span><a rel="noreferrer noopener" target="_blank" href="https://www.forbes.com/connect/event/2026-forbes-cio-summit/"><span xml:lang="EN" data-contrast="none">here</span></a><span xml:lang="EN" data-contrast="auto">.</span> </span></p> </div> <h2><span style="font-family: arial, helvetica, sans-serif;"><b>AWS Re:Invent </b></span></h2> <p><span style="font-family: arial, helvetica, sans-serif;"><b>When: </b>Nov. 30-Dec. 4, 2026</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Where: </b>Las Vegas</span></p> <p><span style="font-family: arial, helvetica, sans-serif;"><b>Cost: </b><span style="list-style-type: disc;" xml:lang="EN" data-contrast="auto">$1,299, early-bird; $2,499 standard.</span></span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Topics covered include AWS cloud innovation strategy and roadmap; AWS cloud architecture; and AWS AI tools and agents.</span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Conference speakers have not yet been announced. </span></p> <p><span style="font-family: arial, helvetica, sans-serif;">Subscribe to updates for AWS Re:Invent <a href="https://aws.amazon.com/events/reinvent/">here</a>. </span></p> </div> Tech conferences are a vital way for CIOs and IT leaders to keep abreast of trends and make real-life connections in a fast-changing business climate. https://cdn.ttgtmedia.com/rms/onlineimages/location_g1251263484.jpg https://www.techtarget.com/searchcio/feature/Strategic-IT-outlook-Tech-conferences-and-events-calendar Fri, 05 Jun 2026 10:30:00 GMT Strategic IT outlook: Tech conferences and events calendar <p>In tech news this week Anthropic announced its bid to go public, Amazon scaled back its internal AI efforts, hackers exploited Meta’s AI chatbot, Nvidia unveiled a ‘superchip’ and OpenAI faced more scrutiny with a lawsuit from the state of Florida.</p> <p>Here's what you need to know from the week starting June 1, plus the latest updates in IPOs and executive leadership.</p> <section class="section main-article-chapter" data-menu-title="Anthropic goes public with IPO"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Anthropic goes public with IPO</h2> <p>Anthropic announced on June 1 that it has filed paperwork for an initial public offering.</p> <p>In a <a href="https://www.anthropic.com/news/confidential-draft-s1-sec" target="_blank" rel="noopener">statement</a>, the company wrote that "this gives us the option to go public after the SEC completes its review. The proposed initial public offering will depend on market conditions and other factors."</p> <p>The move positions Anthropic to potentially become one of the first major frontier AI labs to reach public markets, beating competitors like <a href="https://www.techtarget.com/searchenterpriseai/definition/OpenAI">OpenAI</a>. The filing could intensify competition among the leading AI companies. If Anthropic successfully reaches the public markets first, it could gain a powerful advantage in financing future investments required for next-generation models.</p> <p>For tech leaders, this is about more than another AI IPO. Anthropic's move signals the evolution of the AI industry, shifting from vendor experimentation to the accountability of public markets.</p> </section> <section class="section main-article-chapter" data-menu-title="Amazon backpedals on AI usage"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Amazon backpedals on AI usage</h2> <p>For the last few years, businesses around the world -- including major technology companies -- have encouraged and pushed employees to integrate AI into as many workflows as possible in order to boost productivity and demonstrate value. This week, Amazon appears to have stepped back from this view, with senior leaders reportedly asking employees to stop using AI "just for the sake of using AI."</p> <p>This backpedaling started with Amazon shutting down an internal leaderboard that tracked employees' AI usage. Amazon is not the only company to take a step away from <a href="https://www.techtarget.com/searchcio/feature/Tokenmaxxing-How-CIOs-extract-maximum-value-AI-tokens">tokenmaxxing</a>, as Meta also removed its own internal AI leaderboard.</p> <p>The broader lesson for executives is that AI strategy is entering a new phase. Rather than simply rewarding usage alone and treating AI like a blanket deployment, organizations are instead focusing on measurable business outcomes. The shift suggests that the AI conversation inside enterprises is moving from experimentation and adoption metrics toward operational value.</p> </section> <section class="section main-article-chapter" data-menu-title="Hackers exploit Meta AI to hijack Instagram accounts"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hackers exploit Meta AI to hijack Instagram accounts</h2> <p>A major security incident involving Meta's AI-powered support chatbot has raised new concerns about the risks of automating sensitive customer-service functions.</p> <p>Hackers were able to manipulate Meta’s AI tool into revealing the passwords of high-profile Instagram accounts, including Barack Obama’s White House account, Sephora and the U.S. Space Force chief master sergeant, John Bentivegna.</p> <p>Meta says it has fixed the vulnerability and is securing affected accounts.</p> <p>The attackers appear to have exploited weaknesses in the AI system's decision-making process, persuading it to carry out actions that should have been protected by stricter identity checks. The incident highlights the risks of giving AI access to sensitive accounts and information before adequate guardrails are in place.</p> <p>The Meta incident is likely to strengthen calls for human oversight, stronger authentication control and more rigorous testing before AI agents are entrusted with sensitive functions.</p> </section> <section class="section main-article-chapter" data-menu-title="Nvidia launches ‘superchip’ for AI-powered laptops"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Nvidia launches ‘superchip’ for AI-powered laptops</h2> <p>Nvidia's latest move in the AI race is RTX Spark, a new chip architecture designed to shift more AI processing from the cloud to the PC.</p> <p>The chip, which Nvidia announced at the Computex 2026 conference, has been dubbed the 'superchip.' It combines a high-performance CPU, GPU, AI accelerators and unified memory into a single integrated package. The result is enough computing power to run advanced AI models directly on a laptop or PC. Major PC manufacturers, including Dell, HP, Lenovo, Asus and Microsoft, are expected to adopt the platform.</p> <p>PCs and laptops that use the chip will be "targeted at creators, AI developers and gamers" according to Nvidia’s senior director of product development, Mark Aevermann.</p> <p>The launch reflects Nvidia's broader strategy to extend its dominance beyond data centers and into the client-computing market.</p> </section> <section class="section main-article-chapter" data-menu-title="Florida sues OpenAI and Sam Altman"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Florida sues OpenAI and Sam Altman</h2> <p>In a never-seen-before lawsuit, Florida attorney general, James Uthmeier, has filed the first state-led lawsuit against OpenAI and CEO Sam Altman, over the company’s links to violent incidents.</p> <p>The lawsuit alleges that OpenAI knowingly downplayed safety risks, including potential harms to children and other users. The <a href="https://www.myfloridalegal.com/sites/default/files/openai-filed-stamped-complaint.pdf" target="_blank" rel="noopener">filing</a> argues that because of the AI platform’s misrepresentations, "mass shooters have been aided and abetted in deadly rampages, vulnerable people have been encouraged into suicide, professionals have suffered public humiliation, users have lost critical thinking skills, and minors have become addicted to a tool that feigns human compassion to collect their data with no parental oversight."</p> <p>The legal action represents a significant development and escalation in regulatory scrutiny of generative AI. Florida's complaint focuses on consumer protection and follows increasing public concern about AI-generated misinformation and the impact of generative AI on society. This news follows last week’s <a href="https://www.techtarget.com/searchcio/feature/Weekly-news-roundup-Pope-AI-warnings-YouTube-tackles-AI-slop-and-Meta-subscriptions">encyclical by Pope Leo VIX</a>, warning of AI risks.</p> </section> <section class="section main-article-chapter" data-menu-title="Trump signs AI executive order"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Trump signs AI executive order </h2> <p>On June 2, President Trump signed a new executive order seeking access to advanced AI models in order to curb cybersecurity risks.</p> <p>The order creates a framework for reviewing AI systems before release and strengthens federal involvement in the AI race. The administration has positioned the order as a lighter-touch alternative to more prescriptive regulatory approaches, while still addressing national-security concerns. This executive order follows back-and-forth between the government and the AI industry, with an earlier draft of the order including a 90-day government review period for advanced AI models before public release.</p> <p>The executive order reveals a shift in the government’s approach to AI. Rather than focusing primarily on regulation, the administration is attempting to balance competitiveness, national security and innovation.</p> </section> <section class="section main-article-chapter" data-menu-title="SpaceX eyes largest IPO in history"> <h2 class="section-title"><i class="icon" data-icon="1"></i>SpaceX eyes largest IPO in history</h2> <p>This week, SpaceX unveiled plans for an IPO that could raise as much as $75 billion. This would value the company at roughly $1.77 trillion, making it the largest public offering ever.</p> <p>The company plans to sell more than 555 million shares at $135 each, overtaking the previous IPO record set by Saudi Aramco in 2019. Despite such a large public offering, Elon Musk will remain in control of approximately half of the company’s total shares and will maintain 82.4% of the voting power after the IPO.</p> <p>The IPO is another sign that investors are willing to place enormous bets on companies building the next generation of critical technology platforms.</p> </section> <section class="section main-article-chapter" data-menu-title="Executive moves"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Executive moves </h2> <ul class="default-list"> <li><b>Jorge Gomez. </b>State-owned mining giant Codelco named Jorge Gomez as CEO on June 3rd. Gomez will take over on July 13.</li> <li><b>Eric Litz.</b> Surveillance and financial risk solutions company Eventus named Eric Litz as CTO. Litz most recently held a position as president of Copperhead Technology Group.</li> <li><b>Raj Jegannathan. </b>AI infrastructure provider ChronoScale appointed Jegannathan as CTO on June 4. Jegannathan will lead the company’s global AI compute and GPU platform strategy. </li> </ul> </section> <section class="section main-article-chapter" data-menu-title="IPO watch"> <h2 class="section-title"><i class="icon" data-icon="1"></i>IPO watch</h2> <p>The U.S. IPO market remains a key indicator of broader tech sentiment. Here's a look at the latest listings and activity from the past week, based on data from the Nasdaq IPO calendar:</p> <h3>Applied Aerospace & Defense, Inc.</h3> <ul class="default-list"> <li>Manufacturer of aircraft, satellites, missile systems and other defense platforms.</li> <li>Opening/trading day: June 3.</li> <li>IPO price: $20/share.</li> </ul> <h3>Keystone Acquisition Corp.</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Opening/trading day: June 3.</li> <li>IPO price: $10/share.</li> </ul> <h3>AmperCap Acquisition Co.</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Opening/trading day: June 3.</li> <li>IPO price: $10/share.</li> </ul> <h3>Research Alliance Corp III</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Opening/trading day: June 3.</li> <li>IPO price: $10/share.</li> </ul> <h3>Liftoff Mobile, Inc.</h3> <ul class="default-list"> <li>AI-powered growth company for mobile apps.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $23/share.</li> </ul> <h3>Sunshine Silver Mining & Refining Co.</h3> <ul class="default-list"> <li>A mining company.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $13.50/share.</li> </ul> <h3>Long Table Growth Corp.</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $10/share.</li> </ul> <h3>InterPrivate Investment Partners V, Inc.</h3> <ul class="default-list"> <li>A special purpose acquisition company.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $10/share.</li> </ul> <h3>Quantinuum Inc.</h3> <ul class="default-list"> <li>A quantum computing company.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $60/share.</li> </ul> <h3>Safepoint Holdings, Inc.</h3> <ul class="default-list"> <li>A property and casualty insurance platform.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $15-17/share.</li> </ul> <h3>INNIO Group Holding B.V.</h3> <ul class="default-list"> <li>An energy solutions distributor.</li> <li>Expected opening/trading day: June 4.</li> <li>IPO price: $27/share.</li> </ul> <h3>WhiteHawk Income Corp.</h3> <ul class="default-list"> <li>An oil and gas mineral and royalty company.</li> <li>Expected opening/trading day: June 5.</li> <li>IPO price: $25-27/share.</li> </ul> <h3>Innovative Digital Investors Acquisition Corp.</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Expected opening/trading day: June 5.</li> <li>IPO price: $10/share.</li> </ul> <p><i>Rosa Heaton is a content manager and writer for the IT Strategy team at TechTarget.</i></p> </section> Stay up to date with the latest U.S. tech news, IPOs and executive moves shaping the industry each week. https://cdn.ttgtmedia.com/rms/onlineimages/maze_g467037520.jpg https://www.techtarget.com/searchcio/feature/Weekly-news-roundup-Anthropic-goes-public-Nvidia-superchip-and-SpaceX-historic-IPO Fri, 05 Jun 2026 05:27:00 GMT Weekly news roundup: Anthropic goes public, Nvidia 'superchip,' and SpaceX historic IPO <p>AI is reshaping <a href="https://www.techtarget.com/searchcio/feature/Is-AI-cheaper-than-human-workers">hiring patterns</a> for many companies. The Oliver Wyman Forum, a management and consulting firm, and the New York Stock Exchange surveyed 415 chief executives and found that <a href="https://www.oliverwymanforum.com/ceo-agenda/how-ceos-navigate-geopolitics-trade-technology-people.html" target="_blank" rel="noopener">43% of companies are cutting junior roles</a>, up from 17% in 2025.</p> <p>Not all companies are taking that approach. IBM, for one, plans to triple its entry-level hiring in the U.S. this year, Bloomberg reported in February. And in May, Gartner released <a href="https://www.gartner.com/en/newsroom/press-releases/2026-05-13-gartner-hr-research-reveals-ai-will-create-more-jobs-than-it-eliminates-beginning-in-2028" target="_blank" rel="noopener">research</a> indicating that AI will create more jobs than it eliminates beginning in 2028.</p> <p>While more jobs may materialize in the coming years, job seekers and employers are in the midst of significant upheaval in hiring patterns and team structures. CIOs must consider how AI will impact their enterprises' short- and long-term views on junior talent, <a href="https://www.techtarget.com/searchcio/feature/IT-organizational-restructuring-Leaders-guide-to-when-and-how">how their team structures will change</a>, and what innovation will look like as traditional IT career paths evolve.</p> <section class="section main-article-chapter" data-menu-title="Impact on IT department structures"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Impact on IT department structures</h2> <p>AI is eroding the traditional entry points to a career in IT. Repetitive tasks, considered the bread and butter of learning in early-stage careers, are ripe for automation. The IT help desk, for example, is a prime target for a shift away from human hiring to AI. In 2024, Palo Alto Networks cut its IT support team by roughly half, with plans to reduce it by 80%, according to a CNBC report.</p> <p>Junior software developer roles could also dwindle in favor of AI. Tools such as Claude Code can churn out code and documentation and then test and validate much faster than seasoned developers, let alone those just starting out in their careers. The New York Times describes how many developers today are writing less code and instead focusing on directing agents to write code on their behalf.</p> <p>If companies continue down the path of putting AI to work instead of junior talent, IT teams, and entire organizational structures will look different. The traditional pyramid structure -- a large base of entry-level employees supporting a smaller group of mid-level employees, both of which are overseen by top-tier senior talent -- could morph into a diamond shape. PwC describes <a href="https://www.pwc.com/us/en/tech-effect/ai-analytics/agentic-ai-workforce-redesign.html" target="_blank" rel="noopener">the diamond structure</a> as "a small leadership team, a strong middle layer, and a narrow base of new talent."</p> <p>Not all potential organizational shifts are built on the premise of reduced junior talent. IT teams could also morph into an inversion of the diamond structure: the hourglass. In this organizational model, talent flows to the top and bottom, narrowing at the middle. AI lessens the need for middle managers, the base of AI-literate entry-level workers expands and room for highly skilled leaders grows, according to PwC.</p> <p>Human talent might slide to one end in the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6437839" target="_blank" rel="noopener">barbell model</a>. In this structure, "high-value human work" sits opposite "AI-automated workflows," while "routine knowledge work" declines in the middle.</p> <p>Other organizations may seek to create pods of human talent that have cross-functional expertise. IBM, for example, has formed "AI fusion teams" to partner with various business stakeholders.</p> <p>"In the past, where I would just have a core platform team, I formed fusion teams that are more malleable, more adaptable to be able to go and focus on specific business outcomes and then maintain those assets afterward," Matt Lyteson, CIO, technology platforms at IBM, told TechTarget. "These fusion capabilities are directly tied to business functions in order to develop more of the agentic…capabilities."</p> </section> <section class="section main-article-chapter" data-menu-title="The argument for junior talent"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The argument for junior talent</h2> <p>While some companies are cutting hiring for junior talent roles, others see value in the opposite approach. The Oliver Wyman Forum survey found that companies leading on AI ROI are hiring junior workers at a higher rate than companies finding ROI difficult to achieve -- 24% versus 17%.</p> <p>What kind of value can junior IT talent deliver when much of the work that they have traditionally performed at the beginning of their careers can be automated?</p> <p>"I very strongly feel that this is actually the most appropriate time for us to hire people coming with fresh ideas, fresh graduates, because these are the people who are closest to the technology disruption that's happening," Sumit Johar, CIO at BlackLine, said.</p> <p>Junior talent also come to their first jobs without decades of experience built before the current adoption wave of generative AI and agentic workflows. That lack could, in some ways, be an asset, according to Johar.</p> <p>"The challenge that we see is more on the senior staff that we have because it is difficult to unlearn something that you have already learned," he said. "If you have been performing a role for 20 years; you're an experienced professional. You're probably going to display a lot more inertia to a change than a junior person."</p> <p>Many people in senior IT roles can and will adapt to AI, but organizations that place a premium on that high-level talent and automation could find themselves at a disadvantage in the future.</p> <p>"You hire fewer early-career employees, fewer less experienced hires, then you're essentially outsourcing your talent development to your competitors," said Kaelyn Lowmaster, director analyst in the Gartner HR practice. "If you're not developing people in-house, you might have talent pipelines internally that dry up."</p> </section> <section class="section main-article-chapter" data-menu-title="What this means for traditional career paths"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What this means for traditional career paths</h2> <p>The Oliver Wyman Forum survey indicates a trend of reduced hiring of junior talent. But other reports, like Gartner's, suggest that more jobs will eventually emerge in response to AI. The fear of AI job loss may even be exaggerated; CNN recently reported that job openings for software engineers are actually growing.</p> <p>While AI's long-term impact on entry-level roles is still up for debate, IT workers seeking employment face a tough job market today. This year alone, more than 160 tech companies have <a href="https://layoffs.fyi/" target="_blank" rel="noopener">cut over 116,000 tech jobs</a>, Layoffs.fyi reports. Finding a job can feel like flinging resumes into a void. Despite what appears to be a strong job market, getting hired is a major challenge for many people, CNN reports.</p> <p>In this environment, the traditional IT career path visualized as a ladder -- start at the bottom rung and climb up to mid-level and senior roles -- is changing. The bottom rungs of the ladder may not be disappearing entirely, but the competition to reach them is fierce, and once people start their climb, the expectations are different.</p> <p>IBM, for one, examined how AI would affect certain IT roles and began to redefine them a couple of years ago, according to Lyteson.