The weekly read on verification debt — for leaders who own the control plane.

The Pattern

This was the week three things converged onto one conclusion: AI is identity’s problem now.

The European Parliament voted to amend the EU AI Act, delaying enforcement while preserving the regulatory structure. The post surfacing the vote drew 2,011 reactions — by a wide margin the largest signal this briefing has tracked. Michael Lee, with 576 reactions behind him, named the underlying market shift: AI models are becoming a commodity, and the moat is now everything the model is wrapped in. KPMG retracted an AI-generated report on UBS after the kind of hallucinated content that ran EY through the same news cycle in Issue 01. Different Big Four firm. Same failure mode. Identical conclusion: the verification layer has to live somewhere.

All of this happened in the same week as Identiverse — the identity industry’s largest annual conference, where the entire conversation pivoted to AI agents, non-human identities, and the operating model required to govern both. SailPoint acquired Entro Security, signaling that the identity market is now consolidating around non-human identity governance. Rohan Pinto framed it as “Human on Top.” Jason Keenaghan asked the question directly on stage: is securing agentic AI an identity problem? The room said yes.

The pattern: the AI agent problem just moved to identity’s home turf — and the market is reorganizing to meet it there.

Last week, the buyers reframed AI procurement as control procurement. This week, the identity industry stepped forward as the discipline that owns the control layer. Capability is the floor. Control is the moat. And the moat is being dug by the identity vendors that have been building this substrate for twenty years.

Thesis. AI governance is now an identity discipline. The institutions that already operate mature identity programs get most of the AI governance work for free. The ones that built their AI strategy without their identity team in the room will rebuild it.

The Signals

01 · The European Parliament voted to amend the EU AI Act

The Signal. The European Parliament voted to amend the EU AI Act, delaying enforcement dates while keeping the regulation’s core structure largely intact. The surfacing post drew 2,011 reactions — by a wide margin the largest single engagement signal this briefing has tracked across five issues (Patel, LinkedIn, 16 June).

The Lineage Gap. This is the second EU enforcement step-back the briefing has tracked. Issue 02 covered the December 2027 effective-date slip. This week’s amendment is the formal parliamentary action. The pattern is now a posture: the regulator wants the framework on the books and the deadlines pushed. The institutions reading this as relief are missing the structural point. Enforcement delay does not erase the regulatory architecture — it concentrates the audit risk for the institutions whose AI behavior is documented in public press releases, vendor case studies, and quarterly earnings calls. When the AI Act eventually enforces, the institutions with five years of undocumented deployment behind them face a different conversation than the ones with five years of audit logs. The delay is a gift only if you use the runway.

Boardroom Prompt. If the AI Act became enforceable next quarter, could your institution produce the documentation a high-risk classification requires — or would the gap between “ready” and “compliant” be visible from outside?

02 · KPMG retracted an AI-generated report on UBS after hallucinated claims

The Signal. KPMG retracted an AI-generated report on UBS after the report contained hallucinated claims about the bank. Oliver Bussmann’s surfacing of the story drew 137 reactions and surfaced the obvious comparison: this is EY in Issue 01, with a different Big Four name on the letterhead (Bussmann, LinkedIn, 13 June).

The Lineage Gap. The second Big Four retraction in five weeks of this briefing makes the failure mode official, not anecdotal. Sailesh P. wrote the sharpest reframe (Signal 06 below): the issue is not AI generation. It is AI verification. Both firms produced credible-looking output. Both firms shipped it. Both firms discovered, after publication, that the verification step had not survived contact with production. The Four Pillars failed in identical sequence — grounding (no anchor to a real UBS source), scope (the model extrapolated into firm-specific claims), provenance (no trace back to the actual statement), drift awareness (no signal flagged the fabrication). When the same failure happens twice in five weeks in the same vertical, it stops being an incident and starts being a category. The category is “external assurance produced by AI without an enforced verification step.”

Boardroom Prompt. For every external document your institution publishes that involved AI generation, what verification step is enforced before publication — and is that step distinct from the generation step?

03 · Michael Lee: AI models are becoming a commodity

The Signal. Michael Lee (576 reactions) named the market reality the buyers were already pricing into procurement decisions. AI models are commoditizing. The real moat is the system the model lives inside: governance, permissions, workflows, orchestration, evaluation, observability. The model is no longer the strategy. The system is (Lee, LinkedIn, 18 June).

The Lineage Gap. This is last issue’s “capability is the floor, control is the moat” thesis stated with broader market authority. When 576 reactions land on a commoditization argument inside a week, the market consensus has crossed the threshold from “emerging view” to “operating assumption.” The implication for procurement is direct: the vendor who arrives with the best model and the worst system loses to the vendor who arrives with the second-best model and a real system around it. The Five Questions are system properties, not model properties. Who authorized it? lives in the orchestration layer. Who can revoke it? lives in the permissions layer. Who is it economically aligned to? lives in the observability layer. The institution buying “an AI” needs to buy the system. The institution buying “a model” is buying the loss leader.

Boardroom Prompt. When you next evaluate an AI vendor, will the scorecard weight the model, or the system around it — and what is the weight you assign to each?

04 · Rohan Pinto at Identiverse: “Human on Top” as the governance frame

The Signal. Rohan Pinto (161 reactions) connected Identiverse 2026’s biggest themes — AI agents, non-human identities, the runtime authority problem — to a single governance framework he called “Human on Top.” The argument: agents and non-human identities have to operate beneath a human-controlled authority layer, not parallel to it (Pinto, LinkedIn, 16 June).

The Lineage Gap. “Human on Top” is the architectural correlate of last issue’s structural Chief AI Officer signal. The early agent deployments put humans next to AI — review queues, periodic audits, ethics committees that meet quarterly. Pinto’s reframe is structural: the human authority is not adjacent to the agent stack; it sits above it, owning the delegation chain. The Five Questions all answer back up to that human authority. Authority is delegated downward through scopes, time bounds, and budgets; accountability flows upward through audit logs, exception escalations, and revocation events. The institutions that build their agent architecture this way get governance for free at runtime. The ones that don’t will spend Q3 retrofitting it onto deployments that were architected without an authority chain in mind.

Boardroom Prompt. For every AI agent in your environment, is there a named human at the top of its delegation chain — or does the chain terminate inside the vendor’s platform?

05 · SailPoint acquired Entro Security — NHI consolidation accelerates

The Signal. SailPoint acquired Entro Security, an early leader in non-human identity governance. Eric Thacker (64 reactions) framed the deal as a market signal: non-human identity governance is now becoming core infrastructure for the identity platform, not an adjacent capability. The acquisition is part of a consolidation wave that began earlier this year and is accelerating (Thacker, LinkedIn, 15 June).

The Lineage Gap. The acquisition is the market voting on Issue 04’s permission-layer thesis. Identity vendors are not adding “AI agent support” as a feature — they are buying the companies that own the non-human identity governance primitives. Service accounts, machine identities, agent tokens, scoped credentials, time-bounded delegations — these stop being IAM corner cases and become the central category. The vendor that arrives at the next Identiverse with the most mature NHI stack is the vendor your CISO will be evaluating in Q4. The vendor that arrives with only human identity is selling the past. The institutions choosing identity platforms in the next six months should be asking exactly one question: what is the NHI architecture and is it credible.

Boardroom Prompt. In your current identity platform, how many distinct types of non-human identity are governed today — and what is the audit log telling you about the rest?

06 · Sailesh P.: the KPMG story isn’t really about KPMG

The Signal. Sailesh P. (76 reactions) wrote the sharpest commentary on the KPMG retraction. The issue is not AI generation. It is AI verification. Every organization producing AI-generated content has the same exposure. KPMG just discovered it publicly (Sailesh P., LinkedIn, 15 June).

The Lineage Gap. The reframe is the entire briefing in two sentences. Verification debt is what accumulates between generation and publication when no controlled checkpoint catches the gap. The Five Questions answer this directly: at the moment of publication, can your institution produce the chain from claim → source → confidence interval → reviewer → approval? Most institutions cannot, because the AI tools were adopted faster than the verification workflow was redesigned. The interesting question is not how KPMG let this happen. The interesting question is how many institutions are producing similar artifacts right now without realizing it — because the failure mode is silent until the subject of the report happens to notice the fabrication.

Boardroom Prompt. For every external artifact your institution published with AI assistance last quarter, can you produce the verification chain on demand — or only the generation chain?

07 · Jason Keenaghan asked Identiverse the structural question

The Signal. Jason Keenaghan (20 reactions) asked the question that framed half of Identiverse 2026: is securing agentic AI an identity problem, or a new end-to-end security discipline? His own answer leaned identity — but acknowledged the discipline boundaries are still being negotiated in real time (Keenaghan, LinkedIn, 16 June).

The Lineage Gap. The discipline boundary question matters because budget follows discipline ownership. If agentic AI security is an identity problem, the budget sits with IAM. If it is a separate discipline, the budget sits in a new line item that will be invented in the next planning cycle. The institutions that already have mature identity programs will quietly absorb the AI governance scope without doubling headcount — and the ones that don’t will discover that “AI governance” requires hiring a team that turns out to have the same skill profile as the IAM team they did not invest in. Identity is the most mature discipline closest to the agent problem. The market is voting on that proximity through acquisitions, conference programming, and budget reallocation. Keenaghan is naming the vote out loud.

Boardroom Prompt. Inside your organization, who currently owns the AI agent security budget — IAM, security, AI strategy, or three people pointing at each other?

08 · Regis Haegler: AI as the cheap-now, expensive-later business model

The Signal. Regis Haegler (65 reactions) warned that AI is starting to look like the next great cheap-now, expensive-later business model — capability bundled at attractive pricing today, with the real cost trajectory revealed only after the institution has committed. Boards should stress-test costs, usage, lock-in, and exit options before the conversion happens (Haegler, LinkedIn, 18 June).

The Lineage Gap. Haegler is naming the economic shape of last issue’s consumption-cost shift. The current price of frontier AI does not reflect the cost at scale, the cost of model upgrades, or the cost of the verification stack that will eventually be required by regulation or contract. The Five Questions need a financial answer at runtime — Who is it economically aligned to? — and that answer changes when the vendor’s pricing model changes. The institutions that wire exit options into their AI architecture now keep their leverage. The ones that don’t will discover, in the second or third quarter of dependency, that the cheapest path forward is the one the vendor has the most pricing power over. Exit options are a verification debt control, not just a procurement concern.

Boardroom Prompt. For every consequential AI vendor in your stack, what is your documented exit plan — and what would it cost to execute in the next two quarters?

09 · Russ Pearlman: minimum viable governance is a category mistake

The Signal. Russ Pearlman (30 reactions) argued that AI governance should be calibrated to use-case risk, not minimized like an MVP. The MVP frame assumes failures you can afford. Most AI failures in regulated industries are failures you cannot afford. Governance should be proportional to consequence, with platform-level controls applied where the stakes warrant them (Pearlman, LinkedIn, 17 June).

The Lineage Gap. Pearlman’s piece is the calibration argument behind last issue’s Gartner warning that uniform AI governance will cause enterprise failures by 2027. The MVP frame is doubly wrong for AI governance: it imports a startup mental model into a regulated context where the wrong AI output produces a public retraction, a regulatory inquiry, or a class action — none of which are failure modes you can afford to ship and learn from. Proportional controls require risk tiering at the platform level, not at the application level. The institutions that build platform-level governance primitives — identity, scoping, logging, kill switches — can apply them proportionally. The ones that build governance per-application will build the controls four times and still miss the use cases the controls were supposed to catch.

Boardroom Prompt. For your top three AI use cases, is the governance posture calibrated to the worst-case consequence — or to the average-case workflow?

10 · Mandy Andress: AI-driven impersonation is changing the trust model

The Signal. Mandy Andress (12 reactions) wrote that AI-driven impersonation attacks — synthetic voices, deepfaked video, model-generated text indistinguishable from a known sender — are making trust and identity verification central security concerns. The attack model has changed; the verification model has not kept up (Andress, LinkedIn, 18 June).

The Lineage Gap. Andress is naming the Unauthorized Twins quadrant of the keynote 2×2 in its operational form. Likenesses spun up in minutes, no tie to the real human, indistinguishable from authorized communication. The Five Questions all break at the impersonation boundary — Who created it? and Who authorized it? become identity verification problems before they become governance problems. The institutions that built passwordless, phishing-resistant authentication for their workforce are now adequately protected against the inbound version of these attacks. The ones still operating on shared secrets and SMS codes are not. The convergence with this issue’s Pattern is direct: AI agent governance and AI-driven impersonation defense share an identity substrate. The institutions investing in one get most of the other.

Boardroom Prompt. If a deepfake of your CEO instructed your treasury team to authorize a wire transfer tomorrow, what would catch it — and would it catch it before the wire posted?

The Verification Debt Tracker

The 2×2 from From Artificial to Verified Intelligence. Signal counts this week, with direction vs. last issue.

The Agents & Workers quadrant held at 6 — five consecutive issues at the plateau, a steady-state read of the governance conversation. Adversarial Swarms held at 3, but the qualitative magnitude jumped on the back of two signals: the EU AI Act amendment (the largest engagement signal this briefing has tracked) and the second Big Four AI retraction in five weeks. Unauthorized Twins moved from 0 to 1 — the first signal in this quadrant since Issue 02 — driven by Andress on AI-driven impersonation. The keynote taxonomy’s most feral quadrant is no longer quiet.

Monday Morning

Three things to do next week.

01 · Get your identity team in the room. Map every AI deployment against your identity program — every agent should have an identity record, an authorization chain, a delegation scope, and a kill switch in your IAM system. If your CIAM or IAM team was not in your last AI architecture review, that is the gap. Fix that before your next planning cycle.

02 · Apply the KPMG retraction lens to your own institution. Where is AI-generated content reaching external audiences — clients, regulators, partners, public — without an enforced verification checkpoint? The KPMG event is the second Big Four retraction in five weeks. The third will be more expensive for whoever it lands on. Audit your verification workflows this quarter, not next.

03 · Pressure-test your posture for an EU AI Act enforcement surprise. Enforcement dates are slipping, not disappearing. Document what compliance would look like today, even if you do not have to demonstrate it yet. The institutions that arrive at enforcement with documentation ready will pass through. The ones writing it under deadline will not.

The Reading Room

Three pieces worth your time this week.

• Steve Tout — Intent Is the New Perimeter (LinkedIn, 16 June, 34 reactions). The briefing’s author published a longitudinal analysis of three years of Identiverse session data this week, arguing that identity has crossed a perimeter shift from credentials to intent. Companion read to this issue’s Pattern, and the empirical case for the “AI is identity’s problem now” conclusion.

• Alexandra C. — Operational reality of AI governance is missing from theory (LinkedIn, 18 June, 26 reactions). Argues that AI governance must move from declarative theory to deterministic runtime controls — telemetry, policy-as-code, and enforced revocation. The Carolyn Cotelli signal from Issue 04 made operational.

• Khwaja Shaik — One Executive Order. Your AI Goes Dark. What’s Your Board’s Plan? (LinkedIn, 17 June). The geopolitical dimension of vendor concentration. If a sanctions order tomorrow cut your access to a frontier model, what is your continuity plan? Most boards have not asked the question.

Trust is expensive. So is its absence.

The Verified Intelligence Briefing is written by Steve Tout, Founder & CEO of Identient and author of The CISO on the Razor’s Edge. It draws from the curated Daily Signal corpus and the Verified Intelligence framework introduced in From Artificial to Verified Intelligence.

If this issue clarified something for you, forward it to one colleague who owns part of the control plane. New here? Subscribe to get The Briefing every Friday morning.

Subscribe now

Reply or comment with the question you’d want answered in next week’s issue — your prompt may become Boardroom Prompt #1.

Connect with Steve: LinkedIn · identient.com · stevetout.com

Last month, in CIO, I argued that identity as we know it is dying, and that AI governance now starts with lineage, not logins. That piece was a thesis. It named the problem: when AI entities act, decide, and speak on your organization’s behalf, access stops being the point, and authorship takes over.

This is the answer to that thesis. AuthR, short for Authorship Representation, is a

proposed framework that makes authorship a verifiable layer in the identity stack, alongside authentication and authorization rather than bolted on after the fact. The CIO piece ended on a single line: every AI entity you deploy carries a lineage, and the companies that can trace that lineage will govern it. AuthR is how you trace it.

I am publishing this the week the identity community convenes at Identiverse, where, for the first time, there is a dedicated Non-Human and Agentic AI Identity track and a pavilion to match. The agenda has caught up to the problem. What the conversation behind it needs is an operating model for accountability. That model is authorship.

From access control to authorship

For two decades, identity and access management has answered two questions. Who are you, and what are you allowed to do. Authentication and authorization. They were built for a world where a human sat at a keyboard, signed in, and performed a discrete action they were accountable for by default. The human was the author, because the human was the only thing in the loop.

Agentic AI breaks that assumption quietly. An orchestrator delegates to a sub-agent, which delegates to a tool, which calls a service, across a workflow that runs for hours and re-plans itself as conditions change. Every hop carries a valid token. Every call is in scope. And nowhere in that chain is there a field that says whose judgment this was, or whether the action still reflects what a human actually authorized.

That is the gap. Authentication proves who is present. Authorization proves what access was granted. Neither proves whose judgment was represented, or who is responsible when an in-scope action serves a goal no human ever set. As enterprises move from AI that assists to AI that executes, that third question stops being academic and becomes the one the audit committee, the regulator, and the incident responder all ask first.

Authentication proves who. Authorization proves what. Authorship proves whose judgment, and who answers for it. The first two were enough when humans pushed the buttons. They are not enough when agents do.

A maturity model for agentic accountability

The useful way to think about this is not a binary, accountable or not, but a maturity scale. Four rungs, defined by what an auditor or an incident responder can actually reconstruct after an agent acts.

Rung 1 — Attributed to a credential. The action traces to a token or a service account. You know a call was made and which machine identity made it. You cannot say which human stood behind it or why. Most agent deployments live here today. An investigator accepts this only because there is nothing better on offer.

Rung 2 — Attributed to a delegation chain. The action traces back through the hops, actor by actor, using mechanisms like token exchange and on-behalf-of. You can see that an orchestrator delegated to a sub-agent. This is real progress, and it is roughly the ceiling of what current standards provide. But the chain records who passed the baton, not whose judgment authorized the run, and not whether the result still matches the original purpose.

Rung 3 — Bound to a human author and intent. A grounded human author mints a signed root record. The original purpose, the why, travels as a first-class object across every hop. Scope can only narrow downstream, never widen. Now an in-scope action that contradicts the authored intent is visible, because there is an intent to compare it against.

