As AI adoption accelerates, boards must rethink how they oversee technology risk. In a new piece published in Directors & Boards, Chertoff Group Executive Chairman Michael Chertoff and Head of Cybersecurity Adam Isles describe what effective AI security and safety oversight requires in a technology environment that is evolving in real time.
The Core Message
The goal is not risk elimination but sustaining trust with customers, investors and regulators through defensible security and safety programs.
Successful programs will rapidly embrace flexibility, automation and continuous visibility, which technology can supply. That said, automation must be complemented by human gating at high-impact points in a program’s life cycle, where value judgments, critical thinking, empathy, and accountability matter most.
The Stakes are High.
Generative AI has moved from emerging to ubiquitous technology. Nation-state and criminal adversaries are exploiting that scale, using AI to enrich and in some cases fully automate cyberattacks. AI systems are also increasingly targeted, and the consequences are more complex than with traditional software because agentic AI not only reasons, but can act independently, introducing the potential for rapidly compounding multistep failures.
Traditionally, corporate governance functions would look to authoritative frameworks and regulatory expectations to guide security program development. And yet the goalposts for defensible AI security and safety programs are murky.
What’s Needed
The path forward rests on three pillars:
- A risk-based, flexible approach that efficiently evaluates the properties of the AI system in question in order to define controls
- Comprehensive safeguards that include adaptable security capabilities, phased implementation and resiliency measures for when things go wrong
- Assurance both in development and at run-time
Read the full article in Directors & Boards here.
Published by MLR Media Directors and Boards magazine is a quarterly journal dedicated to the topics of leadership and corporate governance, with readers including board chairmen, CEOs, members of senior management, corporate board members and advisors.
Michael Chertoff served as the second U.S. Secretary of Homeland Security and is co-founder and executive chairman of The Chertoff Group, a Washington, D.C.-based advisory firm that helps organizations achieve their business and security objectives in a complex risk environment.
Adam Isles is The Chertoff Group’s principal and head of cybersecurity, which includes counseling business leaders on trust & safety and AI assurance.