</p> <p>"We're not going to hire any more system administrators. We're going to hire site reliability engineers," he explained. "Now the expectation is that you're able to come in and work alongside the AI to, yes, do those tasks, but more importantly, think about the end-to-end</p> <p>impact of that and how we may look at improving the operation overall."</p> <p>Similarly, at BlackLine, the expectation is for junior talent to do more alongside AI. "We're saying, 'Hey, can we elevate these junior roles, so they are able to perform much higher, much more impactful contributions?'" said Johar.</p> <p>How exactly junior IT talent will grow their careers will depend on the organizational models that their employers embrace. AI literacy will be a baseline expectation from employers. IT workers may need to find other ways to differentiate themselves and advance in their organizations.</p> <p>"Technical skills ultimately are going to become commoditized, meaning that you will have a lot of people who can build agents," said Johar. "Your key differentiation is your domain knowledge."</p> </section> <section class="section main-article-chapter" data-menu-title="Executive takeaway"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Executive takeaway</h2> <p>It can sound like IT jobs, entry level and beyond, are doomed or on the precipice of flourishing like never before, depending on who you ask.</p> <p>"We're in very much the messy middle right now where the impact of AI on the workforce is running ahead of the value that AI is creating for most organizations," Lowmaster said. "We're going to see that gap close over the course of the coming two to three years."</p> <p>As that gap closes, CIOs can watch industry-wide hiring and firing trends. But they also need to think about their own enterprises' approach to junior talent and their IT team structure.</p> <h3>Employee retention</h3> <p>The "<a href="https://www.stlouisfed.org/on-the-economy/2026/mar/effects-low-fire-low-hire-economy-workers" target="_blank" rel="noopener">low-fire, low-hire</a>" environment can push employee retention down on the list of CIOs' priorities. The challenge of finding new jobs often keeps people where they are in this environment. But that could change over time.</p> <p>"In our data, we've started to see pent up attrition risk," Lowmaster shared. "We've seen job satisfaction rates decline, and we've seen intent to stay decline. Organizations that say – 'we don't have a retention problem right now.' You do; you just aren't seeing it quite yet."</p> <p>CIOs need to consider if the IT team structures they are building are prepared for potential attrition, particularly if there are no plans to bring in fresh talent.</p> <h3>Defining IT roles</h3> <p><a href="https://www.techtarget.com/searchcio/feature/AI-surge-fuels-dramatic-transformation-of-CIO-role">CIOs have a role</a> in defining the shape of IT career paths for their employees. Amidst all the noise surrounding AI, workers need clarity around their roles and expectations.</p> <p>"We found that clarity around role and future potential for that role actually makes it more likely that an employee is going to engage with AI tools in the way that organizations want them to," Lowmaster said.</p> <h3>Fostering junior talent</h3> <p>Whether teams add more junior roles or fewer, it remains important to engage with that talent and prepare them to support whatever IT team structures emerge from AI disruption. CIOs need to help junior-level workers <a href="https://www.techtarget.com/searchcio/tip/In-demand-AI-skills">develop the skills</a> the enterprise needs to move forward.</p> <p>At IBM, junior-level employees partner with a senior-level architect in some cases. Lyteson also seeks opportunities for "showcases," in which he engages talent at various levels within his team. Recently, an entry-level worker showed him how she was using IBM Bob, the company's AI coding agent.</p> <p>"We get exposure to them as senior leaders within the organization, and simultaneously, it gives them an opportunity to grow as they're showing off some of the great work that they're doing," said Lyteson.</p> <h3>Short-term efficiency gains versus long-term planning</h3> <p>Long-term planning is a vital element of the CIO's job. Are the decisions they are making about their team structure today sustainable?<b> </b></p> <p>Lowmaster pointed out, "The most efficient move in the moment might not be the most value-generating move longer term when it comes to things that take a while to show up: <a href="https://www.techtarget.com/searchcio/tip/The-CIOs-guide-to-skills-based-workforce-planning">skills development</a> versus skills atrophy, talent pipelines and bare succession benches."</p> <p><i>Carrie Pallardy is a freelance journalist with experience writing in cybersecurity, technology and healthcare. She currently covers a wide range of issues relevant to today's CIOs and IT leaders. </i> </p> </section> The IT career ladder is transforming as AI automates entry-level tasks, forcing companies to rethink hiring strategies and redefine what junior roles look like. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a199952058.jpg https://www.techtarget.com/searchcio/feature/Survey-finds-CEOs-cutting-junior-roles Thu, 04 Jun 2026 15:19:00 GMT Survey finds CEOs cutting junior roles to AI: How it impacts IT <p>Data security is a non-negotiable strategic imperative cloaked with business implications for risk management and competitive advantage.</p> <p>Organizations today face ever-increasing cybersecurity risks -- both internal and external. Safeguarding data against financial losses, regulatory penalties and reputational damage is not merely a technical issue; it is an enterprise priority.</p> <p>To that end, data encryption is a key component in <a href="https://www.techtarget.com/searchsecurity/tip/How-to-secure-AI-infrastructure-Best-practices">modern AI</a>, cloud and collaboration ecosystems.</p> <p>Data exists in three phases:</p> <ul class="default-list"> <li><b>Data at rest.</b> Data stored or saved on devices such as local computers, file servers or cloud storage. It is not actively in use or being moved.</li> <li><b>Data in use.</b> Data being processed, accessed or temporarily held in a system's memory or processors while operations are performed on it.</li> <li><b>Data in motion.</b> Data being transferred between locations, such as across networks, between devices or over the internet.</li> </ul> <p>Each phase requires different technologies and approaches to mitigate threats. Organizations that operationalize data security across all phases gain a measurable competitive advantage.</p> <section class="section main-article-chapter" data-menu-title="Aligning encryption with business goals and risk management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Aligning encryption with business goals and risk management</h2> <p>Executives must establish data encryption as a strategic control that delivers enterprise value. Organizations that adopt a risk-based encryption approach can identify and prioritize data according to its impact on business.</p> <p>CISOs and their teams should align data security with regulatory compliance -- e.g., <a href="https://www.techtarget.com/searchsecurity/tip/Data-sovereignty-compliance-challenges-and-best-practices">data sovereignty</a> laws and industry standards; customer trust and brand protection; and digital transformation initiatives, such as cloud, data sharing and AI.</p> <p>Governance must include clear executive ownership for data assets across business units. Mandate accountability for encryption key management and technical support.</p> <p><b>Executive insight:</b> <i>Protect data where it reduces material risk exposure.</i></p> </section> <section class="section main-article-chapter" data-menu-title="How to secure data at rest: Foundation of data protection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to secure data at rest: Foundation of data protection</h2> <p>Data at rest encompasses databases, cloud storage, endpoints, backups and other static data repositories. In today's distributed environments spanning regional data centers, edge computing and IoT, these locations can be very diverse.</p> <p>To protect stored data, prioritize the following five specific actions:</p> <ul class="default-list"> <li><b>Data discovery and classification.</b> Identify and label what matters most to the business. An organization cannot protect what it does not know about.</li> <li><b>Encryption strategies.</b> Determine whether full encryption -- encrypting all data -- or selective encryption -- encrypting only specific, sensitive data -- is best based on sensitivity and performance requirements. Endpoint systems in particular will require attention and support.</li> <li><b>Infrastructure security.</b> <a href="https://www.techtarget.com/searchsecurity/feature/Guide-to-cloud-security-management-and-best-practices">Secure cloud</a> and on-premises environments, including patching, monitoring, key management and physical security.</li> <li><b>Access governance.</b> Limit access based on roles and business needs, and implement MFA and <a href="https://www.techtarget.com/searchsecurity/feature/How-to-implement-zero-trust-security-from-people-who-did-it">zero-trust security</a> where possible.</li> <li><b>Human risk mitigation.</b> Conduct encryption training and awareness.</li> </ul> <p>An effective system to manage data encryption and secure storage offers several positive business outcomes, such as reduced breach likelihood, reduced breach impact, stronger compliance posture with reduced penalties and improved audit readiness.</p> </section> <section class="section main-article-chapter" data-menu-title="How to secure data in use: Protecting active data"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to secure data in use: Protecting active data</h2> <p>Data in use includes information that is being processed, accessed or analyzed by users and systems.</p> <p>Four leadership priorities exist to secure data in use:</p> <ul class="default-list"> <li><b>Access control and minimal privileges.</b> Configure fine-grained access controls that adhere to the <a href="https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP">principle of least privilege</a> to mitigate common data risks.</li> <li><b>Data minimization.</b> Use masking, tokenization and obfuscation to help hide data that users aren't authorized to access.</li> <li><b>Emerging technologies.</b> Use approaches such as confidential computing, secure enclaves and memory protection.</li> <li><b>Insider threat mitigation.</b> Establish <a href="https://www.techtarget.com/searchsecurity/feature/Insider-threat-vs-insider-risk-Whats-the-difference">user behavior and access patterns</a> using logging and data monitoring.</li> </ul> <p>Beneficial business outcomes include reduced insider risk from deliberate or accidental threats, safer analytics and AI adoption, and improved collaboration and data sharing.</p> </section> <section class="section main-article-chapter" data-menu-title="How to secure data in motion: Protecting data flows"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to secure data in motion: Protecting data flows</h2> <p>Data in motion includes information moving across on-premises, cloud and public networks. Data in transit can be intercepted, blocked or modified, posing a significant risk to critical business operations.</p> <p>Top leadership priorities for protecting data in motion include:</p> <ul class="default-list"> <li><b>End-to-end encryption.</b> Integrating data encryption across all connections, including the internal network, is essential. Key technologies include TLS, HTTPS, VPNs and secure tunnels.</li> <li><b>Network security architecture.</b> Establish zero-trust principles in network authentication and access control to mitigate impersonation and hijacking attacks.</li> <li><b>Third-party and supply chain risk management.</b> Secure data exchanges with partners and vendors. Set clear security requirements for all communications between these entities.</li> <li><b>Continuous monitoring.</b> Use <a href="https://www.techtarget.com/searchitoperations/The-definitive-guide-to-enterprise-IT-monitoring">monitoring tools</a> to detect anomalies in data movement that suggest misuse or an attack.</li> </ul> <p>Securing data in motion on all networks brings several crucial business benefits, including mitigation of data interception, modification and exfiltration; secure digital ecosystems and partnerships, and reduced data exposure in cloud environments.</p> </section> <section class="section main-article-chapter" data-menu-title="Visibility, metrics and KPIs for encryption effectiveness"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Visibility, metrics and KPIs for encryption effectiveness</h2> <p>Measuring success is crucial to justifying investments, maintaining auditability and satisfying compliance requirements.</p> <p>Key metrics for measuring encryption and data security performance include:</p> <ul class="default-list"> <li>Percent of data identified and classified.</li> <li>Percent of data encrypted in each phase -- data at rest, in use and in motion.</li> <li>Time to remediate encryption gaps.</li> <li>Key management incidents or failures.</li> <li>Mean time to detect and mean time to respond to data threats.</li> <li>Unauthorized access attempts blocked.</li> <li>Compliance audit success rates.</li> <li>Compliance audit failure rates.</li> <li>Third-party data compliance.</li> </ul> <p>These metrics directly tie to risk reduction and compliance outcomes, both of which are fundamental to an organization's data management strategy. CISOs should provide stakeholders with dashboards for easy visibility and reporting.</p> </section> <section class="section main-article-chapter" data-menu-title="Strategic recommendations and next steps"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Strategic recommendations and next steps</h2> <p>Treat data security as a <a href="https://www.techtarget.com/searchsecurity/tip/Best-practices-for-board-level-cybersecurity-oversight">board-level requirement</a> with enterprise strategy implications. Establish a lifecycle-based security strategy that allocates resources according to data value and risk. To do this, first assess where critical data resides. Then, align encryption to risk and compliance goals. Finally, invest in the technologies, training and governance needed to protect data in all three phases.</p> <p>Organizations that act now will reduce risk, strengthen trust and enable secure growth as they secure data at rest, in use and in motion.</p> <p><i>Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.</i></p> </section> Data is the lifeblood of modern commerce; securing it properly requires a top-level, strategic commitment that dovetails with risk management and competitive advantage. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Global-cyber-security-hero.jpg https://www.techtarget.com/searchsecurity/feature/Best-practices-to-secure-data-at-rest-in-use-and-in-motion Wed, 03 Jun 2026 19:45:00 GMT How to secure data at rest, in use and in motion <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Executive summary</h3> <p>AI is weakening trust in biometric authentication:</p> <ul class="default-list"> <li>AI creates realistic deepfakes, voice clones and fake identities using public photos, audio and video.</li> <li>Attackers use these tools to bypass onboarding, account recovery, call centers and access controls.</li> <li>Attackers often win by targeting support staff and manual approval steps, not the biometric check itself.</li> <li>Biometrics cannot be reset once compromised.</li> <li>Enterprises can respond by shifting to layered identity security that combines biometrics with device trust, behavioral signals and cryptographic credentials.</li> </ul> </div> </div> <p>Biometrics can help verify identity more conveniently than passwords, but AI is making them easier to spoof, harder to trust and more dependent on context than ever.</p> <p>A 2025 <a target="_blank" href="https://www.biometricsinstitute.org/state-of-biometrics-report-2025/" rel="noopener">report</a> from the Biometrics Institute warns that AI-generated deepfakes and synthetic identities are making it harder for organizations to distinguish legitimate users from increasingly sophisticated impersonation attempts. That shift is forcing enterprises to rethink how they use biometric authentication across the business, including onboarding and account recovery use cases. Systems once designed to confirm identity at a single point in time now face <a href="https://www.techtarget.com/searchsecurity/tip/Real-world-AI-voice-cloning-attack-A-red-teaming-case-study">attackers who can generate realistic faces, cloned voices</a> and synthetic personas at scale.</p> <p>"AI has collapsed the cost of producing a convincing spoof, so we need to worry about individual hackers and hacker groups and not just nation-states," said Brian Fending, managing director at Ordovera Advisory, an AI-focused consulting firm.</p> <p>As a result, organizations are moving away from treating biometrics as standalone proof of identity and toward layered models that combine device trust, behavioral signals and contextual risk scoring.</p> <section class="section main-article-chapter" data-menu-title="AI makes biometric spoofing easier and cheaper"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI makes biometric spoofing easier and cheaper</h2> <p>AI is lowering the barrier to entry for creating fake identity signals. In the past, biometric spoofing required specialized tools or direct access to a person or their devices to capture biometric data. Attackers can now do it with widely available AI systems that generate realistic faces, voices and fingerprints.</p> <p>These systems learn from photos, audio and video of a person -- often pulled from public sources such as social media, podcasts, earnings calls or recorded meetings. As a result, <a href="https://www.techtarget.com/searchcio/feature/ais-cybersecurity-paradox-how-CIOs-can-keep-up-with-change">attackers no longer need deep expertise</a>. They can generate and refine fake identities at scale until one succeeds.</p> <p>Common attack types include the following:</p> <ul class="default-list"> <li><b>Remote identity proofing.</b> AI-generated faces and documents bypass onboarding checks that rely on selfies or ID scans.</li> <li><b>Account recovery.</b> Cloned voices or deepfake videos trick support systems into resetting accounts.</li> <li><b>Privileged access workflows.</b> Synthetic identities bypass biometric checks in admin-level systems.</li> <li><b>Financial services.</b> Fake identities pass verification for banking, credit and transactions.</li> <li><b>Call centers.</b> Voice cloning impersonates customers over the phone.</li> <li><b>Social engineering.</b> Fake audio or video pressures employees into approving actions or sharing access.</li> </ul> <p>Voice and face remain the biggest risks because people already expose them in public through everyday digital activity. That makes these signals easier to collect and reconstruct than other biometric traits, such as fingerprints.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Anyone who has been on a recorded earnings call, a podcast or any public video has volunteered enough training data to produce a usable model of themselves. </figure> <figcaption> <strong>Brian Fending</strong>Managing director, Ordovera Advisory </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"Anyone who has been on a recorded earnings call, a podcast or any public video has volunteered enough training data to produce a usable model of themselves," Fending said.</p> <p>Fingerprints are less exposed, but not immune. AI can still reduce the barrier to spoofing using partial inputs, such as clear photos of a hand or photos of prints left on surfaces.</p> <p>"Traditionally, spoofing a fingerprint scanner required physical artifacts such as lifted prints, fabricated silicone overlays, etc. … Generative models can now synthesize fingerprint images that fool sensor-level matching algorithms," said Gaurav Kulkarni, senior manager of Azure Security at Microsoft.</p> </section> <section class="section main-article-chapter" data-menu-title="The social layer is weakest"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The social layer is weakest</h2> <p>Even strong biometric systems often fail outside the biometric check itself. Attackers don't always need to defeat the face scan or voice model directly. Instead, they <a href="https://www.techtarget.com/searchsecurity/tip/Prepare-for-deepfake-phishing-attacks-in-the-enterprise">target the workflows around it</a> -- especially account recovery, help desk support and manual overrides.</p> <p>These exception paths often sit outside strict technical controls. If an attacker can convince support staff they are the legitimate user, they can reset credentials or escalate access without ever touching the biometric system. That makes the human process -- not the algorithm -- the real security boundary.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Many identity failures happen not at the front door, but through account recovery, help desk workflows and manual overrides. </figure> <figcaption> <strong>Brian Behe</strong>CTO, RIIG Technology </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>As a result, many organizations are tightening verification in support channels and strengthening recovery processes, since these are often the <a href="https://www.cybersecuritydive.com/news/social-engineering-preferred-initial-access/803363/">easiest entry points</a>.</p> <p>"Many identity failures happen not at the front door, but through account recovery, help desk workflows and manual overrides. If an attacker can bypass the biometric system by convincing a support desk, then the biometric control is not the real control," said Brian Behe, CTO of RIIG Technology, an AI-first risk intelligence and cybersecurity infrastructure developer.