Rung 4 — Continuously evaluated against drift, with revocation supremacy. The gap between original intent and runtime behavior is monitored as a live condition, not a decision settled once at grant time. When an agent re-plans, accumulates memory, or is reshaped by external data far enough from its mandate, the system flags it for re-anchoring or human review. A single revocation signal shortcuts the entire chain and invalidates authorship at every enforcement point at once. This is authorship engineered into the design, not reconstructed after an incident.

Map the agentic identity tooling you are being shown against this scale and the pattern rhymes with every maturity model: the decks claim Rung 4, the products sit between Rung 1 and Rung 2. That gap is where the diligence happens.

What this looks like when the threat is real

The reason this is not a thought experiment is that the failure mode already has CVE numbers.

In June 2025, researchers disclosed EchoLeak, a zero-click attack on Microsoft 365 Copilot. A single crafted email caused the agent to read internal files and exfiltrate them, with no user interaction. The researchers named the failure an LLM Scope Violation: untrusted external input steering an agent into accessing and revealing data it was fully authorized to touch. Every permission check passed. The compromise rode entirely on actions that were in scope.

Seven months later the class returned. Microsoft assigned a new CVE for the same pattern in its agent-building platform, and in that case the vendor’s own data-loss controls flagged the request while the data moved anyway, because it traveled on an authorized action. OWASP now ranks this pattern, Agent Goal Hijack, as the leading agentic risk for 2026.

Notice what none of the existing rungs would have caught. The credential was valid. The delegation chain was intact. Scope never escalated. The only thing that was violated was the user’s intent, and intent was the one thing nothing in the stack was carrying. That is the precise gap AuthR’s intent and drift primitives exist to close, and it is why the answer has to be structural rather than another patch on another path.

Regulators have already named it in the same language. The 2026 FINRA Annual Regulatory Oversight Report lists among its leading generative-AI risks that agents may act beyond the user’s actual or intended scope and authority. When the regulator and the attacker are describing the same failure, the layer that closes it is no longer optional.

What to ask every agentic vendor at Identiverse

Three questions. Useful in any booth conversation this week.

One. Show me where the human author is bound. Not the service account, not the token. The grounded human whose judgment this agent represents. If the vendor can only show you a machine identity, the agent is at Rung 1 or 2, and accountability stops at a credential.

Two. Show me the intent, and show me drift. Ask to see where the original purpose of a workflow is recorded as a first-class object, and how the system detects when runtime behavior has wandered from it. If the answer is scope and policy alone, you have boundaries, not authorship. Boundaries tell you what the agent can do. They do not tell you whether what it is doing still reflects what was asked.

Three. Show me revocation across the whole chain. Pick a delegated, multi-hop workflow. Ask how a single revocation invalidates authorship at every downstream enforcement point at once, not system by system, after the fact. If revocation is a reconstruction project, accountability is too.

These three will sort the room.

Where AuthR sits, plainly

AuthR is a proposed framework, published at v0.1, and I am deliberately precise about what it is and is not. It does not replace authentication or authorization. It is designed to complement existing standards and infrastructure, OAuth, SAML, OIDC, SPIFFE/SPIRE, verifiable credentials, and the agentic-identity work emerging from CoSAI. It adds one layer those mechanisms structurally cannot provide: a verifiable record of who authored a decision, what executed it, why, within what boundaries, shaped by what lineage, and whether conditions drifted far enough to require review.

It is also one layer, not the whole stack. Least privilege, input handling, outbound controls, and runtime monitoring all still belong in the defense. There are credible voices who argue that intent is hard to evaluate deterministically, and they are right that no single control closes the gap. AuthR’s claim is narrow and, I think, defensible: authorship is the layer that travels with the action and answers the question the others cannot, and the field is converging on the idea that intent is becoming the new perimeter. AuthR v0.1 makes that concrete enough to test, challenge, and build on.

the field is converging on the idea that intent is becoming the new perimeter.

The materials, a working paper, draft specification, schema, an interactive playground, and reference implementation resources, are open for exactly that. This is an invitation to the identity and security community to help shape the structure, not a finished product pretending it is done.

At Identiverse this week?

I am not on the floor at Mandalay Bay this year, but I am running virtual briefings all week, June 15 to 18, for anyone working the same problem from the inside: identity architects, CISOs, CIOs, AI governance leads, standards contributors, and the vendors building in the Non-Human and Agentic AI Identity track.

If you want to walk the AuthR maturity model against your own agentic stack, see the CFO wire-transfer scenario run live in the playground, or just argue with the assumptions, I would genuinely welcome the conversation. A briefing, a demo, or a 15-minute chat with no deck. Bring your hardest objection.

Review the AuthR v0.1 materials at identient.com/authr or send an email to steve@identient.ai to request a briefing. The agenda has finally named the problem. Let’s talk about who answers for it.

Steve

Subscribe now

The weekly read on verification debt — for leaders who own the control plane.

The Pattern

The enterprise buyer just shifted the AI conversation from capability to control.

Arvind Jain crystallized it: enterprise AI buyers are now prioritizing governance, control, economics, and flexibility over model benchmarks and vendor lock-in. The new procurement question is not “which model is best?” It is “which deployment is governable?”

The week’s signals all pointed at the same shift from different angles. ServiceNow disclosed a customer data breach that propagated through its SaaS customer base — a reminder that the platform layer is where verification debt is now most visible. Claude Fable 5 launched and drew enterprise concern, not for its capabilities, but for what its capabilities mean: another step deeper into model dependency for institutions that have not yet figured out their lineage chain. Brad Wolfe argued the real winner of the enterprise AI race is not the best model — it is the best distribution. Anthropic’s Big Four pipeline is the moat, not the benchmarks.

Underneath, the operating layer is starting to take shape. Carolyn Healey named the shift from labor cost to consumption cost — the economic substrate of every AI investment thesis. Birgul Cotelli named the maturity shift from principles to operational mechanisms — decision frameworks, audit trails, escalation protocols. Arkadiy Miteiko called it directly: permission is the next trillion-dollar AI problem. Not smarter models. Runtime governance.

The pattern: the enterprise AI market just moved from a benchmark race to a governance race — and the buyers, not the vendors, are setting the rules.

This is the Issue 03 thesis pulled forward by a quarter. Last week, the security community renamed the agent problem as an identity problem. This week, the enterprise buyer renamed AI procurement as a control procurement. The vendors that understand both will be the ones the Big Four resell. The ones that do not will compete on benchmarks while the market moves on.

Thesis. Capability is now the floor. Control is the moat. The institutions that price control into their AI procurement now will set the standard the rest of the market will spend 2027 catching up to.

The Signals

01 · Arvind Jain: enterprise buyers are reassessing AI tradeoffs

The Signal. Arvind Jain (208 reactions) wrote this week that enterprise AI buyers are reassessing tradeoffs they were ignoring eighteen months ago. The new priorities: governance, control, economics, and flexibility. The deprioritized: raw benchmarks and vendor lock-in. Procurement conversations are now starting from “show me your control plane” instead of “show me your evals” (Jain, LinkedIn, 11 June).

The Lineage Gap. Jain is naming what every other signal this week is also naming. The buyer-side conversation has moved. The vendor that arrives with the best benchmarks and the worst auditability is now losing deals to the vendor that arrives with mid-tier benchmarks and a real lineage chain. The Five Questions are now procurement questions. Who created it? — name your data sources. Who trained it? — show your scope boundary. Who authorized it? — describe your delegation model. Who can revoke it? — what is your kill switch SLA. Who is it economically aligned to? — show your cost-per-decision math. The vendors that answer cleanly are pulling ahead. The ones still selling capability are wondering why their pipeline went quiet.

Boardroom Prompt. In your last three AI vendor evaluations, what percentage of the scorecard was control, governance, and economics — and what percentage was capability?

02 · ServiceNow disclosed a customer data breach

The Signal. ServiceNow confirmed a security incident exposing customer data, drawing 1,065 reactions on the surfacing post — by a wide margin the highest-engagement signal of the week (Mark P., LinkedIn, 10 June). The breach hit a platform that sits inside the workflow infrastructure of most Fortune 1000 enterprises and a meaningful share of the federal government.

The Lineage Gap. The ServiceNow breach is the platform-layer correlate of last week’s Meta helpdesk hijack. Where Meta’s incident showed an AI agent crossing the line from automation to privileged access, ServiceNow showed the broader pattern: SaaS platforms are now an identity perimeter for thousands of customer organizations, and a single vendor compromise reshapes the threat model for every downstream institution. The Five Questions all break differently at the SaaS layer — who can revoke it? is the most painful, because in the worst case the answer is your vendor, on their schedule. Verification debt at the platform layer is the most leveraged exposure in the enterprise stack. One breach. Thousands of audit committees.

Boardroom Prompt. How many SaaS platforms in your environment hold identity, workflow, or transaction data that would create a regulatory incident if compromised — and what is your verification posture for each?

03 · Claude Fable 5 raised model dependency concerns inside the enterprise

The Signal. Alex Lamascus wrote (29 reactions) that the launch of Claude Fable 5 — the latest Mythos-class frontier model — is being received in enterprise communities with more concern than excitement. The capability gains are clear; so are the implications for model dependency, vendor lock-in, control, and auditability (Lamascus, LinkedIn, 11 June).

The Lineage Gap. The Claude Fable 5 release is the technical evidence underneath the buyer reassessment Arvind Jain named. Better capability does not reduce verification debt — it concentrates it. The more capable the model, the more decisions the institution is willing to delegate to it; the more decisions delegated, the deeper the lineage problem when something goes wrong. The Four Pillars all get harder, not easier, with capability increases. Grounding gets harder because the model now extrapolates more confidently. Scope gets harder because the surface of plausible-looking but out-of-scope outputs widens. Provenance gets harder because reasoning chains are longer. Drift awareness gets harder because the baseline of “expected behavior” is itself shifting with every model upgrade. The enterprise concern is the right concern.

Boardroom Prompt. For every model upgrade your institution adopts, what verification work is required before the upgrade is allowed into a regulated workflow — and what is the SLA on completing it?

04 · Brad Wolfe: Anthropic is winning on distribution, not benchmarks

The Signal. Brad Wolfe argued (24 reactions) that Anthropic’s real win in the enterprise AI race is not the model. It is the distribution: the Big Four pipeline, the consulting integration, the enterprise sales motion happening inside KPMG, EY, PwC, and Accenture. Anthropic did not have to sell to the enterprise — the enterprise’s advisors sold for them (Wolfe, LinkedIn, 6 June).

The Lineage Gap. The Big Four distribution thesis is the strategic logic underneath three issues of this briefing. Issue 01 covered the KPMG-Anthropic alliance. Issue 02 covered the 50,000 internal EY agents and the PwC 250-agent disclosure. This week, Wolfe names the move directly: the model is the loss leader; the distribution is the business. For the institutions on the receiving end of that distribution — the audit clients, the advisory clients, the implementation clients — the consequence is structural. Every Big Four engagement now has an Anthropic-flavored AI layer underneath it, governed by the Big Four’s controls, attached to the client’s signature. The vendor relationship was never directly transactional. The verification debt is, however, directly inherited.

Boardroom Prompt. For each of your top three professional services vendors, do you know which frontier model is inside their delivery stack — and what your verification rights are when their output reaches your work product?

05 · Carolyn Healey: AI spend per employee keeps climbing

The Signal. Carolyn Healey wrote (205 reactions) that AI spend per employee is rising as organizations shift from labor cost to consumption cost. The economic structure of every AI investment thesis is now consumption-based — and consumption without governance turns into either runaway cost or quiet under-utilization, both of which surface in the wrong board meeting (Healey, LinkedIn, 5 June).

The Lineage Gap. The consumption-cost shift is the financial form of last issue’s tokenmaxxing signal, but Healey frames it in the language the CFO will actually use. Labor cost is predictable; consumption cost is not. Labor cost has a known monthly maximum; consumption cost has only a usage maximum, which most enterprises have not set. The institutions that have already wired consumption controls into their FinOps stack — by agent, by team, by decision tier — are the ones whose AI budget will not blow up the Q3 forecast. The ones that have not will discover the answer in a variance presentation to the audit committee. Unit economics is not optional once consumption replaces labor.

Boardroom Prompt. What is your cost per AI-assisted decision in your highest-volume workflow — and how does it compare to the labor cost it was supposed to replace?

06 · Birgul Cotelli: governance is shifting from principles to operational mechanisms

The Signal. Birgul Cotelli (39 reactions) named the maturity shift happening across enterprise AI governance programs — from quoting principles (fairness, transparency, accountability, safety) to operating mechanisms (decision frameworks, audit trails, escalation protocols, regulatory documentation). The shift is being driven by regulatory pressure, board-level scrutiny, and the realization that principles do not survive contact with production (Cotelli, LinkedIn, 6 June).

The Lineage Gap. Principles tell you what you want to be true. Operational mechanisms tell you how to discover when it is not. The Five Questions are operational mechanisms — they only mean something when the answer is producible on demand, in a format that withstands audit. Most enterprise AI governance programs are still at the principles stage. They have a fairness statement, an ethics committee, and a published charter. They do not yet have the audit log that lets them prove a specific decision met the standard the charter describes. The institutions that move from principles to mechanisms in Q3 will be the ones that handle the first regulatory probe in Q4 without a scramble.

Boardroom Prompt. Of the AI governance principles your organization has published, how many have a corresponding operational mechanism that produces evidence on demand?

07 · Arkadiy Miteiko: permission is the next trillion-dollar AI problem

The Signal. Arkadiy Miteiko (21 reactions) wrote that the next major infrastructure layer in AI is not smarter models. It is runtime governance and permission — the policy plane that decides, for every action, whether the agent is authorized to take it, with what scope, on whose behalf, against what budget. He called it the next trillion-dollar AI problem (Miteiko, LinkedIn, 7 June).

The Lineage Gap. Miteiko’s piece is the architectural conclusion of last issue’s Zero Trust convergence. Identity is the perimeter. Permission is the runtime layer above it. Every Five Questions answer becomes a permission decision at execution time: who authorized it becomes a policy check; who can revoke it becomes a session lifecycle; who is it economically aligned to becomes the budget envelope the policy engine enforces. Most enterprise AI deployments today have no permission layer. They have a service account, a token, and an unbounded scope. The vendor that ships the permission layer with the right primitives — least privilege, scoped delegation, runtime revocation, budget enforcement — becomes the IAM company of the next decade.

Boardroom Prompt. For every AI agent operating in your environment, is there a policy decision evaluated on every action — or only at provisioning?

08 · IBM: human-speed governance is structurally failing agentic AI

The Signal. Nathaniel Niyazov surfaced an IBM study (24 reactions) finding that traditional human-speed governance is structurally failing for agentic AI. The IBM recommendation: governance controls have to be embedded directly into system architecture, not bolted on. By the time a human committee meets to review, the agent has already executed thousands of actions (Niyazov, LinkedIn, 8 June).

The Lineage Gap. The IBM finding is the empirical version of last issue’s governance-velocity warning. Human-speed processes were built for human-speed actors. Agents operate at machine speed; governance has to move at machine speed to keep up. The implication for architecture is concrete: the Five Questions answers have to be produced and recorded at every action, not at every review cycle. The platforms being designed today either embed this telemetry at the architectural layer or do not. The ones that do can be governed retroactively; the ones that do not cannot. There is no third path. The institutions choosing platforms now without asking the embedded-telemetry question are foreclosing their own future audit posture.

Boardroom Prompt. For every AI platform your institution adopts in the next two quarters, are governance controls embedded in the architecture — or layered on top by your team after deployment?

09 · Pradeep Sanyal: the Chief AI Officer role becomes real authority

The Signal. Pradeep Sanyal (36 reactions) argued the Chief AI Officer title is shifting from symbolic to structural. The early CAOs were corporate garnish — a press release, a charter, a quarterly slide. The next generation has real authority over budget, vendor selection, and architectural decisions. The shift is being driven by accountability pressure, not innovation pressure (Sanyal, LinkedIn, 6 June).

The Lineage Gap. The Chief AI Officer evolution is the organizational form of the verification debt conversation. Symbolic CAOs were appointed to demonstrate that the board took AI seriously. Structural CAOs are being appointed to ensure the board does not get sued. The difference is the reporting line. Symbolic CAOs reported to communications or innovation. Structural CAOs report to the CEO, sit on the operating committee, and own the budget that funds the governance program. The institutions making this transition now are reading the Kindervag signal from last issue — should CEOs be personally accountable? — and rationally moving the personal accountability one layer down. Kindervag would call that a feature, not a bug.

Boardroom Prompt. Does your Chief AI Officer have budget authority, vendor authority, and a direct reporting line to the CEO — or do they have a title and a presentation slot?

10 · Shobha Shah: boards review financials quarterly. AI deserves the same.

The Signal. Shobha Shah wrote (19 reactions) that most boards review financial performance every quarter — and almost none review AI performance with the same rigor. Her argument: AI now drives material business outcomes, regulatory risk, and reputational exposure that justify quarterly board-level review on value, risk, accountability, regulatory readiness, and governance effectiveness (Shah, LinkedIn, 10 June).

The Lineage Gap. The board oversight gap is now structural. AI investments are running at the same scale as M&A or capital programs, with less oversight than either. Shah is naming the simplest possible corrective: apply the existing board cadence to AI. Quarterly review. Five-domain scorecard. Named accountability. The institutions that adopt this practice in Q3 will be the ones whose proxy disclosures next spring read as defensible. The ones that do not will discover the question from a plaintiff’s counsel, an activist investor, or a credit rating downgrade. None of those discoveries are cheap.

Boardroom Prompt. At your last four board meetings, was AI on the agenda with the same depth as capital projects, M&A, or compensation — or was it a five-minute update from the CIO?

The Verification Debt Tracker

The 2×2 from From Artificial to Verified Intelligence. Signal counts this week, with direction vs. last issue.

All four quadrants held flat in signal count this week — but inside Adversarial Swarms the magnitude shifted dramatically. ServiceNow’s breach drew more engagement than any single signal we have tracked in this briefing. The plateau in the Agents & Workers quadrant tells its own story: the governance conversation is no longer accelerating — it is consolidating. Six signals a week, every week, all pointing at the same operational mechanisms. The conversation has reached the stage where the same answers are being arrived at, independently, by different practitioner communities. That is the moment a market standard starts to form.

Monday Morning

Three things to do next week.

01 · Price control into your next AI vendor evaluation. Add explicit weight in the procurement scorecard for verification posture: who can produce the reasoning chain, on what timeline, in what format. Make the answers a contract clause, not a vendor promise. The institutions that price control now set the market standard the laggards spend 2027 catching up to.

02 · Inventory your SaaS identity perimeter. ServiceNow was the platform-layer version of last week’s Meta hijack. Map every SaaS platform that holds identity, workflow, or transaction data. Score each on the Five Questions. The platforms scoring low are your next compliance conversation, your next breach disclosure, or both.

