Walking the floor at RSAC 2026 is a lesson in pattern recognition. Booth after booth, banner after banner, artificial intelligence is everywhere: new product names, new taglines, new promises.
For Jay Bavisi, the concern is not the volume of AI claims but the familiar pattern underneath them: speed first, safeguards later.
“We’re rushing with the use of AI, but we’re not thinking through the implications of AI and cybersecurity with artificial intelligence. So that’s very concerning,” he said at RSAC 2026.
But the problem isn’t the branding. It’s what’s happening, or not happening, underneath it.
THE SAME AFTERTHOUGHT, DIFFERENT ERA
When Bavisi talks about AI, he keeps returning to the same underlying concern: the industry is treating governance as something that can be bolted on later, just as it once did with cybersecurity itself.
“Cybersecurity has … been an afterthought for many, many years,” he said. “We as a tech community rushed into building applications, network systems — we wanted efficiency. And then we said, oops, we forgot cyber. We’re repeating the same mistake with AI. We’re rushing with the use of AI, but we’re not thinking through the implications.”
The scale of investment makes this especially alarming. To put it in perspective, Bavisi cited the staggering financial commitment behind today’s AI race.
“It cost humans about $250 billion in today’s dollars to send Neil Armstrong to the moon. This year alone, we’re going to spend between $2.5 and $4.5 trillion on artificial intelligence.”
But here’s the statistic that should keep every board member up at night: while 84% of Fortune 500 companies now reference AI in their 10-K filings, only 18% have a fully implemented AI governance model in place.
“One in five companies on the Fortune 500 actually have a full-fledged governance model,” Bavisi said. “There is a tremendous amount of danger with the way we are governing AI. Or not governing.”
CISOS: HANDED THE KEYS TO A CAR THEY DIDN’T ORDER
Asked what this looks like inside organizations, Bavisi pointed immediately to the position CISOs have been put in: accountable for a fast-moving category they often did not choose, scope, or resource.
“I kind of feel sorry for CISOs,” he said. “Chief information security officers have traditionally been dealing with infrastructure, cloud applications, the standard protocols and surfaces we’ve been used to. And now comes this new era called AI, and it’s almost thrown at them.”
The dynamic he describes is one many security leaders will recognize immediately. AI programs are being stood up by program managers, CIO offices, and enthusiastic business units, and then the CISO is handed responsibility for protecting something they had little hand in designing.
“You, the CISO, are responsible for protecting it,” he said. “But then comes the question: how many red teamers are actually prepared to test AI models? What kind of governance frameworks do we have within an organization for implementation and governing of AI? These are all questions thrown at CISOs, with the instruction to just go manage it.”
The gap, he argued, is not just technical. It is organizational: responsibility is being assigned faster than capability, training, and governance are being built around it.
THE GOVERNANCE RECKONING IS COMING
On regulation, Bavisi’s view was straightforward: organizations treating AI governance as optional are moving against the broader direction of policy and oversight.
The EU AI Act is already in motion. NIST has published its AI Risk Management Framework. ISO 42001 is gaining traction. And Bavisi points out that 72 countries across the globe already have some form of AI framework in place.
“By 2027, this will all get mandated,” he said. “All organizations that are utilizing AI today and thinking, ‘Hey, this is going to be great’ — the boards are going to be required to implement some form of a framework. The SEC is certainly going to implement a requirement for AI framework governance.”
“There’s prompt injection, there’s LLM model takeovers, there’s data poisoning, agentic AI. All of these things are happening. So I really think we’ve got to put some structure in place, and governance is coming.”
The window to get ahead of it is closing. And the attack surface is only growing more complex. Bavisi ticked through a list that captures just how much has changed: prompt injection, LLM model takeovers, data poisoning, agentic AI running autonomously in enterprise environments.
THE ADG FRAMEWORK: ADOPT, DEFEND, GOVERN
Bavisi said the framework grew out of a year of research and debate with EC-Council’s AI advisory committee, which includes leaders from large enterprises such as Prudential, JP Morgan, Microsoft, and Salesforce. The result is the ADG Framework, Adopt, Defend, and Govern, which he described as a free blueprint for organizations trying to bring more structure to AI security and governance.
Adopt starts at the end-user level, but it goes well beyond phishing awareness. “The security awareness program that we’ve been doing for the last 20 years — that’s not going to work anymore,” Bavisi said. “We’ve got to think about: how am I going to use AI securely? What is prompt injection? End users are going to have to know about this. They need to understand that LLMs can be poisoned.”
Defend focuses on what happens once AI is implemented and the governance questions become concrete. Who owns the program? What is the escalation path? How is third-party risk being managed? Bavisi said those are the questions organizations need to answer early, not after deployment.
Govern addresses the compliance reality now taking shape. For professionals used to thinking in terms of ISO 27001, the landscape is expanding quickly as AI-specific frameworks take hold across jurisdictions.
Rounding it out: a Certified Offensive AI Security Professional credential, designed to take today’s certified ethical hackers and pen testers and arm them with the skills to red team AI models specifically.
THE TALENT GAP JUST GOT LARGER
The cybersecurity industry was already operating with a known deficit, more than four million unfilled positions globally before AI entered the picture. The question now is whether AI makes that gap better or worse.
Bavisi’s answer is nuanced, and probably more optimistic than most people expect, with an important asterisk.
“AI will eat some jobs,” he said plainly. “In the security operations center, the L1 jobs, and now L2, are almost vanishing. AI agents are able to do that job much better, more efficiently, at lower cost.”
“I don’t think the job market is going to vanish. I think it’s actually going to explode,” he continued. “The number of cybersecurity professionals we’re going to require with AI is going to be much higher than without AI. The only difference is that the professionals we need to build will have higher capability and higher demonstrable ability.”
The roles most at risk are the high-volume, lower-complexity jobs. The roles being created, he said, require deeper specialization: digital forensics experts, AI red teamers, AI program managers, and professionals focused on responsible AI governance and ethics.
“This talent is rare. It’s a good time for cyber professionals to uplift themselves and help organizations deal with this new maze called artificial intelligence.”
“OVER-AI-FYING”: THE RISK NOBODY’S TALKING ABOUT ENOUGH
The conversation took a fascinating turn near the end when the question of AI accountability came up. Who is responsible when an AI system causes harm or makes a consequential error?
“You cannot outsource the security. The risk will always remain with you,” Bavisi said. “The same is true with governance. You can use any platform out there, and that’s great. But the risk belongs to the organization.”
He also offered a stark glimpse at where the threat landscape is heading.
“We live in a world where AI now has its own social networks,” he said. “They can social engineer us now. AI is now able to blackmail human beings.”
“When robot engineering matches AI, you’re going to have humanoids,” he added. “Star Wars is not as far away as we thought it was.”
His broader point was that organizations are moving faster than their structures for accountability, training, and governance can keep up, and that the risk does not disappear just because a vendor or platform sits in the middle.