</p> </section> <section class="section main-article-chapter" data-menu-title="Examples of biometric spoofing"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Examples of biometric spoofing</h2> <p>A well-known <a href="https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk">case</a> from 2024 in Hong Kong illustrates the scale of the threat. A finance employee at a multinational company transferred roughly $25 million after joining a video call that appeared to include senior colleagues, including the CFO. The attackers used <a href="https://www.techtarget.com/searchcio/tip/How-executives-can-counter-AI-impersonation">AI-generated audio and video to impersonate</a> trusted individuals and create a convincing business context for the request.</p> <p>"That story matters because it shows the threat is not just about whether a biometric system can be technically fooled. The bigger issue is whether AI can manufacture enough trust to defeat a business process," Behe said.</p> <p>Technical testing shows the same underlying weakness from a different angle. Instead of human trust, it measures how well systems withstand AI-generated attacks.</p> <p>"NIST's biometric testing programs have documented meaningful failure rates against presentation attacks in systems that would have passed evaluation two years ago," Kulkarni said.</p> <p>Kulkarni saw similar results in his own hands-on testing, where voice biometric systems were directly challenged using synthetic audio.</p> <p>"During an authorized internal security assessment, I tested a voice biometric authentication system using synthesized voice profiles built from publicly available audio samples. The authentication was bypassed. The sad part is that it was a controlled test on a production-grade system, and it worked with tools that are now significantly more accessible than they were when I ran that test," Kulkarni said.</p> </section> <section class="section main-article-chapter" data-menu-title="The problem isn't just spoofing -- it's permanence"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The problem isn't just spoofing -- it's permanence</h2> <p>Enterprises originally adopted biometrics because they seemed <a href="https://www.techtarget.com/searchsecurity/tip/Evaluate-biometric-authentication-pros-and-cons-implications">stronger and more convenient than passwords</a>. Users do not need to remember them, and systems do not rely on shared secrets that people can guess or reuse. That made biometrics an attractive foundation for authentication.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A biometric identifier is not a secret in the same way a password is a secret. </figure> <figcaption> <strong>Brian Behe</strong>CTO, RIIG Technology </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>However, that strength also creates a structural weakness. Unlike passwords, people cannot change their biometric identifiers once attackers compromise them.</p> <p>"A biometric identifier is not a secret in the same way a password is a secret. A face, voice or fingerprint can be captured, copied, synthesized or replayed," Behe said.</p> <p>That changes the risk model. A compromised biometric does not affect just one system or one login. It can persist across multiple systems and use cases wherever that same signal is used for verification.</p> <p>"Enterprises are quietly committing to a permanent privacy and security posture they cannot walk back," Fending said.</p> </section> <section class="section main-article-chapter" data-menu-title="The future is layered identity assurance"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The future is layered identity assurance</h2> <p>Enterprises are moving away from treating biometrics as proof of identity on their own. Instead, they are building layered systems that combine trusted devices, cryptographic credentials, behavioral signals and contextual risk analysis. The goal is no longer to verify a face or voice alone, but to build higher confidence that the right user is truly accessing a system.</p> <p>This reflects a broader shift in thinking. Biometrics still matter, but they now act as one signal among many rather than the core of authentication.</p> <p>"Biometric identifiers are not credentials, rather they are fixed facsimiles bound to a credential. Most organizations are deploying them as if they were credentials without thinking through that permanence," Fending said.</p> <p>At the same time, organizations are reassessing <a href="https://www.techtarget.com/searchsecurity/definition/passwordless-authentication">passwordless authentication</a> strategies. Moving away from passwords was the right step because attackers can easily compromise them. Yet, that does not automatically make biometrics the right primary replacement.</p> <p>"Passwordless was the right direction as passwords are a genuinely weak control, and moving away from them made sense. What needs revisiting is the assumption that biometrics-as-primary-factor is inherently secure," Kulkarni said.</p> <p>Instead, many organizations are shifting biometric checks closer to the device itself. In this model, a fingerprint or face simply unlocks a credential stored locally, while cryptographic keys tied to that device handle authentication. Even if a biometric is spoofed, the attacker still needs physical access to the device.</p> <p>"What I expect is a shift toward passkey-based architectures that keep biometric verification local to the device so that the biometric never traverses a network or gets stored in a centralized template database that can be breached. Paired with credentials locked to a specific device means even if a biometric is spoofed, the attacker still needs that physical device to get in," Kulkarni said.</p> <p><em>Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.</em></p> </section> AI is making biometric authentication easier to spoof, forcing enterprises to rethink identity security and adopt layered authentication models. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a279596285.jpg https://www.techtarget.com/searchcio/feature/deepfakes-are-killing-biometric-trust Wed, 03 Jun 2026 11:44:00 GMT Deepfakes are killing biometric trust <p>Vibe coding has emerged as a way for organizations of all sizes to quickly develop a wide range of applications.</p> <p>Gone are the days when only trained developers could build sophisticated applications. While the generative AI that enables <a href="https://www.techtarget.com/searchcio/feature/Vibe-coding-What-IT-leaders-need-to-know">vibe coding</a> to democratize development is powerful, it also exposes multiple risks to organizations. A <a href="https://info.redaccess.io/shadow-ai-builders-security-report" target="_blank" rel="noopener">report</a> from Red Access puts a number on a risk many IT executives suspected but couldn't quantify. Scanning more than 380,000 web assets across vibe-coding platforms, including Lovable, Replit and Base44, researchers identified 5,000 built for corporate purposes. Of those, 40% contained sensitive data deployed without basic security controls. Every exposure was reachable by anyone with a browser.</p> <p>This is not the <a href="https://www.techtarget.com/searchsecurity/tip/Shadow-AI-How-CISOs-can-regain-control-in-2026">shadow AI</a> problem the industry has discussed for two years, which centered on employees pasting data into AI chat on personal accounts. Red Access documented employees building full applications, connecting them to production systems, and deploying them publicly as shadow IT applications, while IT remains unaware.</p> <section class="section main-article-chapter" data-menu-title="The data that should keep you up at night"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The data that should keep you up at night</h2> <p>In any given year, there is always a good volume of <a href="https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020">security stats </a>that can keep IT professionals awake at night. Vibe coding introduces another whole set of concerns.</p> <h3>The Red Access research findings</h3> <p>Some of the key findings in the Red Access report include:</p> <ul class="default-list"> <li>2,000 of the 5,000 identified vibe-coded applications contained sensitive data with no authentication, no access controls and no audit trail.</li> <li>Data types exposed included financial records, patient conversations, strategic documents and credentials and API keys.</li> <li>According to Red Access, in a 'meaningful number of cases', applications granted administrative access by default to any visitor who reached the URL.</li> <li>Cases included a live financial dashboard at one of Latin America's largest banks and strategic documents from a $200 billion company, reached through a vendor's tool.</li> <li>Exposures documented across every industry and every continent, including Fortune 500 enterprises, reached through third-party vendor tools, with organizations, in some cases, passing compliance audits while the exposures remained live.</li> </ul> <p>"What we found was that no sector was clean. Legal, healthcare, government, finance and, with some irony, instances tied to cybersecurity companies, that mix is what reframed it for us," Dor Zvi, CEO of Red Access, said. "This isn't a niche problem in any one vertical. It's a category-level pattern, and it means the work for security teams is both stack work and coaching work because the people building these apps aren't malicious, they're competent employees solving real problems faster than their organization could."</p> <h3>The broader AI coding security landscape</h3> <p>The Red Access report is not the first, nor is it likely to be the last, report on the AI coding risks. The Red Access findings sit inside a broader picture of vibe coding security risks and AI-generated code vulnerabilities.</p> <ul class="default-list"> <li>Veracode's 2025 <a href="https://www.veracode.com/resources/analyst-reports/2025-genai-code-security-report/" target="_blank" rel="noopener">GenAI Code Security Report </a>found security weaknesses in 45% of AI-generated code samples.</li> <li>Apiiro <a href="https://apiiro.com/blog/4x-velocity-10x-vulnerabilities-ai-coding-assistants-are-shipping-more-risks" target="_blank" rel="noopener">reported</a> AI-assisted developers shipped code three to four times faster while producing security findings at roughly 10 times the rate.</li> <li>A March 2025 <a href="https://news.utsa.edu/2025/04/utsa-researchers-investigate-ai-threats-in-software-development/" target="_blank" rel="noopener">study </a>from the University of Texas at San Antonio found nearly one in five AI-generated code samples from the GPT- series referenced software packages that did not exist.</li> <li>Escape.tech <a href="https://escape.tech/state-of-security-of-vibe-coded-apps" target="_blank" rel="noopener">scanned</a> more than 2,000 critical vulnerabilities across 1,400 production vibe-coded applications, along with exposed secrets and sensitive information.</li> <li>Harness reported in its 2025 <a href="https://www.harness.io/state-of-software-delivery" target="_blank" rel="noopener">State of Software Delivery</a> that 67% of developers spend more time debugging AI-generated code than before adopting AI coding tools.</li> </ul> <h3>The financial impact</h3> <p>The risk from an insecurely coded application can be material to an organization.</p> <p>IBM's <a href="https://www.ibm.com/reports/data-breach" target="_blank" rel="noopener">2025 Cost of a Data Breach Report</a> provides hard numbers on the costs of shadow AI incidents to organizations.</p> <ul class="default-list"> <li>Shadow AI incidents average $4.63 million per breach, $670,000 above the baseline for standard breaches.</li> <li>63% of organizations that experienced AI-related breaches lacked an AI governance policy.</li> <li>32% of breached organizations paid regulatory fines, with 48% exceeding $100,000.</li> </ul> <p><a href="https://www.techtarget.com/searchcio/feature/The-hidden-costs-of-AI-What-leaders-must-budget">Hidden costs</a> often extend further with technical debt from unreviewed AI code, performance remediation and emergency patching as unsecured applications move from prototype to production.</p> </section> <section class="section main-article-chapter" data-menu-title="Why this is your biggest blind spot"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why this is your biggest blind spot</h2> <p>The challenge for many enterprises is that traditional security controls were designed for IT-controlled application deployment. With vibe coding, that's no longer the case, leading to unsecured AI applications and AI code exposure risks.</p> <p><b>The visibility gap.</b> There is a clear visibility gap in the security of AI coding tools, as it resides in an area that traditional IT security doesn't monitor.</p> <p>"The problem with shadow AI is it skips all of the different types of enterprise controls and processes, which assume that there is a review from governance, procurement, architecture, security and change management," said Erik Avakian, technical counselor at Info-Tech Research Group and former chief information security officer for the Commonwealth of Pennsylvania.</p> <p><b>The speed paradox. </b>Vibe coding is fast, enabling users to rapidly go from idea to a publicly reachable production system connected to live enterprise data.</p> <p><b>The democratization double-edge</b>. Non-technical employees can now build and deploy full applications, and most have no background in authentication, access controls or data classification.</p> <p>"These non-technical employees think they're enhancing productivity," said Charles Henderson, head of DivisionHex at Coalfire. "In reality, they're creating a new attack surface that's unmonitored and unsecured.</p> <p><b>The "it's just a quick tool" mentality.</b> Employees don't see internal tools as security risks. "It's just for our team" becomes a publicly accessible URL, and prototype becomes production without review because deployment is a single click. "They may share a link without realizing it can be forwarded. They may connect an entire folder when the tool only needs five fields," said Tom Levi, field CISO and director of cyber-risk strategy at CYE, a global cybersecurity company. "That is where a small workflow shortcut can become a material business exposure."</p> </section> <section class="section main-article-chapter" data-menu-title="The real-world scenarios"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The real-world scenarios</h2> <p>Vibe coding risks are not hypothetical; there are real-world scenarios, including the following examples:</p> <ul class="default-list"> <li><b>The sales dashboard.</b> A sales manager builds a deal tracker in a vibe coding tool, connects it to the CRM and publishes without authentication. Customer names, deal values and forecasts sit at a guessable URL, indexed by Google. "The composite version of a case I've seen more than once: a small internal dashboard pulling from a CRM extract, deployed via the platform's default publish to web flow. API key embedded directly in the front-end bundle. No auth gate,"Krti Tallam, senior member of technical staff at KamiwazaAI said.</li> <li><b>The HR tool.</b> An HR coordinator builds an employee directory with salary bands, performance reviews and personal information. The link gets shared internally, and the app is also publicly accessible. The builder never considered regulatory liability or the lack of an audit trail.</li> <li><b>The customer support helper.</b> A business team builds a tool to summarize customer tickets or patient conversations, and security discovers it is processing customer names, contract details and regulated data outside normal controls.</li> <li><b>The financial tracker.</b> A finance team member builds an expense tracker connected to accounting systems. Sensitive financial data is accessible using a public URL, creating a compliance exposure that the builder never considered.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Why traditional security approaches fail"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why traditional security approaches fail</h2> <p>Enterprises have multiple tools and processes in place for security; however, most traditional security approaches fail for several reasons.</p> <h3>The tool proliferation problem</h3> <p>The vibe-coding market spans dozens of platforms, including Lovable, Replit, Base44, Bolt and Cursor, with new entrants constantly. Blocking them all would cut off the work that organizations depend on. "Blocking everything feels decisive, but it usually drives the activity into places security cannot see," Levi said.</p> <h3>The detection challenge</h3> <p>Apps are deployed to Netlify, Vercel and Replit's external hosting, not on corporate infrastructure or networks, generating no signal in traditional asset discovery tools and no DNS records pointing to corporate domains. They appear in no asset inventory. Phishing pages impersonating Bank of America, FedEx, Trader Joe's and Costco on vibe-coding platform subdomains, found by Red Access researchers, inherit the platform's domain reputation, neutralizing domain-based filtering.</p> <p>"Traditional monitoring was not built to see AI-centric activity," Henderson said. "It misses things like prompt-based data exfiltration, OAuth AI integrations, browser-based tools, model-to-data interactions and API token sprawl."</p> </section> <section class="section main-article-chapter" data-menu-title="The immediate action plan"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The immediate action plan</h2> <p>CIOs are not helpless against the risks of vibe coding. There are some immediate steps that can be taken to help manage the risk.</p> <h3>Discovery and assessment</h3> <p>Start with inventory, not policy, and complete it within 30 days. Frame it as an ask, not an audit. "Before any tooling decision, run a workforce-wide inventory ask. Not an audit -- an ask," Zvi said.</p> <p><i>Action items:</i></p> <ul class="default-list"> <li>Survey development teams on AI coding tool usage.</li> <li>Review credit card statements for platform subscriptions and search for corporate email addresses on Lovable, Replit, Base44 and similar platforms.</li> <li>Check for apps deployed under corporate accounts on Netlify, Vercel and Replit.</li> <li>Identify which teams handle sensitive data, evaluate regulatory compliance impacts and calculate financial exposure.</li> </ul> <h3>Immediate risk mitigation</h3> <p>Once you know what exists, act on the highest-risk exposures first. Publicly accessible apps with no authentication are the priority.</p> <p><i>Action items:</i></p> <ul class="default-list"> <li style="list-style: none;"> <ul class="default-list"> <li>Implement a temporary pause on new vibe-coded app deployments.</li> <li>Require all existing applications to be registered and make clear what happens if teams do not comply.</li> <li>Add authentication to any publicly accessible app immediately and remove sensitive data from apps that cannot be quickly secured.</li> <li>Provide approved platforms with built-in controls as an alternative.</li> </ul> </li> </ul> <h3>Long-term governance framework</h3> <p>The long-term goal is to enable users to use vibe coding to build secure applications without resorting to a shadow approach.</p> <p>"Build the paved path," said Will Bengtson, CISO at ConductorOne. "Create the AI skills files, the process, the blessed route for deploying an app inside your organization."</p> <p><i>Action items:</i></p> <ul class="default-list"> <li>Develop an AI coding governance policy covering acceptable use cases, prohibited data types and approval workflows.</li> <li>Deploy discovery tools, extend data loss protection rules to major vibe-coding platform domains and integrate security scanning into approved workflows.</li> <li>Provide some training to users within the organization on authentication, access controls and data classification before they build.</li> </ul> <p>"The goal isn't to stop shadow AI coding," Tallam said. "It's to make sure the audit trail survives it."</p> </section> <section class="section main-article-chapter" data-menu-title="Conclusion: The choice you face"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Conclusion: The choice you face</h2> <p>Vibe coding usage is real and isn't going to disappear. Responsible and proactive CIOs and IT leaders must face the reality shown by the data.</p> <p>Red Access found 5,000 corporate-purpose vibe-coded applications exposed on the public internet. These apps did not require exploitation to access, and they were not listed in any asset inventory. In other words, this is not a hypothetical risk or a future concern. The apps are live now, and employees are continuing to build more.</p> <p>For most organizations, the choice to enable AI-assisted development has effectively already been made. The real question is whether CIOs put governance around it before one of these apps becomes the next security incident.</p> <p>"The honest framing is that they're how you start, not how you finish," Zvi said.</p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i> </p> </section> Vibe coding democratizes app development—but at what cost? New research exposes a shadow IT crisis hiding in plain sight. https://cdn.ttgtmedia.com/rms/onlineimages/code_g1287248739.jpg https://www.techtarget.com/searchcio/feature/vibe-coding-security-crisis-CIOs-cant-ignore Tue, 02 Jun 2026 14:06:00 GMT Research shows the vibe coding security crisis CIOs can't ignore <p>CIOs and IT leaders face a growing disconnect: Organizations may employ enough IT staff but still lack the capabilities needed to execute digital transformation initiatives.</p> <p>Accelerating AI adoption, modernization initiatives and cybersecurity demands increasingly collide with <a href="https://www.techtarget.com/searchcio/tip/How-AI-powered-learning-affects-the-IT-skills-gap">persistent IT skills shortages</a>. The result? Organizations struggle to acquire the talent and technical expertise they need to deliver innovative, resilient services to their workforces and customers.