03 · Wire consumption controls into FinOps. Set a hard cap and a tiered approval gate for every consequential AI agent in your environment. Tokenmaxxing was the introduction; Healey’s consumption-cost framing is the conclusion. The control is technical; the policy belongs to the AI governance committee; the budget belongs to the CFO. All three need to ratify the same number.

The Reading Room

Three pieces worth your time this week.

• Lewis Walker — Accenture/CMU AI Maturity Model (LinkedIn, 11 June, 248 reactions). A 63-page reference that lets you benchmark enterprise AI maturity against a real framework. Useful for the board deck, the consulting engagement, and honest self-assessment.

• Alexandra C. — The AI reliability illusion (LinkedIn, 6 June). Makes the methodological case that benchmark-driven reliability estimates dramatically overstate real-world performance for autonomous workflows. The signal that lets your CRO ask better questions about vendor demo decks.

• Dhanasekhar D. — Agentic AI now has its protocol stack (LinkedIn, 11 June). Maps the emerging MCP/A2A/ACS layer cake that will become the production substrate for governed enterprise agents over the next 18 months. Read it before your platform team starts evaluating their roadmap.

Trust is expensive. So is its absence.

The Verified Intelligence Briefing is written by Steve Tout, Founder & CEO of Identient and author of The CISO on the Razor’s Edge. It draws from the curated Daily Signal corpus and the Verified Intelligence framework introduced in From Artificial to Verified Intelligence.

If this issue clarified something for you, forward it to one colleague who owns part of the control plane. New here? Subscribe to get The Briefing every Friday morning.

Subscribe now

Reply or comment with the question you’d want answered in next week’s issue — your prompt may become Boardroom Prompt #1.

Connect with Steve: LinkedIn · identient.com · stevetout.com

Share

The weekly read on verification debt — for leaders who own the control plane.

The Pattern

Last week, three different parts of the verification system stepped back. This week, the security community took the agent identity question back from the AI labs — and renamed it.

Multiple major voices converged on the same frame inside seven days. Gartner’s Neil MacDonald wrote that AI agents are software, not human-like entities, and should be secured with Zero Trust controls. Anthropic published a thirty-five-page Zero Trust framework for AI agents. The White House signed an executive order pointing in the same direction. Microsoft launched Agent 365 — and the Gartner take was that even Microsoft needs platform-agnostic security layered on top. John Kindervag, who originated Zero Trust at Forrester, opened a public debate on personal CEO accountability for cyberattacks.

And in the background, a Meta AI support agent was hijacked into resetting customer account credentials. The verification debt came due — again — in operational form.

The pattern: the security and governance communities just collectively renamed the AI agent problem. It is not an AI safety problem. It is an identity and privilege problem — and Zero Trust is the framework that already exists to solve it.

This matters because Zero Trust gives the Five Questions a runtime enforcement model. Who authorized it? becomes continuous verification, not one-time provisioning. Who can revoke it? becomes least-privilege scoping, not an emergency runbook. Who is it economically aligned to? becomes the trust chain that the policy engine evaluates on every call. The labs talk about alignment. The security community talks about identity. This week, those two conversations started speaking the same language.

Thesis. Zero Trust is the missing layer that makes the Five Questions enforceable at runtime. The institutions that already operate a Zero Trust posture get the AI agent governance work mostly for free. The ones still running perimeter-based identity will pay for it twice.

The Signals

01 · A Meta AI support agent was hijacked into resetting customer credentials

The Signal. Jim Reavis surfaced a Meta incident in which an AI-powered helpdesk agent was tricked into resetting customer account credentials. The takeaway: AI support agents with account-changing powers are not chatbots. They are privileged actors in the identity system, and they need to be governed as such (Reavis, LinkedIn, 3 June).

The Lineage Gap. The Five Questions break exactly here, every time. Who created this agent? Meta. Who trained it? Meta. Who authorized it to reset account credentials? Almost certainly no one had to sign off in a way an audit could discover. Who can revoke that capability? Engineering, eventually. Who is it economically aligned to? Meta — not the customer whose account just changed hands. The agent crossed the line from automation to privileged access without any of the governance that line normally requires. Every enterprise running an “AI helpdesk” or “AI customer service” agent has the same gap, with smaller scale but identical structure. The Meta event is the canary.

Boardroom Prompt. For every AI agent in your customer-facing channels, what would it take, today, to convince it to reset a customer account?

02 · Gartner: AI agents are software. Govern them with Zero Trust.

The Signal. Neil MacDonald at Gartner wrote (87 reactions) that AI agents are not human-like entities. They are software. The right frame for governing them is the one the security community already has: Zero Trust. Continuous verification, least privilege, assume breach (MacDonald, LinkedIn, 2 June).

The Lineage Gap. MacDonald’s framing collapses a category mistake that has cost the AI governance conversation eighteen months. “AI safety,” “AI ethics,” “AI alignment” — these are valuable concepts, but they treat the agent as something exotic that needs new rules. Zero Trust treats it as what it is: a piece of software with an identity, a scope, and a privilege envelope. The Four Pillars of Verified Intelligence map onto Zero Trust principles cleanly. Grounding becomes “verify before trust.” Scope becomes least privilege. Provenance becomes the audit log Zero Trust already requires. Drift awareness becomes the continuous re-verification at every call. Institutions that already operate Zero Trust have most of the runtime substrate they need. Institutions that abandoned Zero Trust because “agentic AI is too novel” — see SR 26-2 — just made the problem twice as hard.

Boardroom Prompt. Does your current Zero Trust architecture treat AI agents as first-class identities — or are they exempted by category, like the regulator just did?

03 · Anthropic published a thirty-five-page Zero Trust framework for AI agents

The Signal. Bill Lewis flagged Anthropic’s thirty-five-page Zero Trust framework for AI agents, published this week (Lewis, LinkedIn, 1 June). The publication is significant because it comes from a frontier AI lab — and it concedes, in essence, that the model’s safety controls are not enough. The deployment context needs its own framework.

The Lineage Gap. The model labs and the security community have been talking past each other for two years. The labs published responsible scaling policies and constitutional AI papers. The security community kept saying where is the identity story. This week, Anthropic met the security community in its own language. Thirty-five pages of Zero Trust principles applied to agents is not a hedge — it is a recognition that the model’s own controls are insufficient at the deployment layer. The implication: when a frontier lab publishes Zero Trust guidance for its own agents, every CISO has the cover to require the same posture for every vendor agent operating inside their environment. The vendor cannot now claim that model-level safety obviates customer-level identity governance.

Boardroom Prompt. The next time a vendor tells you their AI is “safe by design,” will you accept that as a substitute for your own Zero Trust posture — or require both?

04 · The White House executive order points in the same direction

The Signal. Art Gilliland wrote that the White House’s executive order on AI security gets one critical point right: AI agents create new identity and trust risks that require governance, accountability, and collaboration — not just compliance checkboxes (Gilliland, LinkedIn, 2 June, 47 reactions).

The Lineage Gap. The executive order is the political-layer signal catching up to the practitioner-layer signal. When the security community, the model labs, and the executive branch all start saying the same thing in the same week, the conversation has crossed a threshold. The remaining gap is the implementation layer — what does Zero Trust for AI agents actually look like in a production enterprise? That is still being written, mostly outside of regulation, by the institutions that already had the substrate. The institutions that did not will spend the rest of 2026 reading framework documents. The ones that did will spend the same six months deploying. The gap between those two will become a competitive moat by Q1 2027.

Boardroom Prompt. Are you reading the AI security framework documents, or implementing them — and what is the gap between those two activities in your organization right now?

05 · Microsoft launched Agent 365. Gartner’s take: it still needs platform-agnostic security.

The Signal. Avivah Litan at Gartner (95 reactions) wrote that Microsoft Agent 365 demonstrates a meaningful shift in Microsoft’s AI security priorities — and that platform-agnostic, independent security still needs to be layered on top. The implication: even the hyperscalers concede that the platform owner cannot be the platform’s sole governance authority (Litan, LinkedIn, 29 May).

The Lineage Gap. Microsoft’s announcement and Litan’s response together describe the new vendor-customer split. The vendor builds AI security primitives at the platform layer. The customer owns the verification posture that sits above them. Five Questions remain a customer-side discipline: Who authorized this agent? Who can revoke it? Who is it economically aligned to? The platform can answer some of these. It cannot answer all of them, because the trust chain ends at the customer’s data, the customer’s regulator, and the customer’s signature. Institutions reading Litan’s response as a compliment to Microsoft are missing the structural point. Litan is naming that the customer’s verification debt is not transferable, even to a four-trillion-dollar vendor.

Boardroom Prompt. For every AI capability your hyperscaler delivers to you next quarter, who in your organization owns the verification posture that sits above it?

06 · The originator of Zero Trust raised the personal accountability question

The Signal. John Kindervag, who created Zero Trust at Forrester, opened a public debate this week (69 reactions) on whether CEOs should be held personally accountable for cyberattacks when known risks are ignored (Kindervag, LinkedIn, 3 June). The framing matters: when the inventor of the framework starts talking about personal CEO accountability, the conversation is moving from “best practice” to “fiduciary.”

The Lineage Gap. Personal accountability is the lever that converts AI governance from a CISO problem into a CEO problem. Last issue’s Gabriel Millien signal — “your AI security program is a CEO problem dressed up as a security checklist” — arrived at the same point from inside the program. Kindervag is now naming the legal and reputational dimension. The institutions that already wired personal accountability into the AI governance charter — typically through a named Chief AI Risk Officer reporting to the board, not the CIO — are buying themselves the structural answer Kindervag is asking for. The ones that haven’t will discover the question in a deposition.

Boardroom Prompt. If a regulator or plaintiff asked tomorrow which named officer in your institution is personally accountable for AI governance, would the answer be one person — or three people pointing at each other?

07 · Tony Seale: enterprise AI needs network-shaped data, not box-shaped warehouses

The Signal. Tony Seale’s piece (371 reactions, the week’s highest) argued that enterprise AI needs network-shaped data models — knowledge graphs and semantic context — not box-shaped data warehouses. The reasoning: AI agents need to know how facts relate, not just where facts live (Seale, LinkedIn, 29 May).

The Lineage Gap. Seale is naming the substrate problem underneath the Zero Trust conversation. Zero Trust works only if the policy engine has the context to make a verification decision. A box-shaped warehouse gives you a data row. A network-shaped model gives you the relationship — who connects to what, why it matters, what would change if it shifted. Without the relationship layer, every agent action looks the same to the policy engine. With it, the engine can distinguish “this employee querying their own salary” from “this agent acting on behalf of an employee, querying the salary of an executive in a different jurisdiction.” Grounding is a data-structure problem, not a model problem. Most enterprises do not yet have the substrate that makes verification computable.

Boardroom Prompt. When your AI agent makes a decision, can your policy engine evaluate the relationships around that decision — or only the data points inside it?

08 · McKinsey: AI is outpacing the operating model of leadership teams

The Signal. Carolyn Dewar of McKinsey (47 reactions) wrote that AI is outpacing the operating model of leadership teams — particularly in decision-making cadence, cross-functional alignment, and execution speed (Dewar, LinkedIn, 3 June). Technology adoption is running ahead of the C-suite’s ability to govern it.

The Lineage Gap. Dewar is describing the organizational version of cognitive surrender from Issue 02. The C-suite is letting the AI adoption curve outrun the meeting cadence, the decision rights, and the cross-functional plumbing that would let them govern it. The Five Questions are a CEO governance asset, but they require a forum that meets often enough to ask them. Most institutions have a quarterly AI steering committee for technology moving on a weekly cadence. By the time the committee meets, the agent that should have been escalated has already shipped, the contract that should have been reviewed has already been signed, and the regulator has read the press release. Governance velocity is now a board-level competency.

Boardroom Prompt. How frequently does your leadership team meet on AI governance — and how does that compare to the deployment velocity of the systems they are supposed to be governing?

09 · Andy ThurAI named “tokenmaxxing” — and the bankruptcy adjacent to it

The Signal. Andy ThurAI coined a useful term this week. “Tokenmaxxing” — the enterprise behavior of consuming AI compute at runaway rates without spending controls. He argued that an enterprise is one unmonitored episode away from bankruptcy-grade exposure (ThurAI, LinkedIn, 30 May, 20 reactions).

The Lineage Gap. The economic dimension of Zero Trust is the one most enterprises haven’t built yet. Continuous verification is meaningless if continuous spending is not also bounded. The Five Questions need an economic-alignment answer at runtime, not just at provisioning. Who is it economically aligned to? is the question that becomes a budget control, a rate limiter, an approval gate at a defined threshold. ThurAI’s bankruptcy framing is dramatic but not wrong. A misbehaving agent looping on a high-token-cost API can produce a six-figure invoice in a weekend. Most enterprise FinOps tooling does not yet have AI-specific controls. The institutions that build them before Q3 budgets reset will be the ones whose CFO is not personally explaining a variance to the audit committee.

Boardroom Prompt. What is the maximum amount your most expensive AI agent could spend, autonomously, over a 72-hour weekend with no human in the loop — and where is that number set?

10 · Gartner: uniform AI agent governance will cause enterprise failures by 2027

The Signal. Nathaniel Niyazov surfaced a Gartner warning that uniform AI agent governance will cause enterprise failures by 2027. The Gartner recommendation: proportional controls based on autonomy and risk, not one-size-fits-all policies (Niyazov, LinkedIn, 29 May, 16 reactions).

The Lineage Gap. The natural endpoint of the Zero Trust frame is proportional governance. Not every agent needs the same authority chain, the same revocation latency, the same audit detail. A research assistant answering questions from public web data does not need the same governance as a treasury agent moving funds. Uniform policies feel safer but fail more often, because they create either too much friction for low-risk work or too little control for high-risk work. The institutions that segment their agent inventory by risk tier — and apply Zero Trust controls proportionally — will be the ones whose security team is still functioning in 2027. The ones running uniform policies will lose their best practitioners to burnout first.

Boardroom Prompt. How many risk tiers does your AI agent inventory have today — and what is the proportional control framework attached to each?

The Verification Debt Tracker

The 2×2 from From Artificial to Verified Intelligence. Signal counts this week, with direction vs. last issue.

The Operational / Governed quadrant stayed at 6 — but every one of those signals converged on the same frame this week, which makes the qualitative density higher than the count suggests. The Operational / Feral quadrant rose again as the Meta hijack, the tokenmaxxing bankruptcy framing, and the McKinsey governance-velocity warning all landed inside seven days. The pattern that began with SR 26-2 last week — feral operational AI accumulating — is now being met by an equally fast governance response. Watch both bars climb together through Q3.

Monday Morning

Three things to do next week.

01 · Inventory your AI agents as identities. Stop treating them as features inside applications. Every agent gets a name, an owner, a scope, an authority chain, and a revocation path. If you cannot draw the directed graph of human → agent → action → resource for your top ten agents, you do not yet have AI governance. You have configuration drift.

02 · Set a spending guardrail on every agent. Hard cap. Rate limit. Approval gate above a threshold. Tokenmaxxing is a CFO problem before it becomes a CISO problem. The control belongs in FinOps; the policy belongs to the AI governance committee. Wire them together this week.

03 · Read Anthropic’s Zero Trust framework. Thirty-five pages, published this week. It is the document your CISO will be asked about in the next board meeting. The institutions whose CISO can summarize it in three points are the ones whose board will sleep through Q3. The rest will spend Q3 catching up.

The Reading Room

Three pieces worth your time this week.

• Michael Lee — AI strategy frameworks are free; the discipline is not (LinkedIn, 5 June, 96 reactions). Public frameworks from BCG, Gartner, Bain, McKinsey, and NIST matter less than the disciplined decision architecture that embeds them into operating systems and capital allocation. The companion read to this week’s Pattern.

• Khwaja Shaik — Stakeholder fluency as defining boardroom competency (LinkedIn, 2 June). Boards now need fluency across customers, employees, regulators, communities, and investors. AI raises the stakeholder count, not just the technology stakes.

• Tim Rains — The AI boom is creating an explosion of new APIs (LinkedIn, 2 June, 28 reactions). Every AI agent is an API consumer; every API is a privilege boundary. Verification debt and attack surface have a common substrate, and most enterprises have inventoried neither.

Trust is expensive. So is its absence.

The Verified Intelligence Briefing is written by Steve Tout, Founder & CEO of Identient and author of The CISO on the Razor’s Edge. It draws from the curated Daily Signal corpus and the Verified Intelligence framework introduced in From Artificial to Verified Intelligence.

If this issue clarified something for you, forward it to one colleague who owns part of the control plane. New here? Subscribe to get The Briefing every Friday morning.

Subscribe now

Reply or comment with the question you’d want answered in next week’s issue — your prompt may become Boardroom Prompt #1.

Connect with Steve: LinkedIn · identient.com · stevetout.com

Share

The weekly read on verification debt — for leaders who own the control plane.

The Pattern

This was the week three different parts of the verification system quietly stepped back at the same time.

The Federal Reserve, FDIC, and OCC replaced the bedrock SR 11-7 model risk guidance with SR 26-2 in April 2026. Buried in the text: generative AI and agentic AI are “too novel and rapidly evolving” — meaning they are explicitly carved out of the framework. Banks operating these systems no longer have specific federal model-risk guidance. The regulator stepped out.

Wharton researchers published a 1,372-person, 9,593-trial study that named the cognitive mechanism behind invisible verification debt. When AI was right, performance jumped 25 points. When it was wrong, performance fell 15 points below baseline — because people stopped checking. They called it cognitive surrender. The human stopped verifying.

And the Big Four quietly published the numbers. PwC has deployed 250+ internal agents. EY built 50,000 agents in nine months. IBM reports $4.5 billion in productivity gains. Accenture is shipping toward 100+ industry agent solutions by year-end. The Big Four scaled past the point where any individual control can catch a bad output. The institutional control stepped back.

The pattern: the verification layer that was supposed to catch the debt is disengaging — by exemption, by surrender, and by scale.

Last week the briefing’s thesis was that verification debt was migrating from the model layer to the contract layer. This week sharpens the picture. Verification debt isn’t just migrating — the actors who were supposed to hold the audit chain accountable are letting go of it. The regulator says it’s too new. The human says it’s too good. The Big Four say it’s too operational to slow down.

Thesis. Three retreats. One implication. The institutions that build their own verification infrastructure now will be the only ones holding the chain when it matters.

The Signals

01 · The Fed, FDIC, and OCC quietly exempted agentic AI from model risk guidance

The Signal. Alexandra C. surfaced a development that ran with under a hundred reactions but reshapes federal AI oversight in banking. SR 26-2, which replaced SR 11-7 in April 2026, explicitly states that generative and agentic AI models are “too novel and rapidly evolving” — and carves them out of the framework (Alexandra C., LinkedIn, 24 May, 36 reactions).

