At this year’s Gartner Security & Risk Management Summit, Dennis Xu, VP Analyst at Gartner, outlined a growing disconnect between the pace of generative AI innovation and traditional cybersecurity planning models. Xu’s assessment: Organizations need to prioritize rapid execution over detailed, long-range roadmaps. In a world where AI capabilities, and risks, evolve weekly, the ability to respond quickly is becoming a core resilience metric.
“Making AI Resilient is less about planning and more about speed of execution.”
Xu’s session, focused on AI’s impact on cybersecurity, framed the core challenge for enterprise leaders: in this environment, resilience depends less on foresight and more on agility.
From AI Policy to Standard Security Policy
One of the more provocative predictions Xu offered is that within two years, the term “AI policy” will disappear. Instead, AI will become so embedded in operational frameworks that managing it will fall under the domain of standard security governance.
“By 2027, There is no such thing as an ‘AI Policy,’ just technology policies which assume AI everywhere.”
This marks a major shift in mindset. CIOs must no longer view AI security as a standalone challenge. Rather, it must be integrated into existing governance models, requiring collaboration across data, compliance, security, and product functions.
Siloed efforts will only hinder resilience.
A Dual Value Lens: Efficiency vs. Efficacy
To help CIOs assess the strategic value of AI in security operations, Xu introduced a simple but powerful framework based on two dimensions: efficiency and efficacy.
- Efficiency refers to automating high-volume, repetitive tasks, like alert triage or policy interpretation, to reduce analyst load.
- Efficacy goes further, leveraging AI to detect threats that traditional systems or human analysts might miss.
While most current enterprise AI deployments lean toward efficiency, Xu emphasized that forward-looking CISOs are exploring how AI can drive true efficacy, particularly in advanced use cases like malware analysis, anomaly detection, and behavioral monitoring.
Execution Over Planning: A New Operating Principle
Throughout the session, Gartner applied a consistent structure for navigating AI security priorities: Act, Plan, and Monitor. These time horizons were used to evaluate progress across three critical lenses: using AI to improve cyber resilience, securing AI systems themselves, and defending against malicious use of AI.
This structure is designed to help CIOs balance immediacy with longer-term investment:
Act: Focus on tools that are mature and actionable today, such as policy bots, security advisors, automatic alert triage, and AI-augmented SOC platforms.
Plan: Invest in capabilities that are emerging but not yet ready for wide deployment, including vibe detection engineering, attack surface mapping, and agent ecosystem security.
Monitor: Keep track of still-developing technologies like guardian agents, LLM-based malware analysis, and distributed security automation.
Yet even this model is being tested by the pace of change. Xu cautioned that what’s considered a “Plan” today could move into “Act” within months. CIOs must design for adaptability, not stability.
“Making AI Resilient is less about planning and more about speed of execution.”
AI Agents: High Potential, Low Maturity
A case in point: AI agents. These autonomous systems can take action based on goals and context, and they represent one of the most hyped areas in enterprise AI. But Xu issued a clear warning.
“Cybersecurity is not yet ready for AI agents,” Xu stated, noting that governance and controls are lagging behind the pace of agent development.“
Key components, like the Model Context Protocol (MCP), are still in early development stages, and the security architecture to govern AI agent behavior is largely untested. CIOs should evaluate agent use cases carefully and in parallel, develop the guardrails to secure them.
Key Threats: Deepfakes and Insider Risk
Xu also addressed concrete threat vectors where AI is already active, most notably deepfakes and insider risk.
Deepfake voice and video manipulation, once a theoretical risk, is now in production and being used in attacks. Detection tools are improving, but are still unreliable at scale. Xu advised a layered approach, combining weak signal detection with contextual and behavioral analysis.
Insider threats also remain persistent. Despite significant investment in DLP tools, Xu noted little progress in reducing actual incidents. He advocates for intent-aware and context-sensitive DLP programs that reflect modern work environments and AI usage patterns.
The Leadership Imperative: AI Literacy and Operational Agility
Beyond technology, Xu emphasized a leadership shift. CIOs and CISOs must champion AI literacy within their teams and reduce reliance on vendors by building in-house expertise.
He also underscored the structural challenges of AI adoption, especially the fragmentation happening across functions.
“The main threat to good future AI security is the emergence and solidification of organizational silos between AI, D&A, compliance and security teams.”
CIOs must break down these silos to ensure fast, coordinated responses—and keep pace with change.
The Wrap
As Xu noted in closing:
“We’ve never seen anything move this fast.”
Generative AI’s impact on cybersecurity isn’t a passing phase, it’s a transformation. And for CIOs, that means rethinking how security is designed, led, and executed. Success will depend on the ability to align innovation with governance, act quickly, and stay focused on business value.