</p> <p>A complete staff may still lack critical expertise in areas like cloud, AI, cybersecurity or process redesign. Project success depends not just on having head count but on having the right skills in the right roles to meet specific business needs.</p> <p>This skills gap is more than an inconvenience or fundamental hiring concern; it is an urgent business issue requiring a defined IT talent strategy. Specific challenges include the following:</p> <ul class="default-list"> <li><a href="https://www.techtarget.com/searchhrsoftware/feature/The-AI-skills-gap-is-getting-worse-Why-and-what-to-do">AI shortens the shelf-life of technical skills</a>, forcing continuous learning.</li> <li>Enterprises face ongoing pressure to do more with fewer resources.</li> <li>Workforce agility increasingly determines how quickly organizations can execute digital strategy and remain competitive.</li> <li>Rigid organizational charts limit resource effectiveness and flexibility.</li> </ul> <p>IT leaders are turning to skills-based workforce models. They focus on the specific capabilities employees have, rather than the titles or positions they hold. The goal is to increase flexibility and establish a more project-centric approach. Organizations can assemble teams quickly, shift talent to changing priorities and close skill gaps more precisely.</p> <p>It also supports better skills-based hiring, learning and internal mobility decisions by making workforce needs visible at the skill level, not just the role level.</p> <section class="section main-article-chapter" data-menu-title="Why traditional workforce planning is failing CIOs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why traditional workforce planning is failing CIOs</h2> <p>Legacy workforce planning models worked well in the past, but they cannot keep pace with modern business realities and transformation demands.</p> <p>These include the following:</p> <ul class="default-list"> <li>AI-era infrastructure requirements.</li> <li><a href="https://www.techtarget.com/searchapparchitecture/tip/From-chaos-to-control-Multi-cloud-development-strategies">Multi-cloud</a> and <a href="https://www.techtarget.com/searchDataCenter/tip/From-core-to-edge-Strategies-for-scalable-compliant-and-agile-IT">edge</a> integrations.</li> <li>Low-latency application requirements.</li> <li><a href="https://www.techtarget.com/searchITOperations/feature/How-digital-employee-experience-strategy-drives-productivity">Digital employee experience</a> and remote work expectations.</li> <li>Increasingly complex AI-driven cybersecurity threats.</li> <li>Rigid compliance obligations.</li> <li>Customer resilience expectations.</li> </ul> <p>Traditional planning assumes stable roles and predictable technology environments. These assumptions are documented in established, siloed organizational charts that limit agility.</p> <p>However, under modern conditions, job descriptions and annual workforce cycles become outdated faster than transformation roadmaps evolve. Workforce planning also remains disconnected from business and technology strategy.</p> <p>Organizations without enough specialized talent experience stalled projects and delayed initiatives.</p> <h3>Head count vs. skills</h3> <p>Organizations with sufficient head count might still lack critical skills in the following areas:</p> <ul class="default-list"> <li>Cloud migrations and edge integrations.</li> <li>AI deployment.</li> <li>Cybersecurity modernization.</li> </ul> <h3>Mismatched capabilities</h3> <p>Technical staff may lack the diverse skills needed for AI programs, including the following:</p> <ul class="default-list"> <li>Data engineering.</li> <li><a href="https://www.techtarget.com/searchenterpriseai/definition/AI-governance">AI governance</a>.</li> <li><a href="https://www.techtarget.com/whatis/definition/machine-learning-operations-MLOps">Machine learning operations</a>.</li> <li>Automation architecture.</li> </ul> <p>These mismatches cause specific issues that hinder innovation and stall projects, including workforce agility and responsible cost management.</p> <h3>Workforce agility</h3> <p>Workforce agility is a business resilience and execution problem. Organizations without visibility into their workforce's capabilities struggle to adapt quickly to changing priorities or adopt skills-based hiring. They also cannot easily reconcile the cost of training with initiative-specific business objectives. The ability to identify and redeploy skills rapidly is becoming a competitive advantage.</p> <h3>Technical employee ROI</h3> <p>A rigid workforce model, with predefined roles, little visibility into skills and inattention to skill development, incurs significant business costs.</p> <p>These include the following:</p> <ul class="default-list"> <li>Higher spending on contractor talent.</li> <li>Slower AI time-to-value.</li> <li>Failed or delayed transformation initiatives.</li> <li>Inefficient staffing allocations.</li> <li>Increased <a href="https://www.techtarget.com/searchitoperations/tip/Strategies-to-boost-DEX-scores-and-employee-productivity">IT talent dissatisfaction</a>, burnout and attrition.</li> </ul> <p>Traditional workforce planning optimizes for long-term organizational stability, while modern IT organizations require rapid, skills-based adaptability.</p> </section> <section class="section main-article-chapter" data-menu-title="What is skills-based workforce planning?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is skills-based workforce planning?</h2> <p>Skills-based workforce planning uses capabilities and skills rather than job titles or descriptions as the primary framework for forecasting, deploying and developing IT talent. This approach aligns employee skills more dynamically with changing business priorities, improves workforce agility and closes critical capability gaps related to AI, cloud and digital transformation initiatives.</p> <p>Traditional planning has the following traits:</p> <ul class="default-list"> <li>Job-title focused.</li> <li>Periodic workforce reviews.</li> <li>Human labor only.</li> <li>Head count allocation.</li> <li>Static, semi-permanent organizational structures.</li> </ul> <p>Skills-based planning differs in the following ways:</p> <ul class="default-list"> <li>Capability-focused.</li> <li>Continuous workforce visibility.</li> <li><a href="https://www.techtarget.com/searchcio/tip/AI-augmented-teams-Training-for-human-machine-collaboration">Employees, contractors, AI agents</a> and gig talent.</li> <li>Dynamic capability deployment.</li> <li>Flexible IT talent ecosystem.</li> </ul> <p>Skills-based workforce planning requires new approaches to manage talent and capability. Rather than looking at indicators like seniority and fixed department roles, use a more flexible model that offers the following:</p> <ul class="default-list"> <li>Continuous skills planning vs. periodic planning.</li> <li>Capability-based portfolios.</li> <li>Internal IT talent marketplaces.</li> <li>Skills adjacency and transferable skills.</li> <li><a target="_blank" href="https://www.gartner.com/en/articles/human-ai-workforce" rel="noopener">AI-assisted</a> workforce intelligence.</li> </ul> <p>When the organization launches a new initiative, IT leaders ask themselves, "Who has the necessary or adjacent skills to contribute to this project?" Projects and assignments draw on a complete workforce of employees, contractors, gig talent and AI.</p> <p>While AI creates new skills gaps, it also helps organizations manage workforce complexity. AI-assisted workforce planning can do the following:</p> <ul class="default-list"> <li>Infer employee skills.</li> <li>Identify adjacent capabilities.</li> <li>Forecast workforce gaps.</li> <li>Recommend learning paths.</li> <li>Dynamically match talent to projects.</li> </ul> <p>AI also aids with specific skills development plans, enabling new learning paths.</p> </section> <section class="section main-article-chapter" data-menu-title="Build a skills-based workforce planning framework"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Build a skills-based workforce planning framework</h2> <p>Use the following framework to construct a skills-based workforce planning approach tailored to existing talent, current projects and anticipated requirements. Structure the framework as a <a href="https://www.techtarget.com/whatis/definition/continuous-learning">continuous learning</a> and development cycle rather than a standalone project or annual learning plan.</p> <ul class="default-list"> <li><b>Secure executive buy-in and cross-functional governance. </b>Align IT, HR, finance and business leaders around workforce priorities. Establish governance for workforce data and capability planning.</li> <li><b>Create a comprehensive skills inventory. </b>Use self-assessments, certifications, project histories and AI-driven inference tools to organize results. Prioritize visibility into mission-critical capabilities first.</li> <li><b>Align skills to current strategic business outcomes.</b> Map workforce capabilities directly to AI initiatives, cloud modernization, cybersecurity priorities and operational resilience goals. Emphasize business requirement priorities over exhaustive cataloging.</li> <li><b>Identify existing gaps related to current projects.</b> This can include existing infrastructure and cloud projects, AI deployments in progress and compliance-alignment activities centered on <a href="https://www.techtarget.com/searchcloudcomputing/tip/A-data-sovereignty-primer-for-cloud-admins">data sovereignty</a> and related regulations.</li> <li><b>Use skills data to match employees with new projects and roles. </b>Shift from role-based staffing to capability-based deployment. Implement internal talent marketplaces and project-based work allocation. Benefits include improved workforce utilization, faster project staffing and stronger employee satisfaction and retention.</li> <li><b>Build continuous learning and upskilling programs that match anticipated business needs.</b> The programs should focus on microlearning and just-in-time learning tools; relevant IT certifications covering cloud, AI, infrastructure and other priorities; rotational assignments; experiential learning; and enterprise-wide AI literacy.</li> <li><b>Measure and track progress as the workforce planning platform matures.</b> Use metrics such as skills coverage gaps, internal mobility, time-to-staff projects, transformation delivery speed, AI initiative acceleration and <a href="https://www.techtarget.com/searchcio/feature/Key-strategies-for-retaining-top-tech-talent">retention of high-value talent</a>.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Common implementation challenges"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common implementation challenges</h2> <p>Skills-based workforce planning presents unique challenges, including measurement methods and resistance. Address these using good governance practices and incremental adoption.</p> <p>Common challenges and their solutions are as follows:</p> <ul class="default-list"> <li><b>Data quality and skills standardization. </b>Establish standardized skills definitions across teams to accurately identify capabilities. Start with critical business areas before scaling enterprise-wide.</li> <li><b>Manager resistance and change management. </b>Identify skills champions, align incentives and reward talent development. Present workforce planning as an ongoing business capability.</li> <li><b>Technology integration and tool selection. </b>Use AI-powered workforce intelligence platforms that integrate with HR and project management systems.</li> <li><b>Balancing speed with accuracy. </b>Enable employee self-service updates and AI-assisted validation of skills profiles.</li> </ul> <p>Emphasize organizational adoption and continuous business capability mapping over technology use. Align leadership with skills management and business objectives.</p> </section> <section class="section main-article-chapter" data-menu-title="The future of IT workforce strategies"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The future of IT workforce strategies</h2> <p>AI continues to reshape workforce capabilities and requirements, along with enterprise operating models. Short-term changes will likely include the following:</p> <ul class="default-list"> <li>Skills-based planning becomes tightly linked to the <a href="https://www.techtarget.com/searchcio/feature/AI-transformation-is-inevitable-but-requires-change-management">AI transformation strategy</a>.</li> <li>Internal talent marketplaces expand and become essential planning tools.</li> <li>Workforce planning becomes increasingly data-driven and predictive, matching the speed of innovation requirements.</li> <li>CIOs and IT leaders gain better visibility into enterprise capabilities and deployment gaps.</li> </ul> <p>Long-term predictions will see continued change, including the following:</p> <ul class="default-list"> <li>Static IT job architectures will become less centralized and more flexible.</li> <li>Organizations will increasingly manage more complete, blended workforces that include: <ul style="list-style-type: circle;" class="default-list"> <li>Employees.</li> <li>Contractors.</li> <li>Gig specialists.</li> <li>AI-enabled digital labor.</li> </ul> </li> <li>Workforce agility will become a crucial competitive differentiator, gradually replacing organizational charts that lack insights into crucial skills.</li> </ul> <p>Skills-based workforce planning is ultimately about organizational adaptability and better use of existing talent. The enterprises that succeed in the AI era will be those that can continuously identify, develop and redeploy capabilities at the speed of technological change.</p> <p><em>Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to TechTarget Editorial, The New Stack and CompTIA Blogs.</em></p> </section> Organizations often have enough IT staff but face critical skills gaps that hinder digital transformation. Skills-based workforce planning can solve this issue. https://cdn.ttgtmedia.com/rms/onlineimages/telecommunications_g1247980427.jpg https://www.techtarget.com/searchcio/tip/The-CIOs-guide-to-skills-based-workforce-planning Tue, 02 Jun 2026 10:31:00 GMT The CIO's guide to skills-based workforce planning <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Executive summary</h3> <p><strong>Key takeaways for CIOs on AI agent governance:</strong></p> <ul class="default-list"> <li>Build a centralized inventory of AI agents, including ownership, permissions and system access.</li> <li>Classify agents by both risk level and potential blast radius if something goes wrong.</li> <li>Enforce governance through policy as code at the process and network layers, not just through employee policies or training.</li> <li>Assign clear accountability for every agent or group of agents across the enterprise.</li> <li>Support business experimentation with agents while embedding technical oversight and governance expertise within departments.</li> </ul> </div> </div> <p>AI agents are popping up across the enterprise faster than most CIOs can track them.</p> <p>Developers build side-project agents, departments connect agents to external tools and SaaS vendors increasingly embed agentic features directly into enterprise software. Many organizations still lack clear inventories and <a href="https://www.techtarget.com/searchenterpriseai/tip/Agentic-AI-governance-strategies-A-complete-guide">governance processes for those systems</a>, even as the agents gain access to sensitive data. Additionally, CIOs face growing pressure to understand how these systems operate and how to audit them if something goes wrong.</p> <p>TechTarget interviewed David Baum, founder and CEO of AI governance platform Roval, about the <a href="https://www.techtarget.com/searchdatamanagement/feature/How-agentic-AI-governance-tackles-data-security-challenges">emerging challenges surrounding agentic AI governance</a>. Baum argued that many enterprises still cannot fully see or classify the agents operating across their environments, that traditional IT monitoring tools struggle to track agent behavior and that organizations need new approaches to inventory management and auditability.</p> <p>In the following interview, Baum explains why AI agents create new governance problems and what CIOs can do to build oversight and accountability into agentic systems.</p> <p><b>Editor's note:</b> The following transcript was edited for length and clarity.</p> <p><b>Why is visibility into AI agents so difficult for enterprises right now?</b></p> <p>David Baum: First, these are new, and they're a different breed of system. Agents are not servers, they don't have IP addresses and they don't appear as rows in your infrastructure inventory. An agent running as a scheduled function inside a SaaS platform, or something similar, doesn't leave the same type of footprint that system operators and administrators are used to seeing -- you can't find it in your <a href="https://www.techtarget.com/searchdatacenter/definition/configuration-management-database">configuration management database</a>.</p> <p>Second, agents aren't applications. So, a single SaaS application might contain three, five or 10 embedded AI features, each behaving as an independent agent with its own data access patterns. Existing systems don't really see the agents operating inside these applications.</p> <p>Third, agents are not users. They do act on behalf of users, often have credentials and may use service accounts, API keys or OAuth tokens, but your identity and access management system doesn't show that user with the usage patterns you'd expect. You can't monitor it in the same way with the same type of tools. It doesn't show that the user's permissions are being exercised in an autonomous way 200 times an hour -- that would completely blow up every monitoring view and dashboard. So, it's a problem of legacy tools not keeping up with this rapidly <a href="https://www.techtarget.com/searchcio/feature/agentic-ai-case-studies-for-cios">evolving way of building capabilities</a>.</p> <p><b>When we think about AI agent security incidents or compliance incidents, what kind of things typically go wrong?</b></p> <p>Baum: Incidents can be difficult to classify because existing tools often lack the insight needed to do so. Systems like Sentry, that monitor everything that happens on the network layer and offer you observability and insight into all traffic through a proxy, router or a firewall, capture quite a lot. However, agents operate not only on the LLM API call layer, where they can include or not include various types of sensitive or non-sensitive information as they call an API, but they also use several tools and internal data sources. Therefore, the <a href="https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity">complexity and heterogeneity of incidents</a> are among the main problems. Building systems that can monitor and observe that level of complexity is really where most enterprises fail.</p> <p>You capture some of the aspects of an incident, but not all of it -- and that's where things go wrong. It can be as simple as the unaudited execution of a decision, where a model wasn't supposed to make a decision based on a set of parameters, but <a href="https://www.techtarget.com/searchenterpriseai/tip/How-to-identify-and-manage-AI-model-drift">model drift pushed the model's confidence</a> just enough to reach a limit the old model didn't. To detect something like that, you need insight into the call and the response, but you must also understand what happened during the last model upgrade. This is very difficult to debug and understand. Additionally, an incident could just be access to a tool where the underlying user credentials the agent used had changed for some other reason.</p> <p><b>What does "not knowing what agents you have" look like in real organizations?</b></p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> They eventually move on to a different organization or role and forget to turn off the agent. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Baum: The first category is developer side projects. Early adopters often build agents that do actual business work, but they're developers in their business. Maybe they're using Claude Code, Codex or Cursor, but they have a lot of authority because they build systems. They eventually move on to a different organization or role and <a href="https://www.techtarget.com/searchcio/feature/AI-sprawl-vs-CIOs-The-battle-to-control-enterprise-AI">forget to turn off the agent</a>. Then, suddenly, you get drift in tool access or the underlying model.</p> <p>The second is department-level deployments, where a department operates as a silo, as they often do. These deployments are one of the fastest-growing and hardest-to-govern categories, especially when departments work with multiple partners or integrations and connect agents to external tools. They start working on internal matters and may also have access to systems governed by other departments or business areas. It often turns into a source of conflict within the organization.</p> <p>Another quickly growing category is vendor-provided agents, where your agents aren't things that you've deployed internally. They're embedded in SaaS tools that you or your users subscribe to. Many of them are enabled by default when you start using these tools and platforms, and the observability and access to that is even more limited. Some platforms offer observability with the tool, whereas others you have to upgrade to enable it. Mostly, these things go undetected, even though they often have access to internal data and systems.</p> <p><b>How are enterprises currently trying to govern their agents?</b></p> <p>Baum: We have a few best-in-class cases. Take Brex, for example. They've just published an open source package on GitHub that actually helped them monitor some of their agents. Their internal developers built that themselves because they saw the need, and they're a massive business within many different business areas within payments, HR and logistics. They built this system to be able to govern their own internal systems, but also to be able to comply with their larger enterprise customers' needs for insight and observability.