The Lineage Gap. This is the most consequential signal of the week. SR 11-7 governed every model-risk decision in U.S. banking for over a decade. SR 26-2 governs everything except the systems carrying the most risk. The Five Questions don’t disappear with the regulation — Who created it? Who trained it? Who authorized it? Who can revoke it? Who is it economically aligned to? — they migrate from “regulatory documentation requirement” to “institutional self-imposed standard.” That standard now belongs to the chief risk officer alone, with no anchor in federal guidance to defend it when the audit committee asks why their bank is more conservative than the rule requires.

Boardroom Prompt. Who in your institution is responsible for governing the AI systems your federal regulator just declined to govern?

02 · Wharton named cognitive surrender — the mechanism behind invisible verification debt

The Signal. Wharton researchers published a study of 1,372 participants across 9,593 reasoning trials. When AI was right, performance jumped 25 points. When AI was wrong, performance fell 15 points below baseline — because people stopped checking (Lee, LinkedIn, 28 May, 140 reactions). The researchers called it cognitive surrender.

The Lineage Gap. “Human in the loop” was supposed to be the firebreak. Wharton just proved the firebreak burns down quietly when AI is confident. The Four Pillars say verification needs grounding, scope, provenance, and drift awareness — but those pillars only operate if a human is actively interrogating the output. Cognitive surrender means the human stops asking. The implication for governance is structural: requiring “human review” as a control is meaningless unless the human is materially incentivized to disagree. Most organizations measure their human reviewers on throughput. Cognitive surrender makes throughput easy and verification rare.

Boardroom Prompt. Are the humans in your AI loop incentivized to catch the AI’s errors, or to clear the queue?

03 · The Big Four turned internal agents into a repeatable business

The Signal. Guillermo Flor published the numbers underneath last week’s KPMG-Anthropic headline. PwC has deployed 250+ agents internally. EY built 50,000 agents in nine months. IBM reports $4.5 billion in productivity gains. Accenture is shipping toward 100+ industry agent solutions by year-end (Flor, LinkedIn, 25 May).

The Lineage Gap. Last week’s KPMG-Anthropic alliance was the marquee event. This week’s numbers are the rest of the playbook. The Big Four have moved past pilots into productized internal agent deployment — and the client-side implications haven’t caught up. When a Big Four engagement uses one of fifty thousand internal agents to produce work product the client signs, the chain of provenance crosses the same three corporate boundaries we mapped last week. The Five Questions break in the same places. The difference this week is scale. At 50,000 agents, no individual reviewer catches the bad output. Only the system can — and the client doesn’t operate the system.

Boardroom Prompt. When your Big Four advisor deploys 50,000 internal agents and one of them produces work you’ll sign, what control do you have that the institution still does?

04 · Microsoft is repricing its own AI consumption

The Signal. Dr. Dinesh Chandrasekar’s piece (1,026 reactions, the week’s highest) argued that Microsoft — the company that anchored the AI gold rush — is cutting back internal Claude Code adoption because token economics are starting to hurt. Employees are reportedly being moved back toward GitHub Copilot. The article points at unit economics, Copilot adoption gaps, and dependency on OpenAI as cracks in the position (Chandrasekar, LinkedIn, 24 May).

The Lineage Gap. The concentration we’ve been tracking is not a stable equilibrium. When even Microsoft is rationing how much frontier AI it uses internally, the institutions further down the food chain — banks, retailers, healthcare systems — are about to encounter the same conversation. Verification debt looks different when model usage gets tiered: which decisions get the expensive model, which get the cheaper one, and what controls travel with each. Most enterprises haven’t built that tiering yet. They have flat AI policies. Token economics is about to force the question, and the answer will become a board-level conversation in Q3.

Boardroom Prompt. When your finance team caps AI spend next quarter, which decisions in your business lose access to the verified model — and who decides?

05 · 88% of executives are investing in AI. 6% are changing the operating model.

The Signal. Alex Barády surfaced the statistic that crystallizes the year’s strategy-execution gap. 88% of executives are investing in AI. Only 6% are changing their operating model. The corollary drawn from multiple consulting reports: layering AI over legacy operations delivers marginal improvement; AI inside redesigned operations delivers transformation (Barády, LinkedIn, 25 May, 388 reactions).

The Lineage Gap. The 88/6 spread is verification debt expressed as a financial position. The 88% have purchased AI capability without redesigning the lineage chain that runs through it. They will report activity to the board for two more quarters before a regulator, a customer, or a partner makes them produce evidence. The 6% are doing the harder work of designing the operating layer underneath: who owns the data, who authorizes the agent, who reviews the output, who escalates the exception. That layer is what makes the Five Questions answerable. Without it, the institution is buying AI capability and inheriting AI exposure on the same purchase order.

Boardroom Prompt. Of every dollar your institution has committed to AI this year, what percentage went to redesigning the operating model — and what percentage went to buying tools?

06 · Forward Deployed Engineer is the most contested role in AI

The Signal. Andreas Horn’s piece (601 reactions, second-highest of the week) wrote that Forward Deployed Engineer is the most contested role in AI right now. Palantir invented the term. OpenAI, Anthropic, Google, Microsoft, AWS, Databricks, Salesforce, and Scale are hiring hundreds. OpenAI mid-level packages: $520K–$780K base. The role exists because the model alone does not work in production (Horn, LinkedIn, 27 May).

The Lineage Gap. The labor market is telling the truth the strategy decks are still working around. The model is the easy part. Getting the model to produce defensible output in a specific enterprise context — that requires a person whose job is to wire grounding, scope, provenance, and drift awareness into the deployment. Forward Deployed Engineers are the Four Pillars expressed as headcount. The institutions that hire them inside (not just rent them from the model provider) keep the verification capability in-house. The institutions that don’t will pay $780K to a vendor employee for every consequential AI workflow they deploy — and they will not own the audit trail when that engineer rotates off the account.

Boardroom Prompt. For every consequential AI deployment in your organization, who inside the institution owns the deployment context — and what is their reporting line?

07 · Your agent isn’t the model. It’s the harness around it.

The Signal. Brij Kishore Pandey (221 reactions) made the architectural case for why agent quality lives outside the model. Two teams using the same Claude, OpenAI, or Gemini — one ships an agent that runs for hours; the other crashes on turn three. The difference is the harness: orchestration, memory, retrieval, tools, guardrails, evaluation, error handling, observability (Pandey, LinkedIn, 26 May).

The Lineage Gap. Pandey’s harness is the same architectural truth Forward Deployed Engineers represent in the labor market. The model is interchangeable. The harness is not. And the harness is where verification lives — every Five Questions answer is implemented in a harness component, not in the model. Who authorized it? is policy enforcement in the harness. Who can revoke it? is the kill switch in the harness. Who is it economically aligned to? is the routing logic in the harness. Institutions that buy “an AI” are buying a model. Institutions that govern AI are building a harness. The first costs money. The second creates the audit trail.

Boardroom Prompt. When you tell the board your institution has deployed AI, are you describing the model — or the harness around it?

08 · The real risk in AI agents is not capability. It is control.

The Signal. Rakesh Gohel’s piece (519 reactions) argued the governing question for enterprise AI agents is no longer whether they can perform tasks — it is whether they can do so reliably, safely, and within defined business boundaries. He laid out five board-level control domains: data governance, model risk management, identity and access, observability, and lifecycle management (Gohel, LinkedIn, 25 May).

The Lineage Gap. Gohel’s five control domains read as the same framework this briefing is built on, articulated from a different angle. Data governance is grounding. Identity and access is the runtime “who-authorized-it” layer. Observability is provenance — the trace of what happened. Lifecycle management is drift awareness over time. Model risk management is what SR 11-7 used to require and SR 26-2 just stopped requiring for the riskiest systems. The five domains will become the de facto standard for enterprise AI governance over the next 18 months. The institutions that build them now beat the regulator that eventually mandates them — and they avoid the question of which regulator will mandate them first.

Boardroom Prompt. If your audit committee asked tomorrow to see your maturity score across data governance, identity, observability, model risk, and lifecycle — what number would you put on each?

09 · Okta validated AI agent identity. It shipped half the category.

The Signal. Martin Gee wrote that Okta’s AI agent identity announcement validated the entire category and shipped only half of it. The Okta + Anthropic announcement — ISPM for Claude, Okta for AI Agents, MCP Bridge — treats token issuance as delegation. It isn’t. A scoped token tells you what an agent could do at the perimeter; it doesn’t tell you who delegated that authority, at what scope, for what task, or for how long (Gee, LinkedIn, 26 May).

The Lineage Gap. This is the direct extension of last week’s Okta signal. The major IAM incumbent named the right category — agents need identity. But there is a runtime authority layer underneath identity that the announcement does not address. The distinction matters: identity tells you who an agent is; authority tells you what that agent has the right to do, right now, in this context, on whose behalf. Without runtime authority governance, every Okta-authenticated agent looks identical to the policy engine. The Five Questions need authority answers, not just identity answers. Identity is where the perimeter ends. Authority is where lineage begins.

Boardroom Prompt. For every AI agent operating in your environment, do you log who delegated its authority — or just whose token authenticated it?

10 · The Marine Corps just made AI literacy mandatory across the force

The Signal. The U.S. Marine Corps announced in May 2026 that all active duty and reserve Marines must complete a foundational AI course by the end of the year. The objective: not technical specialization, but shared operational understanding, common vocabulary, and ethical deployment at scale (Hawking, LinkedIn, 25 May, 54 reactions).

The Lineage Gap. The Marines understand something most enterprises still don’t: governance fails when the people inside the institution don’t share a vocabulary. You cannot enforce the Five Questions across a workforce that does not know they exist. You cannot operationalize the Four Pillars across teams that interpret each pillar differently. AI literacy isn’t an HR initiative — it is the precondition for governance at scale. The institutions that fund mandatory AI literacy across their workforce now are buying themselves the substrate every other control sits on top of. The ones that don’t will keep treating governance as a checklist the rest of the organization quietly ignores.

Boardroom Prompt. What percentage of your workforce can explain to your audit committee what verification debt is and why it matters?

The Verification Debt Tracker

The 2×2 from From Artificial to Verified Intelligence. Signal counts this week, with direction vs. last issue.

The Operational / Governed quadrant kept heating as the infrastructure response crystallized — Forward Deployed Engineers, the harness conversation, Gohel’s five controls, Martin Gee’s runtime authority argument. The Operational / Feral quadrant jumped sharply on the back of one signal that matters more than its reaction count: SR 26-2 quietly carved generative and agentic AI out of federal banking model-risk guidance. Watch that quadrant climb through Q3 as the implications surface in compliance roadmaps and rating-agency conversations.

Monday Morning

Three things to do next week.

01 · Audit your model-risk framework against SR 26-2. Federal guidance just stopped covering your most consequential AI systems. The institutions that document their own governance posture before a regulator asks will define the standard the regulator eventually adopts. Start with your highest-risk agentic workflow and write the documentation as if the rule still applied.

02 · Build a verification-incentive review for every human-in-the-loop control. Wharton just proved that asking humans to verify AI without rewarding disagreement makes the control invisible. Change one human-AI workflow this week so reviewers are measured on catches, not throughput. If the reviewer never disagrees, the control isn’t a control.

03 · Inventory your harness. Not your models. Not your vendors. The harness — orchestration, retrieval, identity, observability, policy enforcement, evaluation. If you cannot draw it on a whiteboard for your most consequential AI deployment, you don’t yet have a deployment. You have a demo with executive sponsorship.

The Reading Room

Three pieces worth your time this week.

• David Roldán Martínez — Enterprise AI Playbook (LinkedIn, 28 May, 45 reactions). Stanford Digital Economy Lab finding that 42% of foundation-model deployments are interchangeable and 77% of the hardest enterprise AI problems are organizational. The empirical foundation underneath this week’s pattern.

• Pat Gelsinger — On Chris Olah, Pope Leo XIV, and AI and human dignity (LinkedIn, 28 May, 81 reactions). Continuation of last week’s signal of AI as a layer of influence — now with the Vatican publishing an encyclical and Anthropic’s co-founder responding to it. The moral framework underneath the governance one.

• Alexandra C. — Distributed AI governance in the United States (LinkedIn, 28 May, 15 reactions). Maps the six overlapping layers of U.S. AI regulatory architecture — sectoral, state, common-law, executive, agency, and standards. Read this if you have ever told your board “the U.S. has no AI law.” It has six.

Trust is expensive. So is its absence.

The Verified Intelligence Briefing is written by Steve Tout, Founder & CEO of Identient and author of The CISO on the Razor’s Edge. It draws from the curated Daily Signal corpus and the Verified Intelligence framework introduced in From Artificial to Verified Intelligence.

If this issue clarified something for you, forward it to one colleague who owns part of the control plane. New here? Subscribe to get The Briefing every Friday morning.

Subscribe now

Reply or comment with the question you’d want answered in next week’s issue — your prompt may become Boardroom Prompt #1.

Connect with Steve: LinkedIn · identient.com · stevetout.com

For twenty years, enterprise identity has been a two-question system. Who are you? What can you do? AuthN and AuthZ — designed for the world where a human sits at a terminal, signs in, and clicks. That world is ending.

When an AI agent acts, the questions that mattered for humans are no longer sufficient. A token can prove which credential made the call. It cannot prove who is responsible for the action that followed. In a fleet of autonomous agents that chain tools, re-plan, and execute overnight on behalf of people and organizations, the gap between authenticated and accountable is the place where consequence lives.

Today I’m publishing AuthR v0.1 — Authorship Representation — as an open protocol for closing that gap.

GitHub: github.com/identient/authr

Interactive playground: playground.identient.com

The working paper, the v0.1 specification, the JSON Schema, and a runnable Python reference implementation are all live. The playground lets you mint a root authorship record, extend it to a sub-agent, watch the scope narrow, and watch the verifier reject a scope-widening attempt — sixty seconds, no install.

The problem, concretely

A CFO authorizes a $250K supplier payment. Her verified digital twin passes the work to a treasury orchestrator agent. The orchestrator delegates validation to a narrower sub-agent. The sub-agent is prompt-injected and tries to escalate to wire.cancel. The wire service is about to execute.

Under OAuth’s On-Behalf-Of pattern alone, the wire service has no structural way to know the original authorization didn’t include cancel. The token validates. The access claim is intact. The damage is reconstructed at the audit-log level, three weeks later.

Under AuthR, the verifier rejects the attempt before the request reaches the wire service. Scope attenuation is monotonic and structural — a child’s scope MUST be a strict subset of its parent’s, enforced at every hop, in every conformant implementation. Authorship is preserved across the chain. Intent travels with the work. Provenance is signed end to end.

This is not a feature added to OAuth. It is a third pillar sitting alongside it:

• AuthN asks who are you.

• AuthZ asks what can you do.

• AuthR asks who is responsible for what was done.

What’s in v0.1

Six primitives — Author, Actor, Intent, Scope, Provenance, Drift. Three operations — issue, extend, verify. Six invariants every chain must satisfy. A three-plane architecture (Control, Execution, Enforcement) that separates issuance from execution from enforcement, so a compromised agent cannot widen its own authority no matter how its prompt evolves at runtime.

The reference implementation is in Python with Ed25519 signatures and canonical JSON. The protocol is designed to sit above existing identity standards — OAuth tokens, SAML assertions, SPIFFE workload IDs, W3C Verifiable Credentials — not replace any of them. The work to do is integration, not migration.

What v0.1 is, and isn’t

v0.1 is deliberately a draft. The point of publishing this early is to put a concrete enough artifact in front of practitioners, security architects, and standards-body veterans that they will argue with it. The fastest way to help AuthR is to argue with it. The next fastest is to break it.

Specific contributions wanted: ports to C#/.NET, TypeScript, Go, and Rust; adversarial reviews of the threat model; use case proposals from teams building agentic systems in production; feedback from CoSAI, OpenID Foundation, W3C, and CNCF veterans on the standards-track path.

Acknowledgments

Two people sharpened this version of the work in ways that show in the protocol itself.

Paul Chapman (VP Business Strategy, Cisco; former CIO, Box) for the executive-level conversation that clarified what auditability has to look like when employees are no longer the only actors in the system — and what happens to enterprise operating models when one human is supervising a hundred agents instead of a hundred employees.

Eve Maler (co-inventor of SAML; longtime steward of identity standards, and founder of Venn Factory) for the engaging conversations and constructive feedback across both AuthR and the broader Verified Intelligence work it sits inside. Eve has been a tireless champion for open standards her entire career; her early conviction that AuthR mattered specifically for agent governance gave me the confidence to push this version of the work into public form.

I’ve been writing toward this protocol for months. The Death of Identity as We Know It in CIO was the framing of the problem. From AI to Verified Intelligence on identient.com was the framing of the operating model that runs on top of it. AuthR is the protocol that makes both possible.

If you’re building in this space, or evaluating where to place a bet, the repository is the artifact. Read it, run it, file an issue with what’s wrong.

Trust is expensive. So is its absence.

— Steve

Connect with me on: LinkedIn · identient.com · stevetout.com

👉 As a bonus, my latest piece for CIO Online, The Death of Identity as we Know It, is available here.

Subscribe now

Share

Welcome to The Verified Intelligence Briefing

Every Friday, this newsletter does one thing.

It reads the week through a single lens — verification debt, the gap between how fast AI generates intelligence and how fast your organization can verify it — and reports back what changed.

That gap is the most important number on your balance sheet that nobody is measuring. It compounds quietly while AI is being demoed, piloted, and embedded into work product. It surfaces loudly when a regulator, insurer, or partner asks a question the contract was never built to answer.

The reason for a weekly is simple. Daily AI news is signal-poor. Most of it is noise about the next model, the next benchmark, the next funding round. The pattern — the slow accumulation of unverified dependencies, the migration of governance gaps from one layer of the stack to the next, the moment a regulator catches up — only becomes visible across a week of signals read together. That is what this briefing is for.

Each issue gives you five things in the same order.

1. The Pattern. One thesis on what the week meant, in 250 words. Read this if you read nothing else.

2. The Signals. Ten numbered items. Each with The Signal (the fact), The Lineage Gap (where the verification debt is hiding), and The Boardroom Prompt (the question to bring to your next meeting).

3. The Verification Debt Tracker. The taxonomy from From Artificial to Verified Intelligence, scored against this week’s signals. A visual you can show your board.

4. Monday Morning. Three things to do next week. Always three. Always actionable.

5. The Reading Room. Three pieces from named operators worth your time.

This briefing is written for the people who own the control plane — CIOs, CISOs, CTOs, CFOs, and CEOs whose signature is on the AI decisions their institutions cannot yet fully trace. If you are responsible for an outcome that an AI helped produce, this is for you.

Issue 01 starts now.

The Pattern

Three things converged this week, and the shape they made together was unmistakable.

A Big Four firm embedded a frontier AI provider directly into its client delivery platform. A different Big Four firm — same playbook, different week — pulled a published report after AI hallucinations made it into the footnotes. And a community bank in regulated industry filed an 8-K with the SEC because an employee uploaded customer Social Security numbers to an unauthorized AI chatbot.

