Leading security and technology executives shared with us their insights on AI adoption, challenges, and what lies ahead for 2025. Their perspectives offer valuable lessons for organizations navigating the complex landscape of AI implementation and governance.
2024 Highlights
What stands out to you about how organizations have adopted AI in the past 12 months?
What do you see as the biggest challenges organizations face when enabling AI for widespread use?
Do you think AI is here to stay? If so, how should organizations approach creating policies and implementing solutions to ensure effective governance and security?
Mandy Andress, CISO at Elastic
AI is here to stay and we are just beginning to see the broader capabilities it can bring us. Organizations not proactively looking at how to best leverage AI will fall behind as competitors are able to optimize for greater efficiency and enhanced decision making.
Jadee Hanson, CISO at Vanta
Stands Out -
Consumer-grade AI robots became more adaptable and practical for household tasks, marking a shift from novelty to utility. Companies increasingly leveraged AI-driven automation to streamline repetitive tasks, optimize workflows, and reduce costs. AI tools have replaced countless manual processes in many areas of our business.
Biggest Challenges
1. Cybersecurity Risks: Protecting AI systems from threats like data breaches and adversarial attacks.
2. High Costs: AI implementation, infrastructure, and maintenance require significant investment.
3. Data Quality and Availability to Ensure Usability: Ensuring access to clean, accurate, and sufficient data for AI training.
Approach In Organizations
Yes, AI is here to stay. Organizations should start to embrace AI and focus on ways to effectively and securely bring it into the organizations they support. They can do this through AI committees, external policies, developing company-wide principles on how to handle data and most importantly being transparent about these practices as part of a public trust center or website.
Tal Arad, CTO of Carlsberg Group
The actual ROI for most AI applications (especially for non tech companies) is very unclear, the investment will not necessarily pan out in the near future. Further, it seems relatively easy to use which will make sure Shadow IT will be on the rise again, with bad implementations or relying too much on public AI/LLMs resulting in data loss. Is it here to stay, absolutely. There is no getting rid of it. Orgs will probably start with putting non enforceable policies at start and potentially try to utilize existing tools (Like Microsoft E5 suite, Zscaler/other proxies etc) - ultimately will look for dedicated tools or new capabilities with existing tools.
Terry O'Daniel, Head of Security at Amplitude
1. The rapid adoption of coding copilots to produce software faster while distributing the workload to junior engineers (i.e., they can get more done than before, even with the tax of additional reviews and oversight).
2. Companies do a very poor job of asset discovery and management already. Adding AI into the mix adds complexity to managing all points of egress, SSOT for data, etc.
3. Most orgs are about a year behind where they need to be. AI is already here, and we have a small window of time to treat it transparently or we will settle into Shadow AI.
2025 Predictions
Let’s be honest: predicting the future is not an easy task, and we get it. But with everything we’ve learned about AI and its associated risks so far, we’re curious:
What trends do you expect to see more of next year? And what might fade away?
What will your focus areas be for securely enabling AI in 2025?
Mandy Andress, CISO at Elastic
2025 will be the year of agentic AI hype. Similar to the GenAI cycle, agentic AI will be evaluated to help solve many different challenges and we will better learn about its current limitations as we all become more educated.
Jadee Hanson, CISO at Vanta
Trends
Widespread usage in all industries and with heavy usage in marketing, entertainment, and design.
AI Security Solutions - That can predict and respond to threats in real time.
Enhanced transparency - Ability to understand more of the model's reasoning to provide trust in usage and meet regulatory requirements.
Fade Away
Hype without practically solving a problem. Gone will be the days of integrating AI for the sake of integrating AI. Business without a clear purpose will refocus on strategic problem solving.
AI without gov - We have seen early focus on AI governance through things like NIST AI RMF and the ISO 42001 framework. As we move forward, we will see demands for adherence to these frameworks and even more regulation.
Securely Enabling AI in 2025
Focus on Strong Governance - Right policies, consideration for ethical issues, and proper use of data to train AI models will be a large area of focus.
Focus on Security and Privacy - Principles of data anonymization, encryption, data use, and access controls should all be in place. Ongoing audits should be conducted to ensure AI usage and outputs follow all regulations.
Tal Arad, CTO of Carlsberg Group
More Shadow IT, maybe a bit more stable utilization of AI properly, beginning of AI generated malware or actual attack attempts (but no expectations it will be mature enough just yet). Focus area - identifying which LLMs run in my environment (known or otherwise), where is my data sitting and is it used for training, keeping an eye on development with external attacks utilizing LLMs.
Terry O'Daniel, Head of Security at Amplitude
The first data breach that is vaguely connected with AI usage will cause some public outcry and possibly noise from politicians, but again we are too late in our governance models--the horse is already out of the barn.
Security budgets have not blossomed to deal with the additional risk of AI, and it's unlikely this will change until pressure reaches an uncomfortable point. Then it will be a race between the government trying to regulate (albeit doing a poor and half-hearted job, given the current parties in power and their priorities) or industry self-regulating standards, a la PCI.
As we look ahead to 2025, it's clear that AI adoption will continue to accelerate, bringing both opportunities and challenges. The insights from these industry leaders underscore the critical importance of balanced, thoughtful approaches to AI implementation. Success will depend not just on technological capabilities, but on organizations' ability to establish effective governance, security measures, and ethical frameworks while delivering real business value.