</p> <p>The worst case is when the CIO is first confronted with the issue because someone on the board asks, 'How many AI agents do we currently have deployed across the business?' In many cases, the answer is, 'I don't know.'</p> <p>That's obviously a terrible position for a CIO to be in, but it's probably still the most common scenario today. Many organizations are not yet prepared. They don't have the systems, organizational structures or <a href="https://www.techtarget.com/searchenterpriseai/tip/Best-practices-for-leading-and-managing-agentic-teams">culture in place to properly monitor and govern these agents</a>.</p> <p><b>What does auditability mean in the context of autonomous agents?</b></p> <p>Baum: First, you must be able to inventory your agents. Second, you want a classification taxonomy or rubric that classifies agents by capabilities, such as whether the risk is low, medium, high, or maybe a five-degree rubric. Even more important now than in the traditional view of IT systems is blast radius – the effect if something goes wrong. One is how risky the agent is, depending on the behavior it's designed to have, and the other thing is the total blast radius, which is more a function of what that agent has access to.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> An audit must contain at least that classification of risk and an analysis of the blast radius. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>This is where you find the real friction, because the more useful or helpful an agent is, the more authority you've given it. That also increases the blast radius. An audit must contain at least that classification of risk and an analysis of the blast radius.</p> <p>Then, the governance aspect is the mitigation strategy. How do you handle this? <a href="https://www.techtarget.com/searchenterpriseai/tip/Does-your-organization-need-an-AI-ethics-committee">Who is responsible, and what is the response protocol</a> if something goes wrong? That's especially important if you're within a regulated industry.</p> <p><b>If an AI agent does something it wasn't supposed to do, what information would a CIO need to trace what happened?</b></p> <p>Baum: Ideally, you need a proper system in place to monitor and provide observability. Some of the larger enterprise platforms have emergent capabilities that help with that. One broadly adopted, both open source and commercially available framework called LangChain has an extension called LangSmith, which is an agentic observability platform that you can freely use as an open source, self-hosted version, or you can adopt it.</p> <p>You can use systems like Rebuild or Roval, which monitor the network traffic generated by agents, monitor the tool use in a sidecar to the agent and leave an audit trail of everything that the agent does, including the action it takes in scripts on the file, what systems it accesses, what network egress it has, which systems it contacts, what it receives, what it sends and what that contains.</p> <p>That's especially important in regulated industries, where you want to monitor whether an agent is sending information to the LLM API, which contains personal information. Agents need to be monitored in a multimodal way at several levels of their operational infrastructure.</p> <p><b>How is regulation, including efforts like the EU AI Act, shaping how organizations think about AI agents?</b></p> <p>Baum: It hasn't affected many organizations yet for two reasons. One is the EU AI Act requirements for implementation have been <a target="_blank" href="https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/" rel="noopener">pushed out</a> until the end of 2027, which is probably a good thing, even though it does increase the time span in which things can go wrong.</p> <p>Part of the problem is that the AI Act wasn't written with agents in mind, and it actually doesn't use the term at all. It does briefly mention LLMs, but it was written based on research done years ago on prediction engines and the use of deep neural nets. It's really hard to interpret what organizations should do to comply with the EU AI Act.</p> <p>There's an army of advisors out there working on helping businesses interpret and <a href="https://www.techtarget.com/searchcio/feature/Regulatory-trends-every-CIO-should-watch">understand how they should implement it</a>, but there hasn't been any developments yet in standards for various sections and subsections of industry. It's largely left to industry itself to determine how we interpret and develop best practices for agent inventory, audit, monitoring and management.</p> <p><b>What are some quick wins that CIOs can implement over the next six to 12 months when it comes to AI agent governance?</b></p> <p>Baum: Do this in a way that encourages teams across the enterprise to continue working with agents, because if done well, the rewards are very tangible. You don't want to kill this off with fear-mongering.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Make it easy for employees to register agents in a centralized inventory. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>First, make it easy for employees to register agents in a centralized inventory. Ideally, build software that lets the agent do it itself and updates its own configuration. Some of the enterprise platforms support this, but mostly they don't.</p> <p>Second, make sure that a single individual is responsible for each agent, or a team of agents. Organize them topically or by division or organization, and connect with those people. Build a community and knowledge among those people about <a href="https://www.techtarget.com/searchenterpriseai/feature/Security-risks-in-agentic-AI-systems-and-how-to-evaluate-threats">the risks</a> and opportunities. That could be your primary channel for spreading the culture around the policy.</p> <p>But for the agents, people having a culture around policy doesn't mean anything. Agents need policy as code. So, my third piece of advice would be to build in policy as code. Make sure that you manage at least two aspects of agentic behavior. One would be a sidecar approach where you deploy code that the agent acts upon, reads and is also controlled by at the process level. Also, make sure you deploy policy as code within the network layer so you can manage network access for the agent. This will give you access to audit and monitor what happens over time and <a href="https://www.computerweekly.com/opinion/Guardian-agents-Stopping-AI-from-going-rogue">stop any agent that has gone rogue</a>.</p> <p><b>You say a single individual should be responsible for each agent or team of agents. So, who's responsible for agents in most organizations right now?</b></p> <p>Baum: A wonderful thing about this technology is that you can use natural language to describe what you want, and the software builds itself. This leads to an explosion in citizen developers. That's the positive term, whereas rogue agents are the negative side of that.</p> <p>I love to think of this as <a href="https://www.techtarget.com/searcherp/podcast/Using-a-citizen-developer-program-to-boost-AI-deployments">employees becoming citizen developers</a>, where they can use natural language to build a software tool that solves a problem -- which is exactly where you want to go. However, the challenge with that is it's not always clear who is accountable for that agent. A citizen developer may have enough knowledge of the business problem to describe it to a software system that builds the software, but they certainly don't have the experience to manage it. And if you look up at the command chain, their team leader doesn't either -- maybe they work in HR, finance or marketing.</p> <p>You need embedded technologists with agentic knowledge in every part of the business, but not as an intelligent service. They should be helpful people who can offer guidance, but also be accountable and in control.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Never say that no one is allowed to develop or deploy agents, or that agents are only for the IT department. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>One final note: never say that no one is allowed to develop or deploy agents, or that agents are only for the IT department. IT department ownership of this is a surefire way to kill a lot of the value creation.</p> <p><b>Is there any misconception that enterprises have about governing AI agents that you see?</b></p> <p>Baum: AI often requires an upfront investment, and it can take time to generate a return on that investment. So, many organizations are <a href="https://www.techtarget.com/searchenterpriseai/tip/Practical-tips-for-agentic-AI-cost-optimization">afraid to add tooling just to get this stuff done</a>. In a very uncertain environment, it's often hard to take an investment like this seriously enough, because this is experimental technology. The misconception is that we can manage agents with existing tools, management systems and auditing frameworks. These are completely different animals.</p> <p><em>Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.</em></p> AI agents are spreading faster than CIOs can manage. AI governance platform CEO David Baum explains why traditional IT governance tools struggle to monitor them. https://cdn.ttgtmedia.com/rms/onlineimages/chatbot_g1199436523.jpg https://www.techtarget.com/searchcio/feature/the-ai-agent-governance-gap-how-cios-can-gain-control Fri, 29 May 2026 12:46:00 GMT The AI agent governance gap: How CIOs can gain control <p>This was a big week for AI tech news as Pope Leo cautioned against the risks of technology in a landmark intervention against AI monopolies,YouTube announced new measures to curb AI slop and the American Federation of Teachers warned against AI use in school. Meanwhile, Meta moved ahead with its social media subscription plans and ByteDance joined the AI chip race.</p> <p>Here's what you need to know from the week starting May 25, plus the latest updates in IPOs and executive leadership.</p> <section class="section main-article-chapter" data-menu-title="Pope Leo warns against AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Pope Leo warns against AI</h2> <p>Pope Leo XIV made global headlines this week after releasing his first major encyclical, which focuses on safeguarding humanity from artificial intelligence.</p> <p>In the document, <a href="https://www.vatican.va/content/leo-xiv/en/encyclicals/documents/20260515-magnifica-humanitas.html" target="_blank" rel="noopener">Magnifica Humanitas</a>, the Pope warned that AI risks concentrating power with increasing AI monopolies, weakening human dignity and accelerating inequality if left unchecked. He argued that technology should serve humanity rather than replace human judgement.</p> <p>“AI is already an environment in which we are immersed, as well as a force with which we must engage. For this reason, merely regulating it is insufficient; it must be disarmed, welcoming and accessible,” said Pope Leo XIV. This unprecedented intervention from the Vatican shows how AI has become more than simply a commercial and political issue.</p> <p>The story also gained additional attention because of dialogue and collaboration between Pope Leo and AI company, Anthropic. Anthropic is increasingly positioning itself as the face of ethical AI, and its co-founder, Christopher Olah, made an address during the Pope’s encyclical.</p> </section> <section class="section main-article-chapter" data-menu-title="YouTube cracks down on hidden AI content"> <h2 class="section-title"><i class="icon" data-icon="1"></i>YouTube cracks down on hidden AI content</h2> <p>YouTube <a href="https://blog.youtube/news-and-events/improving-ai-labels-viewers-creators/" target="_blank" rel="noopener">announced</a> this week that it will begin automatically identifying and labeling AI-generated or AI-edited videos, even when creators fail to disclose it themselves.</p> <p>Not only will YouTube automatically identify AI content, but it will also move the AI content label to a more prominent and obvious position on the webpage. In the announcement, YouTube says that “these changes are designed to balance transparency with creator control.” Content will be automatically labelled as AI-generated if creators do not disclose it themselves, but there will be no penalties. Monetization or promotional reach will remain unchanged.</p> <p>More aggressive AI labeling may become standard across social platforms as regulators demand greater transparency and consumer frustration with lower-quality <a href="https://www.techtarget.com/searchcio/feature/AI-Slop-The-hidden-enterprise-risk-CIOs-cant-ignore">AI slop</a> continues to grow.</p> </section> <section class="section main-article-chapter" data-menu-title="Teachers union sounds alarm over AI in schools"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Teachers union sounds alarm over AI in schools</h2> <p>In the latest hit against AI, American Federation of Teachers (AFT) president Randi Weingarten called for a ban on screens for students in preschool and warned against AI use in schools.</p> <p>Weingarten claimed that today’s students are drowning in tech and that there was not sufficient legislation for AI-use in schools.</p> <p>Weingarten outlined a 10-step plan to tackle these issues. The plan includes:</p> <ul class="default-list"> <li>No screen time for students from pre-K to second grade</li> <li>Redesigning schools to focus on active learning</li> <li>A focus on safety and <a href="https://www.techtarget.com/searchcio/news/366623178/AI-tests-limits-of-data-privacy-regulation">privacy</a> when using AI in schools</li> <li>A need for independent research into best practices for tech in education</li> <li>Protecting intellectual and academic freedoms in schools</li> </ul> <p>As AI continues to dominate workplace headlines, schools are likely to come under similar scrutiny as adoption rises.</p> </section> <section class="section main-article-chapter" data-menu-title="Meta launches social media subscriptions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Meta launches social media subscriptions</h2> <p>Meta officially launched new subscription offerings this week across Instagram, Facebook and WhatsApp.</p> <p>Naomi Gleit, head of product at Meta, introduced Instagram Plus, Facebook Plus and WhatsApp Plus in an <a href="https://www.instagram.com/p/DY2dHCWMZST/?hl=en" target="_blank" rel="noopener">announcement </a>on Instagram.</p> <p>Extra features will be available for subscription holders including AI capabilities, verification perks and enhanced creator functionality. The rollout marks one of the company’s biggest shifts away from the traditional ad-only social media model to a subscription model. This allows Meta to monetize its existing audience base and creates another revenue stream for the company.</p> <p>Meta is paving the way for a reshaping of social media economics. Platforms that were once free may increasingly release hybrid services where premium tools sit behind paywalls.</p> </section> <section class="section main-article-chapter" data-menu-title="ByteDance enters chip race"> <h2 class="section-title"><i class="icon" data-icon="1"></i>ByteDance enters chip race</h2> <p>ByteDance, the parent company of TikTok, emerged this week as the latest tech giant moving aggressively into the AI chip race. The company is developing custom CPU chips and increasing spending on AI infrastructure, while also striking major semiconductor deals with Qualcomm.</p> <p>ByteDance’s expansion also reinforces how TikTok is evolving from a social media app into a much broader AI technology company.It alsogives insight into the future plans of the social media company.</p> </section> <section class="section main-article-chapter" data-menu-title="Executive moves"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Executive moves</h2> <ul class="default-list"> <li><b>Diego Teijeiro Ruiz. </b>Ruiz took on his position as CIO at H&M Group following his appointment earlier this year, following a 20-year stint atInditex.</li> <li><b>Nathan Shetty. </b>Shetty was appointed CIO at asset management and advisory firm SEI. Shetty previously held a role as senior managing director and head of asset at Nuveen.</li> <li><b>Ashraf Alkarmi. </b>On May 26, Dropbox <a href="https://blog.dropbox.com/topics/company/dropbox-leadership-update" target="_blank" rel="noopener">announced</a> Ashraf Alkarmi as its new co-CEO. Alkarmi will hold the position alongside fellow co-CEO Drew Houston.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="IPO watch"> <h2 class="section-title"><i class="icon" data-icon="1"></i>IPO watch</h2> <p>The U.S. IPO market remains a key indicator of broader tech sentiment. Here's a look at the latest listings and activity from the past week, based on data from the Nasdaq IPO calendar:</p> <h3>Disciplined Growth Acquisition Corp.</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Opening/trading day: May 27.</li> <li>IPO price: $10/share.</li> </ul> <h3>Deep Fission Inc.</h3> <ul class="default-list"> <li>A nuclear energy startup.</li> <li>Expected opening/trading day: May 29.</li> <li>IPO price: $24-26/share</li> </ul> <h3>Innovative Digital Investors Acquisition Corp.</h3> <ul class="default-list"> <li>A blank check company.</li> <li>Expected opening/trading day: May 29.</li> <li>IPO price: $10/share.</li> </ul> <p><i>Rosa Heaton is a content manager and writer for the IT Strategy team at TechTarget.</i></p> </section> Stay up to date with the latest U.S. tech news, IPOs and executive moves shaping the industry each week. https://cdn.ttgtmedia.com/rms/onlineimages/maze_g467037520.jpg https://www.techtarget.com/searchcio/feature/Weekly-news-roundup-Pope-AI-warnings-YouTube-tackles-AI-slop-and-Meta-subscriptions Fri, 29 May 2026 10:11:00 GMT Weekly news roundup: Pope AI warnings, YouTube tackles AI slop and Meta subscriptions <p>With the announcement that it is laying off 20% of its workforce, Cloudflare became the latest in a growing list of technology companies shedding employees while increasing AI investments.</p> <p>Cloudflare is best known for providing cybersecurity, content delivery, and internet performance services to millions of users worldwide, including businesses and governments. Cloudflare built a global network to help make websites faster and more secure, eventually expanding into cloud security, edge computing, zero-trust networking and developer services. Today, Cloudflare has an 83% market share of the <a href="https://www.techtarget.com/searchapparchitecture/tip/Reverse-proxy-vs-load-balancer-How-do-they-compare">reverse proxy market</a>, with an estimated 20% of internet traffic running through it, according to <a href="https://w3techs.com/technologies/overview/proxy/" target="_blank" rel="noopener">data</a> from W3Techs.</p> <p>The organization reported 34% revenue growth year-over-year, beating Wall Street expectations, shortly before announcing on May 8, 2026, that it would be laying off about 1,100 employees globally.</p> <p>A <a href="https://blog.cloudflare.com/building-for-the-future/" target="_blank" rel="noopener">memo</a> to the staff said the actions were not a cost-cutting exercise or an assessment of individuals' performance; they were about "Cloudflare defining how a world-class, high-growth company operates and creates value in the agentic AI era."</p> <p>Cloudflare's AI usage has increased by more than 600% in the last three months alone, according to the memo, fundamentally changing the way the organization works.</p> <p>"That means we have to be intentional in how we architect our company for the agentic AI era in order to supercharge the value we deliver to our customers and to honor our mission to help build a better Internet for everyone, everywhere," the memo said.</p> <p>The scenario is not new. AI has been cited in over 73,000 tech industry job cuts across 95 companies in 2026 alone, according to Layoffs.fyi, begging the question: is AI the future of cybersecurity, or a risky bet that exposes organizations to new vulnerabilities?</p> <section class="section main-article-chapter" data-menu-title="Understanding agentic AI in the cybersecurity context"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding agentic AI in the cybersecurity context</h2> <p>Traditional AI can handle single tasks with limited human direction. Agentic AI works more autonomously, enabling it to plan multi-step tasks, adapt to changing conditions, make decisions and work until the objective is complete with little to no human oversight.</p> <p>When implemented in cybersecurity applications, AI can provide continuous network monitoring, pattern recognition and threat detection across multiple data sources and initiate automated incident response and containment when needed.</p> <p>In its push to usher in its "agentic AI era", Cloudflare modified its operating model by using AI agents across the board, including in engineering, HR, marketing and finance.</p> <p>The most notable is engineering, where Cloudflare built an internal AI stack called iMARS (Internal MCP Agent/Server Rollout Squad) using its own AI infrastructure products. The system integrates coding assistants, internal MCP servers, automated testing, and code review agents, according to its website. To date, 93% of its R&D organizations now use AI coding tools, and all AI-generated code is reviewed by autonomous agents, according to the company's blog.</p> <p>Cloudflare is also using AI agents in HR, marketing and finance, reporting that it runs thousands of AI agent sessions each day to complete tasks.