Three different stories. One pattern. All three are what verification debt looks like when it stops being theoretical and starts being filed, retracted, or signed.

This is what concentration looks like in practice. When a global advisory firm builds AI into work product, the institution carrying the regulatory liability inherits a reasoning chain that crosses three corporate boundaries before it reaches the model. ISO certifications cover the vendor’s obligations, not yours. Indemnification clauses dispute the bill, not the breach. And the audit committee asks a question — how was this decision reached? — that the vendor contract was never built to answer.

The week’s signals point at the same gap from different angles. The EU published draft guidelines that turn the verification question into a regulatory one. Pat Gelsinger framed AI as a layer of influence requiring guardrails for human flourishing. Carolyn Healey told boards to stop measuring tasks and start designing for org maturity. Gabriel Millien told them their AI security problem is a CEO problem dressed as a CISO checklist. Identity vendors announced product lines for agent attribution. Governance vendors announced runtime controls for agent swarms.

The pattern: verification debt is migrating from the model layer to the contract layer, and most organizations will not discover the exposure until a regulator, insurer, or partner surfaces it under pressure.

Thesis. The vendors are consolidating. The lineage is fragmenting. The institution holding the audit risk is the one organization not at the table when those two trends compound.

The Signals

01 · Anthropic and KPMG sign a global alliance

The Signal. Anthropic and KPMG announced a global alliance this week, embedding Claude directly into KPMG’s client delivery platform across the firm’s 276,000+ employees (Flor, LinkedIn, 19 May). The deal extends Claude into audit, tax, and advisory workflows that increasingly become signed work product delivered to institutional clients.

The Lineage Gap. Five questions, three breaking. Who trained it? — KPMG didn’t; Anthropic did. Who authorized it? — KPMG procurement, but the client signs the audit. Who is it economically aligned to? — neither the institution carrying the regulatory liability nor the regulator who will eventually ask. When the audit committee wants to know how a conclusion was reached, the chain of provenance crosses three corporate boundaries before it touches the model. That chain is currently a contract. It is not yet a control. The first time a regulator subpoenas reasoning logs from a Big Four AI-assisted engagement will be the moment this market changes shape.

Boardroom Prompt. When your Big Four advisor uses AI to produce work product you’ll sign, who holds the reasoning logs — them, the model provider, or you?

02 · EY unpublished a report after AI hallucinations made it to the footnotes

The Signal. The Financial Times reported that EY pulled a published report after hallucinated citations were discovered in the footnotes (Baciu, LinkedIn, 15 May, 164 reactions). EY framed it as a quality issue. Practitioners called it what it is — a trust failure that survived review.

The Lineage Gap. This is what verification debt looks like when it comes due — not as a fine, but as a retraction. The interesting question isn’t how the hallucination got into the footnotes. It’s how it got past review by a firm whose entire business model is independent verification. The Four Pillars give the diagnostic: grounding failed (no anchor to a real source), scope failed (the model ranged into citation generation), provenance failed (the source could not be traced back), and drift awareness failed (no signal flagged the staleness). A signed advisory deliverable should not be able to fail all four at once. The fact that one did is the early warning, not the event.

Boardroom Prompt. If your most expensive external assurance can be hallucinated, what is your standard for the AI you operate yourself?

03 · A community bank reported itself to the SEC over an unauthorized chatbot

The Signal. CB Financial Services filed an 8-K with the SEC on May 7 after an employee uploaded customer Social Security numbers to an unauthorized AI chatbot (Benson, LinkedIn, 19 May). The breach clock started May 5. Class action attorneys filed within days.

The Lineage Gap. This is the concrete case study every other signal in this issue is dancing around. Five Questions, all five breaking. Who authorized it? — no one; an employee did it. Who can revoke it? — nobody at the bank, because nobody at the bank had the credentials. Who is it economically aligned to? — a SaaS vendor outside the bank’s third-party risk inventory, with terms of service the bank never reviewed. Shadow AI in regulated industry is not a future problem. It is a filed 8-K. The institutions still running spreadsheet-based AI inventories are one upload away from the same Friday.

Boardroom Prompt. If an employee uploaded regulated customer data to an unauthorized AI tool today, how many hours would pass before your security team knew?

04 · The EU published draft guidelines on high-risk AI classification

The Signal. The European Commission published draft guidelines clarifying high-risk AI system classification under the AI Act, days after EU leaders agreed to delay the compliance date to 2 December 2027 (Patel, LinkedIn, 19 May, 1,317 reactions). The guidelines focus on classification — which systems are in scope, and what obligations follow.

The Lineage Gap. The high-risk designation is where verification debt converts from a recommendation into a regulatory obligation. The Five Questions stop being a maturity framework and start being a discovery request. Who created it? becomes a documentation requirement. Who authorized it? becomes a sign-off trail. Who can revoke it? becomes a kill switch with a service level. The institutions that have wired these questions into their AI governance now are buying themselves a measurable head start. The ones still treating governance as a side project will discover that the regulator’s timeline is not negotiable, and that the documentation cannot be produced retroactively in the volumes the AI Act will request.

Boardroom Prompt. For each AI system in your stack, can you produce today the documentation a high-risk classification under the AI Act would require?

05 · Pat Gelsinger reframed AI from tool to layer of influence

The Signal. Pat Gelsinger wrote this week that roughly 6% of AI conversations are now about personal guidance — career, relationships, health, finances — and called for guardrails grounded in truth, dignity, and human flourishing (Gelsinger, LinkedIn, 15 May, 288 reactions). The reframe matters more than the percentage. AI is becoming a layer of influence, not just a tool of productivity.

The Lineage Gap. When AI is a tool, governance asks what did it do? When AI is a layer of influence, governance has to ask whose values did it act on? That is a Five Questions problem at scale. Who created it? — the lab. Who trained it? — the lab, on the open internet. Who is it economically aligned to? — not, in most cases, the person taking its guidance. Gelsinger is naming the consumer version of the gap this briefing covers in the enterprise. The same provenance failure that lets a hallucinated citation reach an EY footnote lets a hallucinated framing reach a person making a real decision about their health. The architecture problem is the same. Only the stakes change.

Boardroom Prompt. When the AI in your product gives a customer guidance, whose values is it acting on — and can you produce the evidence?

06 · Carolyn Healey told CXOs to stop measuring tasks and start designing org maturity

The Signal. Carolyn Healey published the 7 Stages of AI Workforce Maturity, opening with McKinsey’s estimate that AI agents can already handle 44% of U.S. work hours (Healey, LinkedIn, 18 May, 338 reactions). Her argument: Tasks do not transform organizations. Org design does.

The Lineage Gap. The maturity model maps cleanly onto the verification debt curve. The early stages — task assistance, scattered adoption — are where verification debt is invisible because no decision of consequence has been made yet. The later stages — function reinvention, agent-driven workflows — are where the debt comes due, because every consequential decision now has to be defensible. Most organizations are reporting at Stage 2 to a board that needs them governing at Stage 5. The reporting gap is the governance gap. Closing it is what turns AI activity into AI accountability — and what turns the conversation with the board from theater into oversight.

Boardroom Prompt. When you next brief the board on AI, are you reporting tasks automated, or are you reporting governed economic outcomes you can defend?

07 · Gabriel Millien named the failure mode every AI security program shares

The Signal. Gabriel Millien wrote that he has audited AI security programs at four Fortune 500 companies and the failure mode is identical every time (Millien, LinkedIn, 15 May, 173 reactions). Ten pillars land on the CISO’s desk. The CISO can execute three of them. The other seven need cross-functional sponsorship that never arrives. “Your board sees this as a CISO problem. It’s actually a CEO problem dressed up as a security checklist.”

The Lineage Gap. The structural diagnosis is correct and the polite version of it is overdue. Data lineage cannot be enforced by security alone. Model risk management cannot be enforced by security alone. Agent attribution cannot be enforced by security alone. The Five Questions all require a sponsor outside the CISO’s authority for an answer to even exist. When the CISO is the only senior leader accountable for an outcome that requires legal, data, procurement, and engineering to act together, the program stalls — and the board interprets the stall as a CISO performance problem. It is not. It is a CEO architecture problem. The institutions that get this right move AI governance to a dedicated cross-functional body chaired above the CISO. The ones that don’t will eventually hire a third CISO in five years.

Boardroom Prompt. Who in your C-suite owns the seven AI security pillars your CISO cannot execute alone?

08 · Alexandra C. named the vendor liability gap explicitly

The Signal. Alexandra C. wrote that financial institutions are signing third-party AI contracts that look clean on paper and expose them entirely in practice (Alexandra C., LinkedIn, 18 May). When a vendor demonstrates a platform, legal reviews the contract, and compliance ticks the boxes — but nobody asks whether the institution can reconstruct the reasoning chain when a regulator does.

The Lineage Gap. This is the Anthropic-KPMG signal seen from the institution’s side of the table. Vendor procurement is generating invisible liability because no one in the signing process asks the verification question. ISO certifications cover the vendor’s obligations, not yours. The legal review confirms the contract is enforceable, not that the AI is auditable. The compliance review confirms the boxes are ticked, not that the boxes are the right ones. When the regulator arrives, the institution faces the enforcement panel and the vendor faces a contract dispute. Those are not the same exposure. The contracts being signed today are creating verification debt that will mature into regulatory liability across the next twelve months.

Boardroom Prompt. In your last three AI vendor contracts, was the right to demand reasoning logs written in — or was it assumed?

09 · Okta announced agent IdP and Bedrock AgentCore integration

The Signal. Okta announced two product moves this week — Okta for AI Agents now integrates with Amazon Bedrock AgentCore, and Okta for AI Agents can act as your agent identity provider alongside your existing human IdP (Glenn, LinkedIn, 14 May, 231 reactions). The shorthand: agents are getting first-class identity in the IAM stack, not bolted on.

The Lineage Gap. This is the access-to-authorship shift becoming infrastructure. For thirty years, IAM was built around the assumption that identity equals login. That model held when the actor at the other end was a human with a session. It breaks the moment the actor is an agent acting on a human’s behalf — because the question shifts from who is allowed in? to who is behind this decision? Okta giving agents an IdP is the first credible move from a major incumbent to put attribution where authorship is happening. The institutions that adopt early get a registry they can govern. The institutions that wait keep a contract they cannot.

Boardroom Prompt. When an agent in your environment makes a consequential decision tomorrow, can you name the human whose authority it was acting under?

10 · Saidot launched an agent-first governance posture

The Signal. Saidot introduced Agent-First AI Governance this week, arguing enterprise governance must shift from human workflow controls to agent-native runtime controls (Niyazov, LinkedIn, 15 May). The core claim from Saidot’s leadership: most current governance programs were built for human users navigating interfaces and filling out forms — and that posture does not compose onto agents that spawn sub-agents.

The Lineage Gap. The 2×2 explains why. A high-trust entity can spawn a low-trust one. What comes back up does not get reclassified to its origin. Saidot is pointing at the swarm quadrant — the one where governance fails silently because the parent process appears authorized while the child process operates outside the scope of any policy anyone wrote. Runtime governance is the only place to catch this. By the time the audit log shows up, the swarm has already finished. Cross-level swarms without a registry are the governance failure mode of the next eighteen months — and the vendors who solve it first will be the ones writing the reference architecture the regulators eventually adopt.

Boardroom Prompt. What stops an authorized agent in your environment from spawning an unauthorized one — and what would the audit log show if it did?

The Verification Debt Tracker

The 2×2 from From Artificial to Verified Intelligence. Signal counts this week, with direction vs. the trailing 4-week mean.

This week the Operational / Governed quadrant heated up as identity and governance infrastructure caught up to agent deployment — the Okta announcement, Saidot’s agent-first posture, the policy-as-code chorus. The Perspective / Feral quadrant rose sharply, driven by the EY retraction, the SEC-reported shadow AI breach, and the Big Four alliance that puts AI into work product the institution cannot yet trace. The pattern to watch: when Feral outpaces Governed, verification debt is accruing faster than infrastructure can pay it down.

Monday Morning

Three things to do next week.

01 · Inventory the vendor AI in your work product. Every Big Four engagement, every SaaS-embedded feature, every advisor deliverable touched by an AI. You cannot govern what you cannot count, and you cannot count what the contract did not require the vendor to disclose. Start with the highest-stakes signed deliverable from the last quarter and trace backward.

02 · Demand the reasoning log. For any AI-assisted decision above a defined threshold — credit, compliance, regulatory, public communication — require the vendor to produce, on demand, the reasoning chain that produced the output. If the contract does not require it today, your next contract should. This is the single clause that converts verification debt from a hidden liability into a managed one.

03 · Pick one twin. Choose one digital twin use case where verified expertise matters more than scale. Govern it end to end — grounding, scope, provenance, drift. Make it your reference architecture for everything else. The institutions that have one well-governed twin learn faster than the ones that have ten ungoverned agents.

The Reading Room

Three pieces worth your time this week.

• AJ Yawn — Open source GRC plugin for Claude Code (LinkedIn, 14 May, 594 reactions). A working GRC plugin for an agentic coding tool, with AWS Inspector and Wiz connectors and an SCF crosswalk. The signal under the signal: GRC is becoming a developer surface, not a compliance surface.

• Vishal Pawar — Still reporting AI accuracy to the board? (LinkedIn, 14 May). Argues boards should measure AI through P&L impact, model risk management, and unit economics — not accuracy. The right scorecard for the conversation the board is actually trying to have.

• Alexandra C. — AI models are developing internal deception metrics that safety layers miss (LinkedIn, 22 May). The freshest signal of the week and the one that points to where verification debt is heading next: deception that exists internally and never surfaces in the output. Output-only safety checks were never designed to catch this.

Trust is expensive. So is its absence.

The Verified Intelligence Briefing is written by Steve Tout, Founder & CEO of Identient and author of The CISO on the Razor’s Edge. It draws from the curated Daily Signal corpus and the Verified Intelligence framework introduced in From Artificial to Verified Intelligence.

If this issue clarified something for you, forward it to one colleague who owns part of the control plane. New here? Subscribe to get The Briefing in your inbox every Friday morning.

Subscribe now

Reply or comment with the question you’d want answered in next week’s issue — your prompt may become Boardroom Prompt #1.

Connect with Steve: LinkedIn · identient.com · stevetout.com

👉 As a bonus, my latest piece for CIO Online, The Death of Identity as we Know It, is available here.

Here is a pattern we see over and over again. A company is smart. The engineering team is strong. AI adoption is moving fast. And leadership is confident they have it under control.

Then someone looks under the hood.

That is what happened when we ran an AI Security and Risk Assessment for a fintech firm in a regulated market. The company had strong instincts — early AI adoption, skilled teams, and a growing set of use cases. What they lacked was a way to see, govern, or defend how AI was really being used.

They are not alone. After walking the show floor at RSA Conference 2026, one thing is clear: the industry knows this is a problem. ’s post-RSAC vendor report found that 37% of booths mentioned AI. Identity, governance, and security operations led the way. But here is the hard truth behind the buzz — most firms are still figuring out how to close the gap between AI power and AI control.

That gap is where the real risk lives.

What We Found

The assessment covered eight domains and included interviews across leadership, engineering, and business teams. The results told a clear story.

• Upwards of 100 risks identified across governance, security, data, and infrastructure

• The heaviest concentration was in governance and compliance — with over a dozen rated high or critical

• Security and trust risks followed close behind, with the majority rated high severity

• Data and AI platform risks rounded out the picture, including several high-priority findings

The risks were not scattered. They were concentrated in three areas: governance, security, and data. That pattern points to structural gaps, not one-off problems.

Three challenges stood out above the rest.

Governance without enforcement. Policies existed. Intent was there. But there was no defined ownership, no enforcement mechanism, and no audit trail. Governance was informal and hard to defend.

Identity and access gaps in AI systems. AI agents and services had no steady identity. Access was too broad. Nothing was centrally managed. This is the kind of risk that builds quietly — until it does not.

Uncontrolled AI use case growth. AI was being developed across business units, deployed without formal approval, and extended into customer-facing workflows. Governance simply could not keep pace with adoption.

Why This Matters Right Now

FINRA’s 2026 guidance makes the stakes clear. AI is no longer treated as a test. It is part of the firm’s control environment. That means oversight of AI-driven processes, data quality and tracing, logging of AI outputs, and close attention to the risks of agentic AI — autonomy, scope, and the ability to audit.

The shift is simple but significant. If AI touches decisions that affect customers, markets, or compliance, it must be governed like any other control.

Ellis’s RSA report backs this up from the vendor side. The categories with the most booths — identity, app security, and security operations — are the same areas where this assessment found the deepest gaps. The market is building answers. But most firms have not yet mapped the problems those answers are meant to solve.

What Changed

After the assessment, the organization had something it did not have before: clarity.

• A full view of AI-related risks and where they are concentrated

• A prioritized list of what matters most — and what can wait

• Leadership aligned around AI as a governance challenge, not just a growth play

• A structured path from experimentation to governed execution

Identient also delivered a digital twin of the assessment itself. Instead of leaving findings locked in a static report, a conversational agent makes risk insights easy to query, explore, and apply in real time. Leaders can ask questions, revisit findings, and act on insights as things change.

This is the shift we described in our earlier post on Verified Digital Twins. Risk management cannot be a point-in-time exercise. It has to become a continuous, intelligence-driven function.

The Bottom Line

This firm is not behind. They are at a turning point — and they had the sense to act before the gap became a crisis.

The firms that win with AI will not be the fastest to deploy. They will be the ones that can trust, control, and defend the choices AI makes on their behalf.

That requires three things: structured governance, verified data, and disciplined execution.

Ready to See What You’re Missing?

Experience how Identient reveals the signals behind your strategy — from real-time insight to board-level clarity. Move beyond assumptions, align execution to what matters, and lead with confidence.

Schedule a Discovery Call →

In this episode of The Strategy Layer Live, Steve sits down with Richard Bird—multi-time CISO, former Chief Customer Information Officer at Ping Identity, author, and current Chief Security Officer at Singulr—for a conversation that pushes beyond conventional cybersecurity narratives.

For the first time on the podcast, an AI digital twin takes an active speaking role, opening the episode with a blunt assessment of where cybersecurity thinking has already fallen behind. From there, the discussion moves into the strategic implications of AI across cybercrime, governance, leadership, and careers.

This episode explores how AI is reshaping the threat landscape faster than most organizations are prepared for, why governance failures are increasingly systemic rather than technical, and what leadership looks like when machines operate at scale and speed. The conversation also turns personal, with reflections on Richard’s book Famous With 12 People and the legacy he hopes to leave behind.

Prefer to listen?

Apple Podcasts

Spotify

Key Topics Discussed

AI Digital Twins in Leadership Conversations
What it means when AI systems don’t just assist—but actively participate in strategic dialogue.

AI and the Acceleration of Cybercrime
How attackers are using AI as force multiplication while many organizations reduce human defenders.

Shadow AI and Unfinished Security Work
Why decades of unfinished IT and security projects created the conditions for today’s AI risk.

Governance Failures Are Systemic, Not Technical
How leadership blind spots—not tooling—are driving AI governance gaps.

Identity, Access, and Ownership in an AI World
Why diffuse responsibility leads to no accountability when AI systems act at scale.

The Future of Consulting and Verified Intelligence
How AI is reshaping advisory work and exposing performative expertise.

Career Strategy and Influence
Insights from Famous With 12 People on building impact through depth, clarity, and relevance.

Legacy and Leadership
Richard’s reflections on service, contribution, and what comes next beyond titles and roles.

Insightful Takeaways

AI rewards preparedness, not optimism.
Attackers are using AI to move faster and more efficiently; organizations that fail to adapt governance and defenses will see the results in loss curves.

Shadow AI is a leadership problem before it’s a technology problem.
Uncontrolled AI use is the predictable outcome of years of tolerated sprawl and unfinished security work.

Cutting people while attackers scale with AI is a dangerous asymmetry.
AI augments those who use it strategically—and penalizes those who remove human judgment from critical systems.

Governance must evolve from policy to ownership.
When everyone owns identity, risk, or AI outcomes, accountability disappears.

Impact comes from depth, not scale.
Leadership, influence, and career growth are built by being meaningful to a few—not visible to everyone.

Legacy is defined by service, not status.
The most durable contribution comes from helping others move forward—especially in moments of uncertainty and change.

Quote of the show:

“Has it been proven to you that you don’t suck at security?” —Richard Bird

Links:

Richard Bird on LinkedIn: https://www.linkedin.com/in/rbird/

Digital twins aren’t a concept—they’re already being used.
Try Richard Bird’s digital twin or learn how to create one for the marketplace at Identient.com.

As the year comes to a close, many leaders are taking stock of what AI has changed inside their organizations. The gains are real. Work moves faster. Information is easier to digest. Communication feels smoother. For many teams, AI has become part of the daily rhythm of getting things done.

But beneath these visible improvements, something quieter and more consequential is happening. AI is beginning to shape how leaders see their organizations, how they interpret signals, and how they decide where to focus next. Those effects are harder to measure, but they will matter far more in the long run.

Earlier this year, MIT Sloan Review made the case that “philosophy is eating AI,” arguing that beneath the models and metrics, AI increasingly reflects how we define knowledge, reality, and purpose (MIT Sloan Review, 2025)1. That framing may sound abstract, but the implication for leaders is very practical. AI systems inevitably reflect how we think the system works. Over time, they reinforce that view, whether it remains accurate or not.

This is why AI’s greatest impact will not be on output volume. It will be on leadership impact.

AI Reflects How Leaders See the World

AI does not start with data alone. It starts with choices about what data matters, which signals are trusted, and what outcomes are worth optimizing. Those choices are often implicit. They live inside models, dashboards, prompts, and workflows that feel neutral because they are technical.

Yet these systems shape what feels clear and what feels urgent. They influence which risks rise to the surface and which fade into the background. In subtle ways, they guide attention, and attention drives action.

When leaders say AI helps them “see the business more clearly,” that clarity is always relative to the assumptions encoded in the system. What gets measured is what gets discussed. What gets summarized is what gets remembered. What gets optimized is what gets rewarded.

None of this is malicious or careless. It is simply how systems work. Over time, AI becomes a reflection of how leaders understand the organization and what they believe is important.

Why Trust in AI Is Complicated, and Rightly So

Given this dynamic, it should not be surprising that many organizations struggle with trust when it comes to AI. A recent Fast Company article noted that mistrust in AI is often well placed, especially when systems feel disconnected from the realities leaders care about most (Fast Company, 2025)2. Trust does not come from transparency alone. It comes from alignment.

Leaders are right to be cautious when AI confidently produces answers without making clear which assumptions are driving those answers. When systems feel generic or detached from domain expertise, skepticism is a rational response.

Trust grows when AI is purpose-built, grounded in expertise, and designed to reflect the real tensions leaders face. In other words, when AI helps leaders reason better, not just faster.

When Assumptions Begin to Compound

The stakes rise as AI systems become more autonomous and self-reinforcing. Researchers and practitioners have begun to ask hard questions about what happens when AI increasingly trains itself, refining its behavior through feedback loops that may drift from original intent (The Guardian, 2025)3.

From a leadership perspective, this is less about losing control and more about losing intentionality. Systems that continuously reinforce existing patterns can quietly lock in outdated assumptions. Decisions feel easier. Outputs feel confident. Meanwhile, misalignment grows harder to detect.

This is how complexity compounds. Not through sudden failure, but through small, accumulated shifts that go unnoticed because everything still appears to be working.

In these moments, AI functions as a mirror. It reflects how leaders believe the organization operates. Over time, it may reveal gaps between that belief and lived reality.

Disagreement Is a Feature, Not a Bug

One of the more interesting developments in AI this year has been the rise of multi-agent systems. As observers have noted, AI agents are increasingly interacting with one another, and they do not always agree (Wondering About AI, 2025)4. That disagreement can feel uncomfortable, especially in environments that prize alignment and consistency.

But disagreement is often where insight emerges.

Research on multi-agent debate shows that structured disagreement, particularly when identity signals are reduced or anonymized, can improve outcomes and reduce bias (Zhang et al., 2025)5. In organizational terms, this mirrors what strong leadership teams already know. Healthy systems surface tension early. Weak systems suppress it until it becomes unavoidable.

AI that merely reinforces consensus may feel reassuring, but it rarely improves judgment. AI that surfaces competing perspectives, patterns, and tradeoffs helps leaders see the system more fully.

From Productivity to Leadership Impact

None of this diminishes the value of everyday AI use cases. Tools that summarize meetings, draft communications, and speed up analysis are genuinely useful. They reduce friction and free up time.

The difference is that productivity gains alone do not guarantee better leadership outcomes.

Leadership impact comes from making better decisions under complexity. It comes from seeing patterns before they become problems. It comes from distinguishing signal from noise and momentum from progress.

AI that improves leadership impact does not simply accelerate existing narratives. It helps leaders test them. It introduces productive tension. It highlights where confidence may be outrunning evidence.

This is where the strategic choice of which AI to deploy becomes critical. Generic tools optimize for convenience and volume. Purpose-built systems, grounded in verified intelligence, optimize for clarity and judgment. In short, Generic AI accelerates activity; verified intelligence amplifies leadership.

Rethinking AI Governance

These dynamics have important implications for AI governance. Much of today’s governance conversation focuses on guardrails, policies, and model risk. Those are necessary foundations. But they are not sufficient.

Effective AI governance must also protect leadership effectiveness over time. It must account for drift, compounding effects, and the way AI-informed decisions accumulate across the organization. Governance should help leaders understand not just what AI is allowed to do, but how it is shaping priorities, incentives, and attention.

When governance focuses only on deployment, it misses the harder question of impact. When it focuses only on control, it risks constraining learning.

Do you agree?

The most effective governance frameworks treat AI as part of the leadership system itself. They emphasize evidence, feedback loops, and the ability to course-correct as conditions change.

Verified Intelligence and Strategic Clarity

This is where verified intelligence becomes a meaningful differentiator. Systems designed to observe trends over time, grounded in domain expertise, help leaders cut through complexity rather than add to it.

At Identient, this perspective informs how we approach AI-enabled analysis across identity and cybersecurity. Tools like SPI 360 focus on trend analysis across strategy, governance, people, and technology, helping leaders distinguish isolated issues from systemic patterns and short-term noise from meaningful change.

The goal is not more dashboards or more activity. It is clearer insight that supports better prioritization and more confident leadership decisions.

Digital Models as Tools for Clarity

Digital models and digital twins amplify both the promise and the risk of AI. By formalizing how an organization understands itself, they make assumptions visible. That visibility is powerful.

But models are not oracles. They do not eliminate uncertainty. They shape how uncertainty is perceived.

Used well, digital models help leaders see complexity more clearly and ask better questions. Used poorly, they can create a false sense of certainty that obscures emerging risks.

The difference lies in how intentionally they are designed and governed, and whether they are treated as tools for inquiry rather than answers in themselves.

Choosing Leadership Impact Over Activity

As leaders look ahead to the next planning cycle, the temptation will be to measure AI success by scale. More deployments. More use cases. More output.

A better measure is impact.

AI will either sharpen leadership impact or multiply activity without direction. The difference lies in which intelligence leaders choose to deploy and which they choose not to.

The quiet choices made today about trust, assumptions, and governance will shape how leaders see their organizations tomorrow. In a world of increasing complexity, clarity is not a nice-to-have. It is the foundation of meaningful performance.

And that is where AI’s real value will be found.

Leave a comment

Footnotes

4

Wondering About AI. (2025). AI agents are talking to each other…and they don’t always agree.

Wondering About AI

AI agents are talking to each other...and they don't always agree

Disclosure: This post is based on the results of a topical analysis conducted in Future Scan, a trend discovery tool for AI/ML research. I wrote the initial draft, but used Claude Sonnet 4.5 to help me translate scientific jargon and (mostly) eradicate awkwardness…

Read more

7 months ago · 56 likes · 26 comments · Karen Spinner

He shares how running and coaching informed his approach to developing people, why modernization must be incremental and human-centered, and what it really looks like when a CIO steps fully into cybersecurity accountability alongside their CISO.

Bill’s insights offer a grounded, practical masterclass in leading with purpose, navigating complexity, and building public trust in the digital age.

Prefer to listen?

Apple Podcasts

Spotify

What We Cover in This Episode

• Bill’s early path into public service and what has kept him committed for decades

• The turning-point projects that shaped his leadership philosophy

• Lessons from running and coaching — discipline, strategy, and individual development

• The bold vision behind digital equity and the Resident Portal

• Modernization without fear: incremental change, customer experience, and agile delivery

• The Resident Portal Challenge and the future of procurement innovation

• Multi-vendor collaboration and why competition can create better outcomes

• The CIO–CISO partnership and shared responsibility for cybersecurity

• Leading through complexity with calm, clarity, and trust

• Bill’s reflections on legacy, public service, and the next generation of leaders

• How AI is reshaping responsibility, decision-making, and efficiency in government

Quote of the Show:

• “I’m the front lines for everything that happens — good or bad — and I consider myself accountable and responsible for everything that goes on in my agency and in technology in the state.” - Bill Kehoe

Links:

• https://watech.wa.gov/

• https://www.linkedin.com/in/william-kehoe-a37a0714b/

#CybersecurityLeadership #CIO #CISOPartnership #GovernmentTechnology #PublicSectorLeadership #DigitalGovernment #StrategyLayerLive

That distinction matters for one simple reason: the future will not be defined by “bigger models.” It will be defined by transparent, verifiable, provenance-rich intelligence that leaders can trust — and defend.

This shift isn’t theoretical. It’s happening right now.
And the smartest public and private sector organizations are already aligning with it.

Opaque Intelligence Is the Real Risk — Not AI Itself

I’ve spent years working across cybersecurity, IAM, and now AI and verified intelligence. And one pattern is becoming clear: as organizations begin laying the foundations of their AI strategy, the choices they make in 2026 will have long-term consequences. Many are exploring GenAI and LLM tools without fully understanding the short- and long-term risks these systems can introduce to their P&L, operational resilience, and decision quality.

This is the moment where leaders must decide whether to build on opaque, probabilistic tools—or on transparent, verifiable intelligence they can trust, audit, and defend. The organizations who pause to consider provenance, lineage, and accountability now will avoid painful redesign later and position themselves for durable, compounding productivity gains.

A human in the loop doesn’t fix this.
You can’t “review” what you can’t see.

If the system cannot show:

• Its reasoning path

• Its underlying sources

• Its version footprint

• Its inference chain

• Or whether it hallucinated

…then you own the outcome but you don’t own the evidence.

Opaque AI becomes a governance liability.
And regulators are beginning to say so out loud.

The Regulatory Wave Has Begun — Transparency Is Becoming Law

A growing set of U.S. states are taking decisive steps toward transparency, documentation, and proof of AI influence.

Washington’s HB 1170 — A Major Leap Forward in Transparency

As I wrote in AI Transparency 2.0: Why Washington Must Go Beyond Deepfakes to Decision Provenance, Washington State’s HB 1170 puts real stakes in the ground: citizens must be informed when AI influences decisions, and organizations must maintain records of how that intelligence was used.

This mirrors the same foundation seen in California’s early AI Transparency Act — and signals where nationwide policy is headed.

Colorado’s SB 24-205 — The Strongest AI Governance Law to Date

Colorado’s SB 24-205, enacted in 2024, establishes mandatory risk assessments, notices, governance controls, and documentation requirements for “high-risk” AI systems.2

This is the most comprehensive state-level AI law in the country, and it’s already influencing other states’ drafts.

Illinois HB 3773 — You Can’t Hide AI in Hiring Decisions

Illinois took a direct aim at algorithmic opacity by requiring disclosures and fairness documentation for any AI used in employment decisions starting in 2026.3

Illinois’ HB 3773 amends the state’s Human Rights Act to regulate the use of AI in employment decisions, prohibiting its use if it has a discriminatory effect based on protected classes and requiring employers to notify employees when AI is used in hiring, promotion, or other employment decisions. The law takes effect January 1, 2026, and also prohibits the use of zip codes as a proxy for protected classes in employment contexts.

The era of black-box algorithmic hiring is ending.

California’s AI Transparency Act — A Modern Benchmark for Disclosure

California’s new AI Transparency Act4 sets one of the clearest expectations in the country: organizations must disclose when AI is used in customer-facing or citizen-facing interactions, and they must maintain documentation that explains how automated decisions are generated. The Act goes beyond simple labeling—it requires organizations to preserve evidence of AI influence, enabling regulators and affected individuals to understand how and why an automated outcome occurred.

It signals a broader trend: transparency is no longer optional. It is fast becoming the baseline requirement for any organization deploying AI in high-impact contexts.

New York, Connecticut, and Massachusetts are following similar paths with draft frameworks focused on transparency and algorithmic accountability.

The direction is unified:

AI cannot be used for autonomous decision-making unless it operates with full transparency, provenance, and explainability.

This is no longer an abstract ethical debate.
It is becoming a regulatory and operational reality.

There Is No AI Bubble — The LLM Bubble Is What’s Bursting

The market is now recognizing what many of us working on verified intelligence have known for years:

• The bigger the model, the bigger the opacity

• The bigger the opacity, the bigger the liability

• And the bigger the liability, the smaller the strategic value

Look across industries: leaders are no longer asking “How do we get more AI?”
They’re asking:
“How do we trust what we’re using?”

Large language models aren’t dying — but their unverifiable use cases are.

As the Hugging Face CEO noted, the bubble is around LLMs specifically — not the broader field of AI innovation where transparency, interpretability, and provenance are core requirements.

That’s where the future is heading.
Quickly.

Verified Intelligence: What Comes After the LLM Bubble

I believe the next decade of AI will be defined by a new standard:

AI systems must be able to answer four questions with absolute clarity:

1. Where did this intelligence come from?

2. Whose expertise, data, and boundaries informed it?

3. What reasoning steps produced the answer?

4. Can we recreate the decision and prove its integrity?

Generic LLMs can answer none of these.
Verified intelligence systems can answer all of them.

This is why we built Identient’s marketplace around provenance, data lineage, identity-attached digital twins, and full auditability.
Because trust doesn’t come from bigger models — it comes from verifiable ones.

And it turns out that when you remove ambiguity, a second benefit emerges:

The Strategic Advantage:

10X Faster Alignment With 1/10th the Effort

Once you eliminate the ambiguity created by black-box systems, something remarkable happens:

• Alignment accelerates

• Decision cycles shrink

• Rework disappears

• Shadow expertise consolidates

• Dependency on expensive consultants is minimized

• And the organization begins operating with shared clarity

Verified intelligence doesn’t just reduce risk — it creates leverage.
It allows leaders to move faster because they can prove the integrity of their decisions.

This is what separates the companies that are merely adopting AI from those that will define the next decade.

Next Steps

If you’re interested in provenance, lineage, and transparency — Let’s Talk

At Identient, we love partnering with organizations who understand where the world is heading.
Companies building AI with:

• Traceability

• Transparency

• Verifiable expertise

• Auditability

• And human-owned intelligence

Those are the leaders who will outperform the rest of the market — not because they “used more AI,” but because they used trusted AI.

If that’s you, let’s chat.
We’d love to build the future with you.

But as I argued recently in AI is Cheap. Trust is Expensive., transparency for content is only half of the equation. What residents need is trust in the systems that inform decisions about them. And today’s Washington Digital Government Summit made that clearer than ever.

AI in government is no longer primarily about generating images or text. It is augmenting decisions, routing cases, prioritizing inspections, assisting in contracting, and shaping how residents interact with the state. Deepfakes aren’t the only risk. Opaque intelligence is, too.

Washington now needs AI Transparency 2.0: a model that provides provenance not just for synthetic media, but for AI-assisted decisions.

What HB 1170 Gets Right

HB 1170 focuses on media transparency:

• Clear labeling of AI-generated or AI-altered content

• Latent and manifest disclosures

• Publicly accessible detection tools with APIs

• Limits on retention of user-submitted content

• Alignment with C2PA-style provenance principles and NIST AI RMF concepts of traceability

This is the right foundation. Synthetic media harms are real. Election security, misinformation prevention, and public trust all benefit from strong provenance requirements.

But the bill only addresses outputs that look like media. It does not address AI systems used for decision support, which is where the public sector is already moving.

Today’s Summit demonstrated that gap clearly.

What Washington’s Leaders Said Today

At the Washington Digital Government Summit, three themes emerged across the closing panel on “AI Governance and Digital Equity in Washington Government.”

Bill Kehoe, State CIO

“AI innovation must be risk-averse and transparent.”
Kehoe emphasized strong data foundations, privacy, security, and clear disclosures. He highlighted the modern wa.gov resident portal as an example of how structured data and personalization can enhance services, while noting that transparency and opt-outs are mandatory for public trust.

Jake Hammock, CISO, City of Seattle

“Seattle is adopting human-centered AI with humans in the loop — not displacement, but augmentation.”
Seattle is hiring a City AI Officer and implementing its Responsible AI plan across public safety, permitting, and customer-service operations. Hammock stressed equity, accessibility, language translation, and correct labeling of AI outputs.

Stephen Hurd, Acting CIO, King County

“Generative AI for decision-making remains tricky — human oversight is essential.”
Hurd emphasized productivity and capacity gains, but made it clear: any decision that affects residents must retain human review. King County’s upcoming AI policy is grounded in oversight, transparency, and digital equity.