</p> </section> <section class="section main-article-chapter" data-menu-title="The efficiency promise: What IT executives need to know"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The efficiency promise: What IT executives need to know</h2> <p>By restructuring, Cloudflare expects to incur $140 to $150 million in restructuring charges in 2026, which includes $105 to $110 million in cash for severance, benefits, and notice periods, as well as $35 to $40 million in non-cash equity vesting, according to a report by MSN.com.</p> <p>In return, the company plans to gain long-term operational efficiency as it enters its "agentic AI era." The organization currently analyzes 227 billion cybersecurity threats daily using ML models. The work is completed at machine speed and without fatigue.</p> <p>The annual Cost of a Data Breach Report published by IBM in conjunction with the Ponemon Institute stated that organizations using AI and automation extensively for security save nearly 40% on breach-related expenses.</p> <p>The transformation that AI promises is less about individuals using assistance more regularly throughout the day and more about transforming the nature of work and how whole classes of work are done at an organizational level, said Adam MaGill, global chief information security officer at Concentrix.</p> <p>This transformation requires re-architecting of identity management and organizational responsibility. Unlike human workers, AI agents cannot be managed with traditional multifactor authentication; they require fine-grained, non-deterministic controls to mitigate agent drift and limit the "blast radius", or total scope of potential damage that can be caused by potential incidents from a misbehaving agent. The damage can include data corruption, security breaches or flawed workflows.</p> <p>As more organizations transition their workflows, third-party risk management will likely evolve to include contractual obligations for vendors to use frontier models for vulnerability, MaGill said.</p> <p>As more AI agents enter the workplace, responsibility for objective management may shift from department heads to the IT side of the house, changing the CIO role, he said.</p> </section> <section class="section main-article-chapter" data-menu-title="The hidden risks – your exposure assessment"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The hidden risks – your exposure assessment</h2> <p>When implementing AI technology, organizations need to apply the same rigorous GRC standards they use for human employees and traditional software, said Heath Mullins, chief evangelist at ExtraHop and a former Forrester Analyst.</p> <p>He recommends treating AI agents as distinct identities with restricted permissions and maintaining a human-in-the-loop to mitigate the risk of false, misleading or biased information they can sometimes produce.</p> <p>"Without understanding how these agents are moving across your network and what they have access to, you're literally driving yourself into the abyss," Mullins said.</p> <p>To minimize risk:</p> <ul class="default-list"> <li><b>Train the staff on acceptable usage of the AI agent.</b> Avoid the <a href="https://www.techtarget.com/searchsecurity/tip/Shadow-AI-How-CISOs-can-regain-control-in-2026">rise of shadow AI</a>, or employees using personal AI access to interact with corporate resources. Without network-level visibility, these agents operate in a "blind channel" that bypasses traditional security logs.</li> <li><b>Treat AI agents as a network identity.</b> A critical governance shift is underway in which AI agents are treated as entities governed with the same strictness as a human administrator.</li> <li><b>Only provide necessary access.</b> Implement guardrails around what it can and cannot touch.</li> <li><b>Track and be informed.</b> Continuous monitoring of data traversal will detect unauthorized actions.</li> <li><b>Have a rollback in place.</b> Amid evidence of self-preserving behavior in advanced agents, a "kill switch" should be established to remove control from the agent if necessary.</li> <li><b>Keep a human-in-the-loop.</b> <a href="https://www.techtarget.com/searchenterpriseai/feature/Humans-and-AI-The-role-of-people-in-the-new-AI-world">Removing the human element</a>, especially in high-stakes fields such as healthcare or finance, creates the potential for disaster.</li> </ul> <p>As AI becomes part of the daily workflow and agents take on more roles, concerns arise that it will create an entry-level vacuum, where junior-level jobs are replaced by AI instead of using AI to train them. The result is a future gap as newer engineers don't move into senior architect or security roles.</p> <p>Many feel this would result in a loss of accumulated expertise, tribal knowledge and nuanced judgment that comes from years of security experience.</p> <p>"I really want to see this move forward as being used as a tool to augment and train to advance people's careers rather than completely supplanting their career, and in some cases, completely shutting that career path off," Mullins said.</p> <p>A great demand still exists for engineers who are "natives to AI," said Dean Gefen, CEO of NukuDo and Red Alpha. He predicts 10 to 15 years of job security for people who upgrade their skills now. This is especially true for cybersecurity professionals with integrated AI capabilities, client-facing technical roles and forward-deployed engineers who help organizations implement and govern AI agents.</p> <p>To address traditional hiring shortages, Gefen's organization pays a salary and provides training in exchange for a three-year employment commitment to a client organization.</p> </section> <section class="section main-article-chapter" data-menu-title="Strategic considerations for IT leaders"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Strategic considerations for IT leaders</h2> <p>AI will continue to play an important role in cybersecurity as the methods used in cyberattacks grow more sophisticated.</p> <p>"Attackers are already leveraging AI to fuzz defenses, generate polymorphic malware, and script complex attacks at machine speed. If your defense relies solely on human analysts staring at dashboards, the battle is already lost," said Brett Smith, distinguished software developer on the Developer Experience Team at SAS.</p> <p>As AI becomes more integrated in critical infrastructure, organizations need to understand <a href="https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity">how agentic AI changes security operations</a>, weigh the benefits against the risks and implement strategic guardrails.</p> <p>An AI-native approach acts as a distant early warning system. It understands context, creating a security layer that speaks the same language as the threat. Real time, context-aware security keeps pace with AI-driven coding and attacks, Smith said.</p> <p>Still, AI can add its own risk and vulnerabilities to the system if proper guardrails aren't in place. Over-reliance can cause catastrophic damage if agents hallucinate or misinterpret data. The models themselves can be targeted using prompt injections, data poisoning or adversarial attacks.</p> <p>The most dangerous scenario is what Smith calls the "lethal trifecta." This can occur when an agent possesses untrusted input, access to private data and external communication.</p> <p>Cloudflare's pivot signals a broader industry trend, but organizations should not rush to replace their security teams with unchecked AI agents. Instead, a strategic, human-guided approach is necessary, Smith said.</p> <p>"The shift toward AI in cybersecurity isn't just a trend but a necessary evolution to keep pace with modern adversaries. But organizations must be smart about how they deploy autonomy to ensure the cure doesn't become worse than the disease," Smith said.</p> </section> <section class="section main-article-chapter" data-menu-title="The broader industry context"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The broader industry context</h2> <p><a href="https://www.techtarget.com/whatis/feature/Tech-sector-layoffs-explained-What-you-need-to-know">Tech sector layoffs</a> have surged to their highest levels in years. In recent months, tech giants, including Meta, Microsoft, Amazon, and Oracle, reduced their workforce while expanding AI use beyond coding into marketing, HR, customer service and administrative roles. Executives say the move will make the organizations more efficient.</p> <p>Others, including Nvidia CEO Jensen Huang, say that it "doesn't make any sense" for companies to link AI before generative AI tools became widely useful in the workplace.</p> <p>"I think the narrative that connects AI to job loss for many of the CEOs that are doing it, it is just too lazy," Huang said in an <a href="https://www.youtube.com/shorts/tDQcQv6M5e4" target="_blank" rel="noopener">interview</a> with Channel NewsAsia. "AI has just arrived. How is it possible they're already losing jobs?"</p> <p>The response from Wall Street has been mixed. CNBC compiled a list of 23 S&P 500 companies across sectors, including Nike, Salesforce and Fiverr, that cited AI in announcing layoffs. Fifty-six percent of the companies listed traded in the red after the announcement, CNBC reported. The average decline was about 25%.</p> <p>Although investors usually appreciate efficiency measures, they seem to be growing weary of <a href="https://www.techtarget.com/searchcio/feature/When-AI-spending-becomes-a-liability">rising AI spending</a> and the uncertainty it creates.</p> <p><i>Julie Hanson is a freelance writer who has reported on local news across Massachusetts and New Hampshire.</i><span data-ccp-props="{"201341983":0,"335559739":200,"335559740":276}"> </span></p> </section> Cloudflare cuts 1,100 jobs despite strong revenue growth, betting big on AI agents to reshape cybersecurity -- but experts warn of hidden risks ahead. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1183318665.jpg https://www.techtarget.com/searchcio/feature/Cloudflares-AI-pivot-Agentic-AI-risk-considerations-for-IT-execs Thu, 28 May 2026 14:37:00 GMT Cloudflare's AI pivot: Agentic AI risk considerations for IT execs <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Anthropic's Claude Mythos announcement has raised fears among CIOs that the AI model will outperform humans at finding and exploiting software vulnerabilities.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Announced in April as Mythos Preview, Anthropic gave 12 enterprises, including tech giants AWS, Nvidia, Microsoft, Apple and Google, access to the tool as part of Project Glasswing. Project Glasswing aims to use Mythos Preview to secure the world's most critical infrastructure, and the partners will share learnings with the industry.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">In this Q&A, Diana Kelley -- CISO at Noma Security -- speaks to TechTarget about what CIOs need to know about <a href="https://www.techtarget.com/searchcio/feature/AI-Security-Risks-Force-CIOs-to-Rethink-Strategy">preparing for a new era of AI threats</a>.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Editor's note:</strong><i> This Q&A has been edited for clarity and conciseness.</i></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>The headlines around Claude Mythos, AI and hacking have been alarming. Is the fear warranted, or is it being overplayed? </b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Diana Kelley:</strong> I have seen some headlines that are very reasonable and balanced, some headlines that may not understand the truth and some headlines that make it feel a little like the sky is falling.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Everybody should take a beat and take a breath as they think about what this means, because the reality is that LLMs -- and Claude is one model, but there are others -- have vulnerabilities. LLMs have been enabling adversaries to find vulnerabilities very quickly. They can drive some automation of attack or reconnaissance work, and they now have tools that help them do that more easily, and in some cases more effectively.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>What should CIOs do in response?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> For us on the defender side, we have a couple of things we very clearly need to do. First of all, we should be using these tools ourselves. We need to be using the autonomous, AI-driven vulnerability-finding tools to test our own systems, find where our vulnerabilities are and find where the <a href="https://www.techtarget.com/searchsecurity/tip/Transform-SIEM-rules-with-behavior-based-threat-detection">attack paths</a> are through our organization, so we can address those exposures before an attacker finds them.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Another thing that's really important for CIOs is <a href="https://www.techtarget.com/searchcloudcomputing/tip/The-hidden-costs-of-technical-debt-in-infrastructure">technical security debt</a>, such as unpatched vulnerabilities, the risks the organization knows are there that are exploitable, that haven't yet been addressed. This technical exposure, this legacy debt, is most likely going to be more of a problem now that attackers have better and cheaper tools to find where those holes are.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">CIOs and CISOs should get together and look at their security debt and the overall hygiene approach to addressing that debt. Some companies have been depending on the fact that attackers haven't been able to find their way through, and I think we need to go back through with this new lens, understanding these new tools are out there, and really say: Is this debt we can continue to live with, or is this debt we now need to address?</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>How should CIOs and CISOs work together on this?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> Just sitting down in a room together and having a whiteboard session looking at what this means, and asking, "What are we going to do?" The more CIOs and CISOs can talk and be collaborators, the better. Sometimes they can be at odds, but now is the perfect time to have some of those conversations.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>Is this primarily a problem for poorly defended organizations, or is everyone at risk?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> I think everybody needs to take into account that these systems are able to find vulnerabilities. Where you find a big difference is in organizations that don't have the time or resources to address their security hygiene and security debt, ensuring they're doing enough testing going forward. That's really where the difference is coming in.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>Beyond tools like Claude Mythos, what other AI-related threats should CIOs be thinking about?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> Companies have said to their employees, "Go out and <a href="https://www.techtarget.com/searchcio/feature/How-CIOs-move-from-AI-experimentation-to-operationalization">adopt AI</a> and use it to do your job," but as they do this, they're potentially creating a new and different attack surface.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">The CIO and the CISO may not have full visibility or observability into what tools are adopted, what agents are being used and what systems they're hooked up to. If you've used things like <a href="https://www.techtarget.com/searchenterpriseai/tip/Microsoft-Copilot-vs-Google-Gemini-How-do-they-compare">Copilot or Gemini</a>, they can connect to productivity tools, databases and a lot of content. That both gives them data and lets them potentially take action.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">The first thing that's really critical is to get that <a href="https://www.techtarget.com/searchitoperations/definition/observability">observability</a> layer, to make sure you've got visibility into what people are doing, and then take action if something in use is going wrong. For example, if you see a tool deleting a production database, do you have the ability to stop that at runtime? Can you stop it at that action layer or not? First, seeing what people do and then getting some control to limit the blast radius -- that is absolutely critical for all CIOs and CISOs right now.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>How should CIOs communicate about this to their boards?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> Boards are taking it very seriously. They have a big drive for efficiency from AI, and there are a lot of boards saying, "What are we doing? Are we taking advantage of this? Are we staying ahead of our competition?" Because there's also concern that if you're not using AI properly, your competition will.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">What the board needs from the CIOs and CISOs is to understand how <a href="https://www.techtarget.com/searchdisasterrecovery/tip/Why-a-risk-management-framework-is-critical-for-AI-initiatives">the risk translates</a> to the business. Don't just come in and defend against a headline, and don't say this is all really scary and we should stop adoption, as that's not going to work.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">Come in with visibility. Share the major initiatives in the organization that are using AI, explain how they're using it and be clear about what our critical third parties are using. Then, you can start explaining what's putting the company at risk, or what additional controls you may need to put around that use. You're not just fighting headlines. You're really talking about how to <a href="https://www.techtarget.com/searchenterpriseai/feature/Artificial-general-intelligence-So-close-yet-so-far">adopt rapidly</a> without putting the business at excessive risk. And then it's a different conversation.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><b>Any final advice for CIOs navigating this moment?</b></span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><strong>Kelley:</strong> If you don't have true visibility across your organization of what people are doing with AI, it's going to be very hard to build all these other blocks on top. You need that foundation. It needs to be very solid and up and running in real time.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">On top of that, understand who within the organization has adopted what and why, ask what they're doing with it and work with the CISO to understand the risks around that adoption. Build the <a href="https://www.techtarget.com/searchdatacenter/tip/Balancing-automation-with-human-oversight-in-AI-data-centers">right controls</a>, have the right policies in place, and get the right partners to help you.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;">AI adoption is here. It's just a matter of whether you have a good handle on it. Are you navigating through the choppy waters and going to get to the other side, or are you going to get some water in the boat? Visibility and collaboration are going to help a lot.</span></p> <p><span style="font-family: arial, helvetica, sans-serif; font-size: 14pt;"><em>Harriet Jamieson is a senior manager of custom content and writer for the IT Strategy team at TechTarget.</em></span></p> Anthropic's Claude Mythos has generated buzz and alarm among CIOs and CISOs, who fear the model could expose vulnerabilities and drive unprecedented levels of hacking. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a194810146.jpg https://www.techtarget.com/searchcio/feature/Take-a-breath-A-CISOs-Claude-Mythos-advice-for-CIOs Thu, 28 May 2026 09:02:00 GMT 'Take a breath:' A CISO's Claude Mythos advice for CIOs <p>AI agents may be powerful -- accelerating tasks and arriving at resolutions more quickly -- but there's one thing they're missing: the <a href="https://www.techtarget.com/searchcio/opinion/The-human-touch-A-CIOs-wake-up-call-on-customer-service-AI">human connection</a>.</p> <p>Human skills are just as important as quick resolutions in the business world. These skills are really the ability to read what's not being said -- something AI is not able to do, said Vineeta Bansal, partner at PwC, during a panel discussion titled <i>Leading the AI-native IT workforce: Why agility and empathy are your greatest tech assets</i> at the annual MIT Sloan CIO Symposium in Cambridge, Mass., on May 19.</p> <p>Some of these human skills include coaching, communication, adaptability, judgment, empathy and agility, said Roderick Adams, principal, advisory people and inclusion leader at PwC, during the same panel.</p> <p>Human skills are often the difference between retaining customers and losing them to the competition. If a customer is upset, it takes empathy, compassion and understanding to relate to and get through to a customer. Preprogrammed emotionless responses won't cut it. These robotic interactions often infuriate customers, leading them to seek a more human-centric company with which to do business.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mit_symposium_2-f.jpg"> <img data-src="www.techtarget.com/rms/onlineimages/mit_symposium_2-f_mobile.jpg" class="lazy" data-srcset="www.techtarget.com/rms/onlineimages/mit_symposium_2-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/mit_symposium_2-f.jpg 1280w" alt="Roderick Adams and Vineeta Bansal speak at the MIT Sloan CIO Symposium." data-credit="Sarah Amsler photo" height="378" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Roderick Adams, principal, advisory people and inclusion leader at PwC, left; and Vineeta Bansal, partner at PwC, speak during a panel discussion at the annual MIT Sloan CIO Symposium on May 19 in Cambridge, Mass. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Retaining customers is essential to a successful business. It costs 5-25 times more to acquire new customers than it does to retain existing customers, according to <a href="https://www.businessdasher.com/research/b2b-customer-retention-statistics/">statistics</a> from BusinessDasher, a business profile and comparison platform.