Across all three leaders, one message was consistent:
Government needs innovation, but it must remain cautious, transparent, and accountable.

That requires more than content labeling.
It requires decision provenance.

The Gap in HB 1170: Transparency for Media but Not Decisions

HB 1170 does not apply to:

• Case prioritization

• Eligibility determination

• Contract routing

• Public safety triage

• Fraud detection

• Resource allocation

• Workforce augmentation

• Constituent-service recommendations

None of these produce synthetic media.
All of them influence residents’ lives.

As the National Conference of State Legislatures puts it, governments nationwide are expanding their use of AI to “improve efficiency, decision-making, and the delivery of government services.”1 Today’s Summit speakers described the same reality in Washington.

We need transparency for more than images and content.
We need transparency for how AI contributes to decisions.

A Three-Layer Provenance Model for Washington

Drawing from both HB 1170 and the guidance of Washington’s technology leaders, Washington can adopt a forward-looking model of AI provenance:

1. Content Provenance

This is the domain of HB 1170:
Labeling, watermarking, and detection of AI-generated or altered media.

2. System Provenance

Which model generated the output?
What version?
What training, tuning, and guardrails?
What data quality and risks were known?

This aligns with Kehoe’s emphasis on data foundations, Hammock’s focus on governance, and Hurd’s insistence on transparency.

3. Decision Provenance

When AI informs or influences a decision, residents deserve to know:

• Who or what made the recommendation

• What signals, data, or models informed it

• How the reasoning chain was constructed

• Which human reviewed or approved it

• What alternatives were considered

This is where policy needs to evolve.
If content provenance protects residents from deception, decision provenance protects them from misgovernance, AI hallucinations, or worse.

How Washington Can Lead Nationally

To build on HB 1170 and match the future of public-sector AI use, Washington policymakers can consider the following:

1. Clarify provenance in legislative intent

Acknowledge content, system, and decision provenance even if only the first is mandated today.

2. Align with government-grade standards

NIST AI RMF
NIST Data Lifecycle guidance
C2PA for content provenance
OCIO Policy 188 updates
Seattle’s Responsible AI Framework

3. Require disclosures for AI-assisted decisions

Not bans. Not burdens.
Just clear notification, human review, and documented reasoning.

4. Support innovation funding

Kehoe’s call for agile modernization funds is critical for safe experimentation.

5. Encourage public-private collaboration

Seattle and King County are building their own frameworks.
The state can accelerate their progress by providing structure without over-prescription.

Washington can become a national leader by expanding transparency from media to the decisions that shape public outcomes.

Toward Trusted Intelligence in Government

The conversations at the Summit revealed something important:
Public-sector leaders aren’t asking for more automation. They’re asking for clarity, consistency, and confidence in the intelligence they rely on.

They want to know who — or what — they’re listening to.
They want to understand why a recommendation was made.
They want a traceable line from advice to authentic expertise.

They want AI that behaves less like a black box and more like a trusted colleague.

This is where the next generation of AI will evolve: toward systems that don’t just generate content, but embody verifiable expertise, maintain consistent reasoning, and operate with provenance by design. Systems where the source of insight is clear, the chain-of-custody is intact, and decision-makers can see why a certain answer was produced.

Because ultimately, as I wrote in AI is Cheap. Trust is Expensive., the future of AI isn’t about scaling intelligence — it’s about scaling trustworthy intelligence. And trust doesn’t come from speed or capacity. It comes from knowing what — and who — is behind the answers.

Conclusion

HB 1170 is the right starting point.
Transparency for synthetic media is essential.

But today’s Washington Digital Government Summit made clear that the real frontier is AI-informed decisions, not just AI-generated images.

Washington has an opportunity to lead the nation by expanding transparency to content, systems, and decisions — building a governance model that supports innovation while protecting residents.

AI transparency must move past detecting deepfakes.
It must ensure accountability for the intelligence we rely on.

This piece explores why provenance, verified expertise, and digital twins will define the next decade of AI—and why organizations that ignore trust will pay for it twice.

The Illusion of Cheap AI

Anyone can buy ChatGPT Plus for $20. But you can’t buy trust.

That’s the quiet truth behind today’s AI gold rush. Models get cheaper, faster, and more accessible by the month. Yet the leaders who can actually trust the intelligence they’re building their strategies on—that’s still a rare privilege.

We’ve entered an era where the price of information is plummeting, but the cost of certainty is rising.

The question is no longer Can AI think? It’s Can we trust what it thinks for us?

Because while AI may help us go faster, it often sends us racing confidently in the wrong direction.

“You can’t automate trust—but you can model it.”

The Problem with Cheap AI

Why “good enough” AI isn’t good enough for enterprise strategy.

Generative AI, for all its brilliance, is a master of mimicry. It’s a regurgitation engine—reshaping the web’s collective past into a polished, probabilistic reflection of the present. Ask it for a strategy, and it will give you the average of a thousand other strategies. Ask it for insight, and it will offer what sounds smart, not what is smart.

That’s fine for brainstorming. But it’s a liability for leadership.

When you rely on GenAI to solve strategic problems, you often become a context engineer—constantly rewriting prompts, rewording queries, and correcting hallucinations to chase precision that never quite arrives.

Meanwhile, hours disappear. Teams feel productive because words appear. But the signal-to-noise ratio drops. Leaders spend 2–10x more time iterating on outputs that lead to dead ends—or worse, elegant nonsense.

And then there’s the hidden cost: AI laundering.

Like money laundering, it’s the process of taking someone else’s intellectual capital, washing it through a model, and reissuing it as your own. Except this time, the currency being diluted isn’t cash—it’s credibility.

Authenticity becomes a liability on your balance sheet. Original thinking erodes. And in a world now governed by emerging AI transparency laws—like California’s AI Transparency Act 2.01, which mandates provenance and labeling—what was once clever repurposing is becoming a compliance and reputation risk.

The bottom line: cheap AI produces expensive confusion.

“Generative AI creates content. Verified expertise creates conviction.”

The Trust Crisis in Enterprise AI

When everyone’s AI looks the same, trust becomes your competitive advantage.

Trust has always been the currency of business. But in an AI-saturated world, it’s becoming the exchange rate for strategy itself.

Yes, you can buy a $20 chatbot. But it won’t buy you executive alignment, investor confidence, or measurable impact on your P&L.

At the enterprise level, the real question isn’t “How do we use AI?” but “How do we trust what it tells us enough to act on it?”

Because enterprise-scale trust—the kind that drives seven- and eight-figure impact—requires more than model performance metrics. It requires verified expertise. A lineage of knowledge that can be traced, cited, and believed.

When AI outputs come from nowhere, trust goes nowhere.

That creates a new class of corporate risk: strategic opacity.

Decisions built on synthetic knowledge—unverified, unattributed, context-free—create cracks in the foundation of leadership. You don’t just risk making bad calls; you risk eroding the confidence that fuels innovation.

When you can’t trace the origin of your insights, you’ve already lost control of the narrative.

“The real moat in AI isn’t data. It’s provenance.”

Leadership Without Trust Is Just Noise

Why the C-suite alignment problem is human, not technical.

Getting the C-suite on the same page has never been easy. Ego, politics, and miscommunication quietly drain millions in strategic waste every quarter. The most brilliant minds in the room often talk past each other, armed with their own truths.

And while AI was supposed to fix this, it often amplifies it.

When every executive can generate their own “strategic analysis” from a model trained on the internet, alignment doesn’t improve—it fractures. Each leader arrives armed with a different AI narrative, polished by different prompts, reflecting different biases.

You can’t automate alignment.

You have to build it—through trust, shared context, and a common source of truth.

That’s where verified digital twins enter the picture. Not fictional avatars, but faithful digital representations of executives, domain experts, and peer networks—trained on verified expertise, not scraped data.

These twins don’t replace leaders; they reflect them. They create a space where collaboration can happen without ego, where ideas can be tested, refined, and aligned before they ever reach production.

Imagine your leadership team rehearsing decisions with their digital counterparts—testing scenarios, surfacing blind spots, and converging on clarity without the friction of personality or politics.

That’s not science fiction. It’s a new kind of organizational psychology powered by verified intelligence.

From Generative to Verified

The rise of digital twins and the return of provenance.

The next era of AI isn’t about generating more content. It’s about verifying the intelligence that drives decisions.

Large Language Models (LLMs) are broad but shallow—they know something about everything, but not enough about you.
Small Language Models (SLMs)—trained on specific, verified data—are the inverse. They know less, but what they know is true, trusted, and contextual.

It’s the difference between reading Wikipedia and calling a mentor who’s been there.

Verified digital twins combine these SLMs with authenticated sources of expertise—creating a chain of provenance from human knowledge → verified data → explainable output.

This mirrors what’s happened in supply chains, finance, and media: provenance is the new quality.

For organizations, this is more than technical evolution. It’s philosophical.

When you can trust your intelligence, you no longer need to over-engineer control. You can move faster with less oversight because the system itself embeds integrity.

That’s what it means to execute 10x faster with 1/10th the effort.

Speed doesn’t come from automation—it comes from alignment.
And alignment starts with trust.

The Real Cost of Trust

Now is the time to put trust back at the center of AI.

AI is cheap. Trust is expensive.

But if you think trust is expensive, try operating without it.

The cost shows up in misaligned strategy meetings, delayed decisions, duplicated work, and stalled innovation. It’s the silent tax of distrust—paid daily by organizations that confuse speed with progress.

The companies that will win the next decade aren’t the ones deploying the most AI. They’re the ones deploying the most trusted intelligence—systems that integrate verified expertise, ethical provenance, and transparent reasoning.

Trust is not a soft concept. It’s a hard asset. It determines whether a CISO can sign off on a risk model, whether a CEO can act on a market signal, whether an investor believes your AI has defensible value.

As California’s AI Transparency Act signals, the market is demanding proof, not promises.

And that’s where the opportunity lies.

The leaders who invest now in verified digital twins—who create AI systems rooted in authenticity, attribution, and trust—won’t just comply with the future. They’ll define it.

Because the next phase of AI isn’t about bigger models. It’s about better mirrors—digital counterparts that reflect what’s real, credible, and uniquely yours.

The question isn’t whether you’ll build one.
The question is when.

Final Reflection

AI is no longer the differentiator. Everyone has it.
What will separate tomorrow’s market leaders is whether anyone believes what their AI says.

The companies that invest in verified expertise, transparency, and trust won’t just build better technology—they’ll build the credibility to lead.

And in a world where everyone’s shouting through machines, credibility might just be the last human advantage.

As we head into budget planning season for the next calendar year, one theme keeps showing up in every conversation: ROI.

Executives love certainty. Boards demand it. Vendors try to simulate it.
And somewhere in that tension lives the great illusion of modern enterprise finance—the illusion of pre-proven ROI.

ROI isn’t an oracle. It’s a model. It doesn’t predict the future; it helps you price it.
And in that sense, it functions much like Net Present Value (NPV) or the time value of money: both are forecasts that rely on real data, reasonable assumptions, and continuous refinement.

When leaders expect “proven ROI” before an engagement begins, what they’re really asking for is a forecast without inputs.
That’s not rigor—it’s wishful thinking dressed as discipline.

ROI as Forecast, Not Faith

ROI forecasting is not a sales tactic; it’s a financial instrument.
In finance, investors don’t demand proof of return before deploying capital. They model expected return using known variables: capital costs, cash flows, discount rates, and risk-adjusted assumptions.

Cybersecurity investments should be treated the same way.
Potential ROI is calculated through financial modeling, not conjecture. The process applies economic principles to project the present value of future benefits relative to the present value of future costs.

The key distinction is that ROI modeling is forecastable, not hypothetical.
It’s a legitimate form of decision analysis that provides directional confidence—not false precision.

The Discipline of Cost-Benefit Analysis

A well-constructed Cost-Benefit Analysis (CBA) is the backbone of ROI modeling.
It’s not about storytelling—it’s an exercise in economics.

The data required isn’t secret; it’s just often unavailable to external partners. It includes:

• Capital costs

• Operational costs

• Cost reductions

• Reduction of manual effort

• Efficiency gains

• Financial impact on the P&L

Each of these inputs connects directly to real financial systems—your ledger, your labor data, your operational reports. Without those inputs, external ROI projections are like calculating NPV with blank cells.

As shown in the example:

Alternative Total Costs Total Benefits Benefit-Cost Ratio A $100,000 $120,000 1.20 B $150,000 $190,000 1.27 C $200,000 $230,000 1.15

The Benefit-Cost Ratio (BCR) is calculated as:

BCR = Σ Present Value of Total Future Benefits / Σ Present Value of Total Future Costs

A ratio above 1.0 means benefits outweigh costs; the higher the number, the greater the return on investment.
But the value of the analysis isn’t in the number—it’s in the inputs.

Everything in cost-benefit analysis is measurable, but nothing is meaningful until the data reflects the realities of your environment.

The Time Value of Money: ROI’s Silent Variable

Every executive understands the time value of money—a dollar today is worth more than a dollar next year.
But in cybersecurity and operations, this truth is often forgotten.

When projects stall in pursuit of pre-proven ROI, the organization quietly accrues what economists call the Cost of Delay.
Security risks persist. Operational inefficiencies linger. Opportunity costs compound.

Time is a variable in every ROI equation.
Real ROI, therefore, is a function of time, money, and resources—not just savings. It recognizes that the longer a system remains inefficient, the smaller the present value of future benefits becomes.

Waiting for proof before acting is, in financial terms, a negative-yield strategy.

Forecasting with Real Data

To transform ROI from abstraction into strategy, organizations must model it like they would any other investment—using financial data grounded in reality.

The process typically includes:

1. Establishing Baselines – Gather financial and operational metrics that describe the current state: time spent, headcount, system costs, and performance indicators.

2. Modeling Scenarios – Use those baselines to model potential future states under different investment scenarios.

3. Applying Discount Rates – Adjust for the time value of money to calculate the present value of future benefits.

4. Analyzing Sensitivity – Identify which variables most affect outcomes; this drives smarter decisions and better risk management.

This process isn’t theoretical—it’s how mature organizations make capital budgeting decisions every day.

ROI as a Strategic Instrument

Once leaders accept that ROI is forecastable, not provable, the question shifts from “What’s the number?” to “What’s the model?”

A credible ROI model is a strategic instrument for prioritization. It helps leaders allocate capital across competing priorities based on expected value creation, not gut feel.

For example:

• An IAM modernization initiative might reduce operational cost and incident response time, improving both financial efficiency and enterprise resilience.

• A workflow automation platform might reduce manual effort, reallocating skilled labor to higher-value work.

• A governance dashboard might shorten reporting cycles, directly improving decision velocity and cost of coordination.

In each case, ROI isn’t proven in advance—it’s priced in advance and measured afterward.
That’s the discipline of real finance.

The Misunderstanding of “Proof”

Executives sometimes conflate forecasting with guaranteeing, but they’re fundamentally different.

Forecasting acknowledges uncertainty and quantifies it.
Guaranteeing denies it.

Demanding proof of ROI before engagement collapses the learning cycle that real innovation depends on.
The goal isn’t to eliminate uncertainty—it’s to make uncertainty investable.

That’s what separates a finance function from a procurement function.

Finance models potential return across a time horizon, adjusting for risk and delay.
Procurement demands certainty in a system that, by design, never offers it.

The strategic leader understands that you can’t measure ROI before you create the conditions for it to exist.

The Benefit of Shared Measurement

When both sides—provider and customer—commit to shared data, baselines, and transparency, ROI becomes not a point of contention but a system of continuous learning.

That’s why at Identient, our Strategic Performance Intelligence (SPI 360) framework builds ROI tracking into the engagement itself.
We don’t claim hypothetical returns. We create the environment to measure them—continuously, in real time.

This allows leadership teams to track Benefit-Cost Ratios dynamically, as projects mature and efficiency gains are realized. It replaces “proof” with visibility.

Beyond ROI: Real Options and Adaptive Value

Sophisticated financial modeling doesn’t stop at ROI or NPV—it extends into real options analysis, a method for valuing flexibility under uncertainty.

In cybersecurity, every investment creates future optionality—the ability to pivot faster, integrate more effectively, or scale without friction.
These are tangible financial benefits, even if they’re not reflected on a quarterly report.

Real options thinking transforms ROI from a static retrospective metric into a strategic forecast of adaptability.
It asks: “What is the value of keeping our options open?”
That’s a far more powerful question than, “What’s the ROI today?”

From Reporting to Strategy

When ROI is treated as proof, it becomes a rearview mirror.
When it’s treated as a forecast, it becomes a steering wheel.

Executives who understand this use ROI to inform where to steer next, not to justify where they’ve been.

This is where cybersecurity leaders can elevate their role—from cost managers to strategic investors in enterprise resilience.
By adopting cost-benefit analysis, time-value modeling, and real options frameworks, they move beyond budget defense into capital strategy.

Closing Thought

ROI isn’t something to prove; it’s something to build.

The discipline lies not in the pitch deck or the spreadsheet, but in the partnership that enables access to real data, shared baselines, and measurable outcomes over time.

In finance, as in cybersecurity, the most valuable returns compound quietly—through systems that learn, models that evolve, and leaders who understand that proving value starts by creating the conditions for it.

Closing Call to Action:
If you found this valuable and want to go deeper into how leaders make ROI real—balancing foresight, proof, and strategic execution—pick up my book, The CISO on the Razor’s Edge, available now on Amazon and Barnes & Noble.

If you’ve already purchased the book and want the companion Guide to Building a Business Case, just message me with a copy of your receipt—I’ll send you a private link to access it.

I love how she connects neuroscience, learning, and leadership in this piece. I hope you enjoy it as much as I did — and be sure to follow her on LinkedIn (links below).

— Steve

In the Fall of 2019, the supply chain and logistics firm I’d worked at adopted a new proprietary system across the entire worldwide firm. Fast-forward to Spring of 2020 and I’m a subject matter expert converting my branch to the new system; designing and delivering trainings to enable learning of the new system, skill development and behavioral change. While determining what level of support and guidance each member of my branch required to successfully adopt the new system, I considered factors like exposure to the system, length of tenure and each employee’s duty to their book of business. I considered the employee’s relationship to the business. Hindsight is 2020, so in retrospect I would have considered the sheer impact of change—not just on the functional or emotional capacities of my colleagues—but the physiological impact that change has on the brain and our learning capabilities.

At this year’s Association of Chang Management Professionals (ACMP) Chicago conference co-author of Neuroscience for Change at Work, Tibisay Vera, introduced many of us to a neural experience called maladaptive plasticity. It’s the phenomenon of our brains’ protective adaptation to constant change which left unsupported can show up as burnout, cynicism, withdrawal, disengagement and resistance to the change at hand. Vera presented on the PEPE model, a supportive framework for handling change that considers the natural reactions of our brains under transition duress. Woven throughout Vera’s PEPE methodology is not just an understanding but an acceptance of our natural brain functionality under change. Understanding maladaptive plasticity and its symptoms is paramount for change practitioners—particularly adult learning enablers.