</p> <section class="section main-article-chapter" data-menu-title="Choosing AI over people"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Choosing AI over people</h2> <p>Although human skills remain essential to businesses, many are laying off workers, adopting AI to automate tasks while citing cost-cutting measures.</p> <p>Eighty percent of organizations using autonomous tech report workforce reductions, according to a Gartner <a href="https://www.gartner.com/en/newsroom/press-releases/2026-05-05-gartner-says-autonomous-business-and-artificial-intelligence-layoffs-may-create-budget-room-but-do-not-deliver-returns">press release</a>. But while those reductions in force may create budgetary breathing room, they don't fully offset the cost of replacing people with AI.</p> <p>Take the recent Meta layoffs, for example. In May, the company laid off 8,000 employees -- 10% of its workforce. The cuts are an effort to offset heavy investments in AI infrastructure, as <a href="https://www.techtarget.com/searchcio/feature/When-AI-spending-becomes-a-liability">Meta plans to spend</a> $125 billion to $145 billion in capital expenses this year. Assuming each employee made $200,000 annually, that would only be $1.6 billion in savings -- just over 1% of what Meta expects to spend on AI infrastructure. The <a href="https://www.techtarget.com/searchcio/feature/Is-AI-cheaper-than-human-workers">AI investment far outweighs the people cuts</a>. Where is the actual cost savings? And at what cost to the business?</p> <p>AI is in the early stages of business use, never mind <a href="https://www.techtarget.com/searchcio/feature/How-CIOs-move-from-AI-experimentation-to-operationalization">scaling it from experimentation to operationalization</a>. AI is not ready to replace humans. Justifying job cuts with AI adoption is a lazy narrative, and one that can be detrimental to businesses.</p> <p>Businesses need to be truthful about why they are conducting layoffs. Blindly pointing to AI investment as the reason can come back to bite a CIO. If Meta can't turn its $125+ billion AI investment into bottom-line revenue tied to this spending, employees, board members and investors will want to know why.</p> <p>CIOs at other companies should pause before overpromising revenue or cost savings attributed to unproven AI systems. Maybe the real reason for downsizing is that the business is right-sizing its organization after a period of overhiring. Maybe there's a budget shortfall and the head count needs to be cut. Maybe they are flattening the organization. Whatever the reason, employees, board members and investors deserve the truth.</p> </section> <section class="section main-article-chapter" data-menu-title="Invest in people to help them find AI value"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Invest in people to help them find AI value</h2> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/mit_symposium_1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/mit_symposium_1-f_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/mit_symposium_1-f_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/mit_symposium_1-f.jpg 1280w" alt="Artwork describing panel discussion at MIT Sloan CIO Symposium." data-credit="Artwork by Karyn Knight Detering of Ideas Take Shape"> <figcaption> <i class="icon pictures" data-icon="z"></i>This artwork describes the discussion during a panel on why agility and empathy are a business' greatest tech assets at the annual MIT Sloan CIO Symposium on May 19 in Cambridge, Mass. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Choosing AI over people doesn't have to be the only option. Instead, businesses should invest in their employees to develop both AI and human-centric skills. These are skills that will set them apart in an AI-enabled world. And skills that will contribute toward a successful business.</p> <p>What does this mean for CIOs? It means assessing the skill sets of both employees and the people they're hiring to find the gaps that need to be filled. It means not rolling out AI tools with no training. It means ensuring company learning platforms deliver content that helps employees build these necessary skills. And it means making sure employees don't feel like they will become obsolete by using AI in their jobs.</p> <p>Humanity matters. </p> <p><em>Sarah Amsler is a senior managing editor for the IT Strategy team at TechTarget. </em></p> </section> AI boosts efficiency but can't replicate emotional intelligence or nuanced judgment. Forward-thinking companies pair technology with talent to drive sustainable growth and loyalty. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a311883856.jpg https://www.techtarget.com/searchcio/opinion/Invest-in-human-AI-collaboration-not-just-automation Wed, 27 May 2026 13:29:00 GMT Invest in human-AI collaboration -- not just automation <p>Wouldn't it be nice if enterprise cybersecurity were as easy as recalculating your route on Waze?</p> <p>I vividly remember a time early in my career, sitting in a rental car in San Jose with a dozen printed MapQuest pages on the passenger seat, lost and 30 minutes late for an interview. The directions were accurate when I printed them, but MapQuest had no way of knowing about the closed exit ramp off the 101 or that I missed the third turn after the Thai restaurant.</p> <p>Today, Waze automatically connects to my car's "infotainment" system and makes driving, even in a strange city, a non-issue. It achieved that not by giving me better static information, but by making the map aware, adaptive and able to update in real time.</p> <p>Enterprises should use this dynamic model to think about their technology stacks. But when I look at how most organizations approach <a href="https://www.techtarget.com/searchenterpriseai/tip/Evaluate-the-risks-and-benefits-of-AI-in-cybersecurity">AI and cybersecurity</a> right now, I see a lot of printed MapQuest directions.</p> <section class="section main-article-chapter" data-menu-title="Mythos made AI threats very real"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Mythos made AI threats very real</h2> <p>For years, the discussion around AI's destructive effects on cybersecurity lived mostly in research papers and conference keynotes. The <a href="https://www.techtarget.com/searchenterpriseai/news/366642478/Claude-Mythos-Preview-and-the-new-rules-of-cybersecurity">introduction of Anthropic's Claude Mythos</a> made the abstract concept a reality that organizations must address urgently.</p> <p>Mythos can autonomously identify software weaknesses, probe systems at machine speed and operate continuously without fatigue or human intervention. Anthropic itself said Mythos was too dangerous to release publicly and limited its access, prompting widespread concern.</p> <p>Prominent influential voices counter that the existential fear is <a target="_blank" href="https://www.derekthompson.org/p/the-fundamental-question-in-every" rel="noopener">overblown</a>. Whichever camp you fall into, the technology is here, and CIOs and IT leaders must learn how to handle it.</p> </section> <section class="section main-article-chapter" data-menu-title="Why AI security is already behind"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why AI security is already behind</h2> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> When I look at how most organizations approach AI and cybersecurity right now, I see a lot of printed MapQuest directions. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The instinct in most organizations is to treat <a href="https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise-cybersecurity">AI threats as a security problem</a>: The IT team hands them off to the chief information security officer (CISO) and moves on. That division of labor made sense in a slower world, but it won't suffice in the world we're becoming.</p> <p>Only 26% of organizations report having comprehensive AI security governance policies in place, according to the Cloud Security Alliance's State of AI Security and Governance <a target="_blank" href="https://cloudsecurityalliance.org/artifacts/the-state-of-cloud-and-ai-security-2025" rel="noopener">report</a> issued late last year. That means three-quarters of enterprises make high-stakes AI decisions -- including which models to deploy, which data to expose and which workflows to automate -- without a coherent framework to manage risk.</p> <p>To make matters worse, CIOs and CISOs often don't realize which AI tools employees use. Gartner's Global Labor Market Survey for Q1 2026 <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2026-05-13-gartner-predicts-by-2027-50-percent-of-enterprises-without-a-people-centric-ai-strategy-will-lose-their-top-ai-talent" rel="noopener">found</a> 88% of employees with access to enterprise AI tools also use personal AI tools for work. And more than 78% of technology leaders reported that AI adoption is surpassing their organization's ability to manage the associated risks in <a target="_blank" href="https://www.ey.com/en_us/newsroom/2026/03/ey-survey-autonomous-ai-adoption-surges-at-tech-companies-as-oversight-falls-behind" rel="noopener">EY's recent</a> Technology Pulse Poll.</p> <p>The underlying challenge is speed. Attackers using AI-assisted tools can continuously scan, probe and exploit at machine speed. Most enterprise security responses still operate at human speed, with quarterly reviews, annual audits and governance documents that fall out of date almost immediately.</p> <p>That disparity cannot be addressed by people creating better policies at human speed. We can only defend with better technology.</p> </section> <section class="section main-article-chapter" data-menu-title="Fight back at AI with more AI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Fight back at AI with more AI</h2> <p>Waze did not beat unpredictable road hazards by waiting to see what its competitors would do or hoping the government would step in to limit the number of cars on the road. It succeeded by becoming more adaptive than the problem, creating software that constantly gathered information, learned from it and updated instantly.</p> <p>Enterprises must adopt that model for AI security. The Cloud Security Alliance report encouraged security teams to take the lead in adopting AI security tools, and many are already available.</p> <p>Knowing where to start can be difficult, especially when advances happen so quickly. The Cybersecurity Framework Profile for Artificial Intelligence, published by <a target="_blank" href="https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8596.iprd.pdf" rel="noopener">NIST</a>, organizes the challenge into three focus areas: securing your AI environment, defending with AI and thwarting AI-enabled threats.</p> <p>In practice, that translates to three functions where IT, if it moves quickly enough, can gain the upper hand. These functions are the following:</p> <ul class="default-list"> <li><b>Increasing visibility.</b> <a href="https://www.techtarget.com/searchenterpriseai/tip/Strategic-approaches-to-effective-shadow-AI-governance">Shadow AI</a> is a growing concern in organizations because you cannot defend what you cannot see. Major security vendors, including CrowdStrike, Netskope and Palo Alto, offer products that identify and map unapproved tools before they become incidents.</li> <li><b>Using AI proactively to scan your own systems for vulnerabilities before attackers do.</b> Microsoft said its new <a target="_blank" href="https://www.microsoft.com/en-us/security/blog/2026/05/12/defense-at-ai-speed-microsofts-new-multi-model-agentic-security-system-tops-leading-industry-benchmark/" rel="noopener">MDASH</a> agentic scanning system, available in preview, recovered 96-100% of confirmed historical vulnerabilities in tested codebases.</li> <li><b>Continuous monitoring of AI already running in production</b>. Vendors, including <a href="https://www.techtarget.com/searchapparchitecture/tip/Dynatrace-bets-on-causal-intelligence-for-AI-observability">Dynatrace</a> and <a href="https://www.techtarget.com/searchitoperations/news/366641600/Cisco-Galileo-buy-reflects-blurring-lines-in-AI-observability">Cisco</a>, are beefing up their observability platforms with agents that offer real-time insight into AI workloads.</li> </ul> <p>Gartner <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2026-03-16-gartner-forecasts-information-security-spending-in-australia-to-reach-over-7-billion-in-2026" rel="noopener">predicted</a> 75% of enterprises will use "AI-amplified" cybersecurity products for most cybersecurity use cases by 2028, up from less than 25% in 2025. The organizations adopting those products are not careless about risk. They have simply accepted that the only realistic answer to AI-speed threats is AI-speed defenses.</p> <p>Nobody argues we should go back to printed MapQuest directions. The roads got more complicated, and how we navigate got smarter to match. How much longer can you afford to wait for your security systems to do the same?</p> <p><i>Susan Fogarty serves as vice president of Editorial, Enterprise Technology at Informa TechTarget, overseeing a global team producing content for premier IT and telecom media brands including TechTarget.com, InformationWeek and Light Reading.</i></p> </section> AI-powered attackers are operating at machine speed. Don't fight back with human-speed defense. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a194810146.jpg https://www.techtarget.com/searchcio/opinion/The-antidote-to-evil-AI-is-more-AI Wed, 27 May 2026 13:04:00 GMT The antidote to 'evil AI' is more AI <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Executive summary</h3> <p>Claude Mythos Preview and other AI tools are reshaping cybersecurity risks and defenses. Key takeaways include the following:</p> <ul class="default-list"> <li>CIOs see AI-driven threats, including tools such as Claude Mythos, as urgent rather than future risks.</li> <li>Security teams are moving from periodic checks to constant monitoring and faster fixes.</li> <li>Companies are using AI in coding, threat detection and incident response.</li> <li>Security is shifting to automated systems that work continuously and respond quickly.</li> <li>Fully automated security centers are still seen as overhyped for now because humans are still needed.</li> <li>Companies are starting to manage shadow AI use because it can create new security risks.</li> <li>IT leaders must be skeptical of AI vendor claims.</li> </ul> </div> </div> <p>Technological breakthroughs are often double-edged swords. AI in security is no exception.</p> <p>In April 2026, Anthropic <a target="_blank" href="https://red.anthropic.com/2026/mythos-preview/" rel="noopener">announced</a> Claude Mythos Preview, a general-purpose AI model the company said performed unusually well at identifying and exploiting software vulnerabilities. The company said it would not release the model but instead launch Project Glasswing -- an effort to <a href="https://www.techtarget.com/searchsecurity/news/366643606/First-month-of-Mythos-Preview-testing-exposes-10K-flaws">study the model in real-world security settings</a> and strengthen defensive readiness. The episode highlights a growing paradox in cybersecurity: the same advances that strengthen defenders can also accelerate the pace of exploitation.</p> <p>CIOs and security leaders are responding to Mythos Preview and similar AI-driven threats by treating them as immediate risks rather than future concerns. They are replacing periodic scans and manual response processes with <a href="https://www.techtarget.com/searchenterpriseai/tip/Evaluate-the-risks-and-benefits-of-AI-in-cybersecurity">continuous monitoring</a>, faster vulnerability remediation and greater visibility into how employees use AI tools. Together, these changes reflect a shift from periodic, human-driven security operations to automated systems that continuously detect and respond to threats faster than humans alone.</p> <p>"We used to build walls, control those walls and respond to alerts. That's all changing. You can't build a wall high enough to prevent penetration. The new posture … needs to be continuous, adaptive and intelligence-driven," said Sean Safieh, CIO of global platforms and digital solutions at Sedgwick, a global claims management company.</p> <section class="section main-article-chapter" data-menu-title="How Mythos affects cybersecurity"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How Mythos affects cybersecurity</h2> <p>AI has reshaped cybersecurity on both sides of the threat equation. It helps attackers find and exploit vulnerabilities while giving defenders new tools to detect and respond to threats.</p> <h3>How Mythos could help attackers</h3> <p>Since the advent of ChatGPT in late 2022, large language models (LLMs) and other <a href="https://www.techtarget.com/searchsecurity/feature/Explaining-AIs-impact-on-ransomware-attacks-and-security">AI systems have helped attackers</a> craft phishing campaigns, generate deepfakes and find vulnerabilities in code. This shift has increased pressure on security teams, which now face faster-moving threats.</p> <p>"We have seen [AI] make the barrier to entry for a threat actor much smaller. It can do simple things, like write really good emails, but also produce code that can launch a threat," said Matt Watkins, CIO of IMA Financial Group, an insurance brokerage firm.</p> <p>As if the current landscape wasn't challenging enough, the newest breed of LLMs may be more effective at exploiting vulnerabilities than older ones. For example, Mythos Preview generated working exploits 181 times against Firefox JavaScript vulnerabilities, compared with just two for Anthropic's earlier model -- Opus 4.6 -- across several hundred attempts, according to Anthropic's internal testing. Additionally, in tests across about 7,000 open source code entry points, Mythos Preview fully compromised 10 patched systems -- something Opus 4.6 had not managed.</p> <p>If Anthropic's results are accurate, this will greatly affect security teams. Attackers could turn newly discovered vulnerabilities into working exploits much faster, compressing the time defenders have to respond.</p> <h3>How Mythos could help defenders</h3> <p>Advanced AI models don't just help attackers, though. They can also help defenders detect vulnerabilities earlier in the development cycle and <a href="https://www.techtarget.com/searchsecurity/tip/Incident-response-automation-What-it-is-and-how-it-works">automate parts of incident response</a>, such as identifying suspicious behavior, prioritizing alerts and isolating compromised accounts. This aligns with the intent behind Project Glasswing, which applies Mythos Preview in controlled environments to strengthen critical systems and improve defensive practices.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Defensively, [AI] is an opportunity for us to leverage, but attackers are using it and closing the gap. </figure> <figcaption> <strong>Sean Safieh</strong>CIO, global platforms and digital solutions, Sedgwick </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Still, attackers have an inherent advantage over defenders. They only need to find and exploit a single weakness, while defenders must identify and fix every weakness across a constantly expanding attack surface.</p> <p>"Defensively, [AI] is an opportunity for us to leverage, but attackers are using it and closing the gap," Safieh said.</p> </section> <section class="section main-article-chapter" data-menu-title="Hype vs. reality"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Hype vs. reality</h2> <p>Anthropic has received a lot of attention since announcing Claude Mythos Preview and Project Glasswing. This has led critics to question whether the framing around Mythos reflects a genuine security concern or is merely a fear-based marketing tactic Anthropic used to gain attention.</p> <p>Although CIOs acknowledge there may be some hype here, the overall take is that it's better to be safe than sorry.</p> <p>"I don't think it's a complete set of fearmongering. We all have to be aware of the potential possibilities of this doing what they say it can do," Safieh said.</p> <p>However, CIOs and analysts widely view the idea of fully autonomous, agentic AI-powered security operations centers (SOCs) as overhyped. While organizations increasingly use <a href="https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise-cybersecurity">AI to assist with threat detection</a>, triage and response, these systems still struggle to reliably make the nuanced decisions human analysts make every day.</p> <p>"These are very real things. What's overhyped is how easy they are," said Fred Chagnon, principal research director at Info-Tech Research Group.</p> <p>Security teams still rely heavily on human judgment, especially when they deal with incomplete, noisy or ambiguous data. Before enterprises can fully automate SOC workflows, organizations must first codify the decision-making processes that experienced human analysts use instinctively, Chagnon said.</p> </section> <section class="section main-article-chapter" data-menu-title="Cyberthreats throughout history"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cyberthreats throughout history</h2> <p>The cybersecurity threat landscape has never been static. Each major wave of technology adoption has reshaped how organizations think about exposure, perimeter control and risk management. On-premises infrastructure, mobile devices and cloud environments each forced security teams to rethink what it means to defend a system.</p> <p>"When I moved to cloud, my systems were much more reachable. I had a greater attack surface there. Mobile shifted my perimeter, and things weren't protected in my big, giant firewall anymore, so I had to think about different exposures there," Chagnon said.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The vibe coding thing has taken off for us internally, so we're trying to figure out how to handle that. </figure> <figcaption> <strong>Matt Watkins</strong>CIO, IMA Financial Group </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>These shifts consistently expanded the attack surface and forced organizations to adapt their defensive models. Cloud introduced more distributed infrastructure and external dependencies, while mobile eliminated the concept of a fixed enterprise perimeter, pushing security toward identity, access control and endpoint-level protection.</p> <p>AI, however, represents a different kind of shift. Rather than just creating a new category of exposure, it accelerates the discovery and exploitation of existing weaknesses across already connected and exposed systems, Chagnon said.</p> <p>At the same time, CIOs are beginning to see AI change how employees interact with enterprise systems in ways that are <a href="https://www.techtarget.com/healthtechsecurity/feature/Shadow-AI-in-healthcare-The-hidden-risk-to-data-security">harder to monitor and govern</a>. AI tools let users create new applications, workflows and data flows outside traditional security boundaries. This broadens the scope of what organizations need to monitor in practice.</p> <p>"I now have users going out and using AI, and I'm not always sure what information they're sharing. The vibe coding thing has taken off for us internally, so we're trying to figure out how to handle that. I have users standing up new applications and putting data in and doing who knows what with it," Watkins said.</p> <p><iframe title="Technology shifts and evolving attack surfaces" aria-label="Table" id="datawrapper-chart-A544F" src="https://datawrapper.dwcdn.net/A544F/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="805" data-external="1"></iframe></p> <p> <script type="text/javascript">(function(){function e(){window.addEventListener(`message`,function(e){if(e.data[`datawrapper-height`]!==void 0){var t=document.querySelectorAll(`iframe`);for(var n in e.data[`datawrapper-height`])for(var r=0,i;i=t[r];r++)if(i.contentWindow===e.source){var a=e.data[`datawrapper-height`][n]+`px`;i.style.height=a}}})}e()})();</script> </p> </section> <section class="section main-article-chapter" data-menu-title="AI as both risk and defense"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI as both risk and defense</h2> <p>AI sits on both sides of the cybersecurity equation. It can accelerate attackers' vulnerability discovery, but vendors and experts also position it as a way to defend against threats. Security leaders face the challenge of using AI to strengthen defenses while <a href="https://www.techtarget.com/searchsecurity/feature/CISO-playbook-for-securing-AI-in-the-enterprise">managing the technology's additional risks</a>.</p> <p>Security teams have historically been cautious about adopting new technologies quickly, and AI is no exception. Many security leaders approach it with more skepticism than other parts of the business, largely because their mandate is to reduce risk rather than experiment with it.</p> <p>"Security leaders are probably the most distrustful of AI in the entire organization. These are very risk-averse people," Chagnon said.</p> <p>However, those same leaders acknowledge that AI is already reshaping both offense and defense. While it introduces new challenges, it also offers capabilities that traditional security tooling has struggled to match, such as faster pattern detection across systems and more automated responses to emerging threats.</p> <p>"AI is the greatest tool that we can use to defend ourselves," Chagnon said.</p> <p>The tension between AI skepticism and necessity is shaping how organizations think about AI in security. It's not a replacement for existing practices but a capability that organizations must integrate into them.</p> </section> <section class="section main-article-chapter" data-menu-title="Defense through development"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Defense through development</h2> <p>Organizations are increasingly embedding AI directly into the software development lifecycle, building security into coding, testing and operational workflows rather than addressing it after deployment.</p> <p>One of the clearest early use cases is vulnerability discovery in code. Security teams see AI systems as particularly effective at analyzing software at scale and surfacing weaknesses that human reviewers might miss.</p> <p>"It's making it easier to find the vulnerabilities … That's essentially what the good part about Mythos and Project Glasswing is all about. It's about finding code and finding weaknesses," Chagnon said.</p> <p>Beyond code analysis, organizations are using AI to detect unusual behavior patterns across systems and users. These models can correlate signals -- such as login behavior, access patterns and downloads -- that previously sat in separate tools, to surface activity that would otherwise be difficult to detect.</p> <p>In some cases, <a href="https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity">AI systems take action</a> rather than only surface alerts. For instance, they can isolate accounts, block activity or contain threats in real time, Watkins said. This reduces response times and helps security teams move faster than with manual workflows.</p> <p>A growing area of experimentation is proactive scanning during major changes, such as acquisitions or system integrations. Instead of waiting for audits or incidents, AI tools can rapidly map risk exposure across infrastructure and highlight configuration gaps or missing controls.</p> <p>"We're piloting a tool now that when we do a new acquisition, it can go in and do a full scan of the environment. It's almost like an automated penetration test of 'What do I need to worry about? Where is multifactor authentication not in place? Where do I have vulnerabilities?'" Watkins said.</p> </section> <section class="section main-article-chapter" data-menu-title="6 cybersecurity tips for the AI era"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6 cybersecurity tips for the AI era</h2> <p>Many CIOs are updating how they run security operations to keep up with AI-powered threats. They are shifting away from manual, reactive work and toward automated systems that detect, prioritize and respond in real time.</p> <h3>1. Shift security from human reaction to automated systems</h3> <p>AI is pushing CIOs to move away from security models that depend on manual alert reviews. Instead, they are beginning to treat security operations as engineered systems -- where <a href="https://www.techtarget.com/searchcio/feature/How-DXC-Technology-uses-agentic-AI-in-the-SOC">automation handles first-pass detection and response</a>, and humans focus on designing, tuning and improving those systems.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> If we think about the future of threat detection, it's not humans looking at alerts and reacting to them. </figure> <figcaption> <strong>Fred Chagnon</strong>Principal research director, Info-Tech Research Group </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>This shift reframes security teams less as operators in the loop and more as engineers building intelligent, self-adjusting workflows. The goal is not to remove humans, but to stop relying on them for real time decision-making that machines can handle faster.</p> <p>"If we think about the future of threat detection, it's not humans looking at alerts and reacting to them. It's humans working on a system that looks at alerts and reacts to them," Chagnon said.</p> <h3>2. Move from periodic scans to continuous security monitoring</h3> <p>Security operations can no longer rely on periodic scans, scheduled audits or weekly reporting cycles. The speed at which vulnerabilities emerge -- and AI accelerates their discovery -- forces organizations into continuous monitoring and enforcement models.</p> <p>CIOs are beginning to treat vulnerability management and compliance as always-on processes. Instead of producing reports that someone later acts on, systems must detect issues, evaluate them and trigger remediation workflows in real time.</p> <p>"It can't be daily or weekly scans and then sending reports to somebody else to deal with it. It's got to be continuous," Chagnon said.</p> <h3>3. Close the gap between detection and remediation</h3> <p>Organizations have become good at identifying vulnerabilities, but much <a href="https://www.techtarget.com/searchsecurity/opinion/Top-vulnerability-management-challenges-for-organizations">weaker at fixing them quickly</a>. That gap is becoming more dangerous as the time between discovery and exploitation shrinks.</p> <p>To close this gap, CIOs should treat remediation as part of the same operational pipeline as detection, Chagnon said. Instead of routing vulnerabilities into static queues or dashboards, they can push them into systems that prioritize, assign and resolve issues with the same urgency as active incidents.</p> <p>"If I can find vulnerabilities and exposures, that's great. But how do I fix that? This is where a lot of organizations are still challenged," Chagnon said.</p> <h3>4. Design for resilience, not perimeter defense</h3> <p>Traditional security models assumed organizations could build strong perimeters to prevent most breaches. That assumption no longer holds, Safieh said. Modern environments are too distributed, and attack surfaces are too dynamic.</p> <p>CIOs are shifting toward <a href="https://www.techtarget.com/searchsecurity/tip/CISOs-guide-to-implementing-a-cybersecurity-maturity-model">resilience-based models</a> that assume breaches will happen and prioritize detection speed, containment and recovery. Threat intelligence is becoming a core operational function rather than something analysts review separately from security operations.</p> <h3>5. Govern AI use as part of the attack surface</h3> <p>AI is not only changing external threats; it is <a href="https://www.techtarget.com/searchsecurity/tip/How-to-secure-AI-infrastructure-Best-practices">expanding the internal attack surface</a>. Employees now build applications, process data and experiment with tools that often sit outside traditional governance frameworks.</p> <p>CIOs are increasingly concerned about which AI tools employees use, what data flows into them and what systems employees build without central oversight, Watkins said. To manage this risk, IT leaders should create governance frameworks that monitor AI tools, data usage and employee-built applications across the enterprise.</p> <h3>6. Treat vendor claims with skepticism</h3> <p>As <a href="https://www.techtarget.com/searchsecurity/feature/Must-have-security-technologies">AI security tools</a> proliferate, CIOs are becoming more cautious about vendor promises. The speed of innovation has outpaced many organizations' ability to validate claims, especially those related to autonomous security capabilities. IT leaders should tighten evaluation processes and test tools more rigorously to avoid deploying systems that fail under real conditions.</p> <p>"I would caution everyone in the community to be skeptical about what vendors promise, and ensure a solution works and makes sense, versus trusting blindly," Safieh said.</p> <p><em>Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.</em></p> </section> As AI tools such as Claude Mythos Preview can speed vulnerability discovery for attackers, CIOs are automating detection and response to keep pace. https://cdn.ttgtmedia.com/rms/onlineimages/security_a385093447.jpg https://www.techtarget.com/searchcio/feature/ais-cybersecurity-paradox-how-CIOs-can-keep-up-with-change Wed, 27 May 2026 11:56:00 GMT AI's cybersecurity paradox: How CIOs can keep up with change <p>Large language model risk management is now a CIO priority, as enterprise LLM adoption moves from experimentation into production, workflows, customer channels and other platforms that affect core operations.</p> <p><a href="https://www.techtarget.com/searchenterpriseai/tip/Explore-mitigation-strategies-for-LLM-vulnerabilities">LLM risks</a> include data privacy, information integrity, information security, intellectual property, value-chain and component integration, harmful bias, and human-AI configuration. So, CIOs should treat LLM risk as a portfolio of risks, not a single AI risk bucket.</p> <p>For effective AI governance, CIOs need an LLM risk management approach that classifies use cases, inventories embedded AI, governs data, constrains permissions, validates outputs, monitors drift and cost, and holds vendors to auditable obligations.</p> <section class="section main-article-chapter" data-menu-title="Questions CIOs should ask about each LLM deployment"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Questions CIOs should ask about each LLM deployment</h2> <p>When approaching LLM deployments, CIOs must evaluate questions to ask internal teams across the organization, as well as potential vendors.</p> <h3>Questions for internal teams</h3> <ol class="default-list"> <li><b>What business decision or workflow does this LLM influence? </b>LLM risk management requires a named business owner, a documented process map and a fallback when the model is unavailable.</li> <li><b>Does the system only generate content, or can it take other actions? </b>Risk changes materially when an LLM can send emails, trigger workflows or approve transactions. CIOs should require a precise action register and specify which actions require human approval.</li> <li><b>What enterprise systems, APIs, tools or databases can the LLM access? </b>Connectors and access capabilities define the LLM security blast radius. Shared service accounts and broad API scopes without <a href="https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP">least-privilege</a> review are security red flags.</li> <li><b>What data does the system use, and how is it being used? </b>The baseline for AI compliance includes a data-flow diagram covering prompt inputs, embeddings, logs and downstream outputs.</li> <li><b>Does the system use retrieval-augmented generation, fine-tuning, prompt engineering, tool calling or autonomous agents? </b>Different architectures fail differently. For example, agentic AI introduces goal-hijacking risks that copilot deployments do not.</li> <li><b>What happens when the model is wrong? </b>CIOs should look for defined failure modes, safe fallbacks, escalation rules, confidence or uncertainty handling, and clear user guidance on <a href="https://www.techtarget.com/searchenterpriseai/tip/Why-does-AI-hallucinate-and-can-we-prevent-it">when not to rely on the output</a>.</li> <li><b>What human approval or escalation points exist? </b>Human oversight is only a control when it is specific, timed and enforceable. Approval gates where the agent decides when to escalate are not controls.</li> <li><b>How are outputs validated before being used in downstream systems? </b>Output passed directly into scripts or workflows without schema or business-rule validation is a critical LLM security gap.</li> </ol> <h3>Questions to ask vendors</h3> <ol class="default-list"> <li><b>How does the LLM handle confidential, regulated, personal or customer data? </b>Data leakage occurs through prompts, embeddings, logs and downstream actions. <a target="_blank" href="https://iapp.org/news/a/do-llms-store-personal-data-this-is-asking-the-wrong-question" rel="noopener">Personal data</a> included without policies and embeddings treated as non-sensitive are AI compliance red flags.</li> <li><b>How are prompts, outputs and user interactions logged? </b>Auditability is essential for incident response and AI compliance. Sensitive prompts stored without protection or linkage between requests, tool calls and final actions are red flags.</li> <li><b>Where does the data go once it is in the system? </b>CIOs should look for data-flow documentation, region details, sub-processor transparency, support-access rules and explicit statements about provider access to inputs, outputs and training data.</li> <li><b>Can the vendor use data entered into the system for model training or service improvement? </b>Training commitments are product-specific and CIOs should confirm whether the commitment covers prompts, outputs, fine-tuning data and logs.</li> <li><b>What are the retention, deletion and residency controls? </b><a href="https://www.techtarget.com/searchdatamanagement/feature/How-agentic-AI-governance-tackles-data-security-challenges">AI governance fails</a> on the data lifecycle before it fails on model quality. Residency claims excluding telemetry and deletion commitments without timings are inadequate.</li> <li><b>How does the tool protect sensitive data? </b>Generic enterprise-grade security language is not a control description. CIOs should verify encryption, identity access management controls, private networking and key management.</li> <li><b>What level of system access does the vendor require? </b>Over-permissioned agents are one of the clearest paths from LLM misuse to enterprise compromise. Shared credentials with no per-request authorization checks should not happen.</li> <li><b>How are prompt injection and indirect prompt injection mitigated? </b><a href="https://www.techtarget.com/searchsecurity/post/Prompt-injection-attacks-From-pranks-to-security-threats">Prompt injection remains</a> a common LLM security threat in agentic AI deployments.</li> <li><b>How are model updates, system-prompt changes and vendor-side changes communicated? </b>LLM systems can change behavior without a customer-side code release. Silent model swaps and no version-pinning options for regulated deployments are unacceptable.</li> <li><b>What testing has been done for bias, toxicity, hallucination, leakage, jailbreaks and unsafe tool use? </b>Benchmark scores alone, with no adversarial or red-team evidence or re-testing after configuration changes, do not satisfy AI governance requirements.</li> <li><b>What audit evidence is available? </b>AI governance fails under scrutiny when there is no evidence trail. CIOs should require architecture documents, risk assessments and independent attestations.</li> <li><b>What contractual protections exist, and what is the exit plan if the vendor, model or regulatory posture changes? </b>Contract terms must cover data ownership, breach notification, portability and audit rights, with a fallback plan that does not depend on vendor cooperation.</li> </ol> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/VyeX2PHQe4M?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <h3>Building an LLM governance framework</h3> <p>A <a href="https://www.techtarget.com/searchsecurity/tip/What-CISOs-need-to-know-about-AI-governance-frameworks">defensible AI governance framework</a> should be lightweight for low-risk use cases, but strict for systems that touch sensitive data, regulated decisions or autonomous action. The most durable designs align business ownership, LLM security controls, data governance, procurement and audit evidence around the full LLM system rather than the model alone.</p> <ol class="default-list"> <li><b>Establish ownership and accountability. </b>The CIO owns the enterprise operating model. The CISO owns LLM security and incident response. The chief data officer and privacy teams own data controls. Legal and compliance own regulatory interpretation. Procurement owns AI-specific vendor diligence, and business owners remain accountable for the context of use and error tolerance.</li> <li><b>Define policies for acceptable AI usage. </b>Policies should cover approved data classes, permitted actions, output-use restrictions and prohibited use cases, with clear escalation paths for edge cases.</li> <li><b>Classify LLM use cases by risk. </b>A tiered classification that distinguishes content generation, decision support and autonomous actions should have proportionate controls and prevent low-risk approvals from <a href="https://www.techtarget.com/searchcio/feature/How-a-CIO-guides-agentic-AI-with-structured-governance">covering high-risk agentic AI deployments</a>.</li> <li><b>Create an enterprise AI inventory. </b>When registered, every LLM deployment, including embedded AI in SaaS tools and vendor-managed models, should include its data classification, business owner and risk tier.</li> <li><b>Implement LLM security controls. </b>Controls must address prompt injection, access scoping, output validation and secrets management.</li> <li><b>Implement data governance controls. </b>Data governance for agentic AI must specify what enters the prompt, what is retrieved, what is stored in embeddings and what flows downstream.</li> <li><b>Govern agentic AI separately. </b>Agentic AI requires its own governance layer covering goal specification, tool-use constraints and human escalation triggers distinct from those applied to copilots.</li> <li><b>Build monitoring and assurance. </b>Operational monitoring should cover output quality, cost, error rates and anomalous tool calls with a defined review cadence and clear remediation ownership.</li> <li><b>Manage third-party and vendor risk. </b>AI compliance requires service-specific vendor diligence updated when models or terms change and backed by contractual rights to audit and exit.</li> <li><b>Prepare for regulation and audit. </b>Map current controls to <a href="https://www.techtarget.com/searchcio/news/366579692/Enterprise-businesses-use-NIST-AI-RMF-to-guide-AI-use">NIST AI Risk Management Framework</a>, ISO 42001 and the EU AI Act, identify gaps early and build the evidence trail that regulators will require.</li> </ol> <p><em>Kashyap Kompella, founder of RPA2AI Research, is an AI industry analyst and advisor to leading companies across the U.S., Europe and the Asia-Pacific region. Kashyap is the co-author of three books, Practical Artificial Intelligence, Artificial Intelligence for Lawyers and AI Governance and Regulation.</em></p> </section> CIOs must prioritize LLM risk management as adoption grows. They should assess workflows, data security and vendor practices to mitigate risks and ensure safe AI use. https://cdn.ttgtmedia.com/rms/onlineimages/security_a303570139.jpg https://www.techtarget.com/searchcio/tip/Beyond-thehypeA-CIOs-guide-to-LLM-risk-management Tue, 26 May 2026 15:43:00 GMT Beyond the hype: A CIO's guide to LLM risk management Search CIO Resources and Information from TechTarget 60 webmaster@techtarget.com