Learning a new skill or behavior is one of the most vulnerable experiences consistent across all of humanity. I’m not sure if there’s a person reading this that hasn’t felt the anxiety of absorbing new information—the hesitancy in one’s mind and body that manifests as mental rigidity and physical stiffness as we practice new ways of thinking and new movements. As a change practitioner, think critically about the pressure of change on top of the vulnerability of learning. Think about the symptoms of burnout, cynicism, withdrawal and consider the sheer amount of might and dedication a learner must apply to absorb new information despite their disengagement.

Last year, the Society for Human Resource Management (SHRM) reported that 44% percent of their 1000+ surveyed American employees are experiencing burnout. SHRM cited that workers experiencing burnout are three times more likely to be actively job searching and are significantly less likely to go above and beyond in the role where they’re experiencing the burnout symptoms. The repulsion from the environment that causes symptoms of maladaptive plasticity on top of the drive toward relief is enough to stifle any business’ growth and innovation. The insight that burnout is nearly half the workforce’s experience should be enough to alarm any executive leader into action. Afterall, organizations’ greatest assets are its people. Time and time again, I’ve heard and said that change management focuses on the people side of innovation. If we don’t consider the whole human, we are not doing our jobs.

Here’s what it looks like to lead learning while considering maladaptive plasticity through a transition:

• Breaks in lessons are not spared.

• Self-care during the transition, such as taking breaks for walks, are required and taken into consideration of employee performance.

• Methodologies that incorporate support for individuals with ADHD, Autism, chronic anxiety and other neurodivergent experiences.

As a change practitioner, adult learning enabler, and, at my core, a person who learns differently, I think about accessibility of education through transitions. I apply a plethora of tactics to engage various learners and learning styles at once. My goals are simple: to be successful in the full realization of the benefits of the change. When we consider the impact of transitions on the brain and imbed specific support into lesson planning and strategic behavioral change, we approach learning enablement with equity. This is critical. It shouldn’t be an option to leave behind folks who are experiencing maladaptive plasticity or who learn differently. After all, that would be a willing submission to a subpar return on change investment. That simply won’t do.

Learning enablement isn’t whole without equity. We facilitate an equitable learning experience by:

• Assessing how enterprise transitions uniquely impact various job functions.

• Monitoring the symptoms of maladaptive plasticity in people and implementing symptom alleviation strategies.

As change practitioners and adult learning enablers, we must consider the whole human both internally (neurologically) and externally (how they experience the world.) This is how we approach learning enablement with equity in mind under the stress of ever-present change. In a world where change is rapidly increasing; where unlimited growth is pined after and ultimately unsustainable, we need to take care of one another. As business leaders and chief executives, the holistic wellness of your business’ greatest asset (its people) cannot be overstated. Failure to administer preventative burnout care is an acceptance of subpar returns on innovations investments. Secure your investments by:

• Factoring in maladaptive plasticity to enterprise change return and adoption rates

• Level-setting shareholders’ expectations of investment returns considering the statistical facts of neurological impact of change on the brain

Resources

Are you ready to envision a growth strategy that not only accepts but makes the most of the human condition?

Learn more about maladaptive plasticity and the PEPE model.

Learn more about Tibisay Vera, MBA, MSc.

See the SHRM article Here’s How Bad Burnout Has Become at Work.

About Nicolette

Tomilola “Nic” Sulaiman is a Prosci Certified Change Practitioner that hails from Houston, TX who has spent the last eight years living and working in Chicago, IL. Nic earned her stripes doing change work across both public and private industries such as Mergers + Acquisitions, ERP implementations, Health Care IT, Financial Technology, Supply Chain/3PL Freight forwarding, and Food + Beverage. She’s cut her teeth as a change manager, adult learning enabler and communications strategist embedding diversity, equity and inclusion practices in her delivery. Nic is an active member of her small midwestern community, lover and proprietor of local art, and champion of radical self-love and community care.

Follow Nic on LinkedIn HERE

That’s why the current fascination with AI is more than a passing trend, it’s a strategic risk. Too many leaders are mistaking faster answers for smarter execution. But IAM is not solved by access to information. It is solved by leadership, alignment, and judgment.

And those are things no algorithm can provide.

The Architect and the Algorithm (credit: my GPT:)

The Temptation of AI in IAM

Artificial Intelligence—particularly Large Language Models (LLMs) like ChatGPT, Claude, and Gemini—has captivated the business world. From the boardroom to the data center, leaders are asking: If AI can write code, generate board reports, and summarize 300-page analyst studies in seconds, why can’t it run Identity and Access Management (IAM)?

The question is understandable. IAM has always been a discipline flooded with information—white papers, analyst notes, vendor briefs, and implementation guides. The dream of instant expertise at the push of a button is alluring. Faster access to insights feels like it should unlock progress.

But it doesn’t. Having carried the responsibility for enterprise IAM across industries and sectors for over a decade, I can tell you this: access to information has never been the problem. Fifteen years ago, I had Gartner, KuppingerCole, and Forrester at my disposal. More recently, I’ve spearheaded CIAM modernization for Washington State with both the benefit of an IT degree, MBA toolkit, and GPT-4 at my side. None of it replaces the judgment, creativity, and leadership of a seasoned consultant or architect.

Because IAM is not just about knowing—it is about deciding, aligning, and executing. And that is where AI fails to deliver.

Information Isn’t Execution

Think back to the early 2010s. If I needed to know the recommended maturity model for privileged access management, I could find it in a research note. I could highlight the right quadrant and present it to a steering committee with confidence.

Today, I can prompt ChatGPT: “Outline the pillars of a successful IAM program.” In seconds, I’ll have a polished summary—structured, logical, and familiar. Yet the strategic value is unchanged. Faster delivery doesn’t mean better results.

Information—even when attractively packaged—cannot:

• Build a compelling business case for your CFO.

• Secure executive sponsorship when politics are stacked against you.

• Balance IAM investments with competing business priorities.

• Recognize cultural blockers that silently stall adoption.

• Be accountable at 2:00 AM when SSL certificates expire and customer portals go dark.

In other words, the hard part of IAM has never been the content—it’s the context. The art is in navigating people, priorities, and pressure. And context is where AI shows its limitations most clearly.

The Illusion of Stochastic Certainty

One reason AI is seductive is the fluency of its answers. An LLM can make even shaky reasoning sound confident. But behind the curtain lies stochasticity—the probabilistic process by which models generate responses.

Try this simple experiment: prompt your favorite AI chatbot with the request, “Outline the key pillars and success factors for an enterprise IAM program.” Do it four times in a row. Each time, you’ll get a slightly different list. Sometimes “governance” comes first, sometimes “technology.” One draft emphasizes user experience, another compliance. All are plausible. None are definitive.

This variability is not a bug; it’s the design of the system. LLMs are prediction engines, not reasoning engines. They excel at recombining patterns from training data, but they cannot guarantee consistency—or validity—over multiple runs.

For IAM leaders, this presents a serious risk. You cannot build board strategy or security policy on probabilistic outputs that shift with every prompt. This is why skilled professionals are indispensable. Leaders must oversee AI, interpret its outputs, and apply sound judgment. AI can accelerate tasks, but outsourcing critical thinking, strategy, and design work to it is an abdication of responsibility.

Share The Strategy Layer

What AI Still Can’t Do

Even with GPT-5 at my fingertips and the best academic and professional training behind me, I’ve seen the same recurring limits. AI doesn’t do the truly human parts of IAM.

• Strategic Alignment: AI can list best practices, but it doesn’t know whether your organization needs to move fast, cut costs, or restore customer trust first. Alignment is contextual.

• Business Case Creation: LLMs generate words, not conviction. Only a human partner can reframe IAM as business protection, growth enablement, or compliance cost avoidance in a way that resonates at the executive table.

• Stakeholder Engagement: IAM succeeds only when HR, legal, operations, and IT are on the same page. That’s not a prompt—it’s a negotiation, built on credibility and trust.

• Gap Analysis in Context: Every organization has gaps. The question is: which ones matter most right now? That’s prioritization—a skill born of judgment, not probability.

• Hands-On Firefighting: AI doesn’t triage outages. It doesn’t hold the pager. It doesn’t walk into the executive war room when customers are locked out.

At best, AI gives you a faster baseline. At worst, it convinces you that you don’t need a baseline built by professionals in the first place.

The Missing Human Dimensions

Beyond execution, there are higher-order functions that only people perform well. This is where the real gap lies.

• Asking Interesting Questions: Consultants and architects don’t just answer questions—they ask the ones nobody else is bold enough to pose. Why do we grant access this way at all? What if the barrier isn’t technical but cultural? AI can summarize knowledge, but it rarely provokes insight.

• Second-Order Effects: IAM decisions ripple outward. A tighter MFA policy may harden defenses but could also frustrate customers, leading to revenue loss. Humans are better at spotting those unintended consequences.

• Trade-Offs and Opportunity Cost: Budgets are finite. Should you invest in CIAM modernization or privileged access management this year? AI can list benefits, but it won’t balance them against organizational opportunity costs.

• Political Capital: IAM is as much politics as it is technology. Timing matters. Allies matter. Sometimes the right answer today is “not yet.” AI has no political capital to spend, no favors to call in, no trust to draw on.

These human dimensions are often the difference between a program that survives and one that fails.

Analyst Reports vs. AI: Same Song, Faster Tempo

In many ways, AI is simply the next iteration of what analyst firms have long provided. When I compare ChatGPT’s IAM advice to the templates and frameworks I pulled from Forrester or Gartner 15 years ago, the substance is strikingly similar. The difference? It arrives in seconds, not days.

That speed matters—but speed without strategy is just faster noise.

As Forrester puts it: “The paradox encapsulates one of the most pressing challenges facing enterprises today: the disconnect between ubiquitous AI adoption at the individual level and the absence of transformational business impact at the organizational level.” (Forrester, 2025)

Faster doesn’t mean wiser. And wisdom, not information, is what IAM requires most.

The Role of Human Expertise

This is why experienced consultants and architects remain irreplaceable. They bring qualities no AI can emulate:

• Contextual Understanding: Recognizing what “good IAM” means in your sector, culture, and maturity stage.

• Cultural Intelligence: Pacing change so adoption keeps pace with ambition.

• Pattern Recognition: Drawing lessons from dozens of prior implementations to spot risks early.

• Accountability: Owning outcomes with you—not just generating words but delivering results.

This fusion of technical skill, cultural sensitivity, and political acumen is what turns IAM from a perpetual struggle into a program that delivers measurable business value.

Design Thinking: Where AI Fits, Where It Doesn’t

The right question isn’t whether to use AI but where. Put your design thinking hat on:

• Use AI to accelerate: drafting RFPs, summarizing vendor documentation, sketching workflows.

• Don’t use AI to decide: choosing priorities, weighing risks, allocating scarce capital.

AI can help your team move faster, but it cannot decide what direction to run. That choice remains squarely in human hands.

What’s Really at Stake

IAM is not a playground for experimentation. It’s the connective tissue of digital business.

• Revenue: Frictionless, secure customer access drives loyalty and retention.

• Resilience: Outages tied to identity can grind operations to a halt.

• Reputation: Breaches stemming from identity failures can permanently erode trust.

This is too important to entrust to stochastic algorithms or generic templates. IAM is existential—and existential risks demand human leadership.

Why Now Is the Time to Invest in Consulting

If your IAM program feels stuck—or worse, if it feels “fine” but unprovable—this is the moment to bring in outside expertise. A skilled consulting partner can:

• Uncover hidden gaps before they metastasize.

• Translate IAM outcomes into board-level ROI.

• Build coalitions across siloed business functions.

• Architect AI systems of action that empower, rather than distract, your team.

Done right, this investment more than pays for itself in avoided rework, reduced audit exposure, and programs that actually stick.

Closing Reflection

The future will absolutely include AI in IAM products, processes, and programs—but as an amplifier, not a replacement. The leaders who win won’t be those who blindly outsource to machines. They’ll be the ones who integrate AI wisely, with judgment and strategy intact.

At the end of the day, IAM leadership requires more than access to information. It requires the courage to ask better questions, the foresight to weigh trade-offs, and the political capital to make change stick. These are human skills—and they always will be.

That’s why the call you make to a seasoned consultant at 2:00 AM will always matter more than the prompt you type into ChatGPT at 2:00 PM.

Let’s Talk!

If you need help spotting the gaps in your IAM program or designing and implementing AI systems of action for your team, let’s talk. There’s never been a more important time to balance speed with strategy. The work I do with clients consistently drives seven- and eight-figure impact—unlocking measurable ROI through stronger governance, reduced risk, and IAM programs that finally deliver on their promise.

Reference
Giron, Frederic. Forrester, Why AI ROI Remains Elusive Despite Widespread Adoption, July 2025. Retrieved from: https://www.forrester.com/blogs/why-ai-roi-remains-elusive-despite-widespread-adoption/

Cybersecurity leadership is starting to look like an unwinnable game. The average CISO tenure of 1.5–2 years tells us something isn’t working. Leaders are handed budgets where 75% of spend is locked into technical debt or mandatory controls, leaving only a sliver of discretionary funding to maneuver. Expectations continue to rise while resources stay flat—or even decline.

In game theory terms, cybersecurity leaders are being asked to play with fewer moves on the board while the stakes keep climbing.

The outdated “people, process, technology” model doesn’t help much in this new environment. Nor does the familiar cost-avoidance narrative: “we stopped bad things from happening.” That might have worked a decade ago. Today, boards and CFOs expect security leaders to frame their work in terms of options, trade-offs, and business value. In short, to play a game they can actually win.

The Economics of Cybersecurity Leadership

If the opening feels like a game rigged against CISOs, the numbers confirm it. The financial headwinds facing security leaders are undeniable. A recent IANS and Artico Search survey of nearly 600 CISOs found that only 47% reported a budget increase in 2025, down from 62% the year prior (IANS Research & Artico Search, 2025). Meanwhile, 54% are dealing with flat or shrinking budgets. And for the first time in five years, security’s slice of IT spending actually declined—from 11.9% to 10.9%—as dollars were redirected toward AI, cloud, and digital growth priorities (SecureWorld, 2025).

For many CISOs, these numbers translate into a game where most of the moves are already taken off the board. Fixed costs like technical debt, compliance requirements, and mandatory controls can consume three-quarters of a typical budget, leaving little discretionary funding for innovation or strategic bets. In this environment, cost avoidance alone isn’t enough to justify spend—or to ensure career survivability.

What leaders need instead is a new way to reframe and navigate financial constraints. Three starting points:

• Map fixed vs. discretionary spend: know exactly how much of the budget is locked in vs. how much can be maneuvered, and make that visible to the board.

• Translate dollars into Run / Grow / Transform categories: adopt a model the CFO already understands, showing whether spend is maintaining the baseline, enabling incremental growth, or transforming the business.

• Present investments as options and trade-offs: instead of “we need this much money,” offer “here are three paths forward—here’s what we gain, and here’s what we accept if we don’t.”

Each of these reframes gives CISOs more credibility in executive discussions and begins to shift perception—from tactical risk manager to strategic partner.

Why the Current Playbook Fails

For decades, the dominant framework for cybersecurity management has been the familiar trio of people, process, and technology. It served its purpose in an era when the biggest challenge was building controls and maturing basic practices. But in today’s economic climate, that model feels outdated.

Boards and CFOs are no longer impressed by a laundry list of controls or by the language of cost avoidance—“we stopped bad things from happening.” That narrative, while true, doesn’t hold up against competing investments in AI, digital expansion, or customer experience, where executives can see direct returns.

Worse, the old playbook locks CISOs into reactive cycles—always responding to the next regulation, audit, or incident—without a framework for shaping strategy. This undermines their ability to survive in roles where the average tenure is less than two years.

Three reasons the old playbook is breaking down:

• Cost avoidance isn’t strategy: Preventing losses matters, but it doesn’t prove value or growth potential.

• Controls ≠ credibility: Boards expect clarity on business impact, not just technical soundness.

• Reactive posture shortens careers: CISOs who only defend and comply rarely get the chance to innovate, which accelerates burnout and turnover.

The implication is clear: continuing to play by yesterday’s rules is a losing game. The question is whether CISOs can adopt a new playbook—one rooted in finance, strategy, and value creation—that allows them to compete on equal footing with other executives.

Reframing the Role: From Cost Center to Value Creator

If the old playbook is failing, what replaces it? The answer lies in shifting the frame—from security as an unavoidable cost to security as a portfolio of strategic options the business can choose to invest in.

This is more than semantics. In The CISO On The Razor’s Edge, I argued in Chapter 7 (Security Leadership as a Series of Real Options) that CISOs must think less like operators and more like financial strategists. Every initiative—whether it’s a new control, a modernization effort, or a cloud migration—can be presented as an option with trade-offs: invest and gain future flexibility, delay and accept defined risks, or decline and carry the exposure. This approach allows the board to see security decisions in the same way they evaluate other capital investments.

Industry leaders echo this. Mark Settle advises CISOs to “follow the money” through budgeting frameworks like Run / Grow / Transform, which reveal whether dollars are being used simply to keep the lights on or to unlock growth and transformation. Steve Zalewski, drawing on his time as CISO at Levi Strauss & Co., pushes CISOs to ensure that cybersecurity isn’t just about protection—it must directly support the mission of the business. As he often says, security has to “help sell more jeans.”

Taken together, these perspectives form a new leadership model: the financially literate, strategically minded CISO who frames security not as an overhead cost but as an investment portfolio. And it’s a model that boards are more likely to respect—and fund.

Tools for Playing a Winnable Game

Shifting from cost center to value creator isn’t just about mindset—it’s about using practical tools that reshape how security is discussed in executive conversations. CISOs don’t need to become CFOs, but they do need to adopt financial frameworks that make their work legible and valuable in business terms.

Here are four tools that create leverage and credibility:

• Budget Mapping: Break down spend into fixed vs. discretionary categories. Show explicitly how much of the budget is consumed by technical debt and mandatory controls versus what’s available for strategic investment. Boards respond to clarity.

• Run / Grow / Transform: Reclassify spend using a model familiar to CFOs. Demonstrate which investments simply keep operations running, which enable incremental improvements, and which unlock real transformation.

• Options & Trade-Offs: Frame every major initiative as a set of choices: If we invest, here’s the upside. If we don’t, here’s the risk we’re carrying. Boards don’t want ultimatums—they want structured options.

• Value Creation Scenarios: Move beyond cost avoidance by modeling how security investments can generate value—faster time to market, higher customer trust, stronger brand resilience, or lower cost of capital through risk reduction.

Each of these tools has the same effect: they reposition security decisions from technical necessities to strategic investments. They give CISOs a way to demonstrate alignment with business goals—and to survive, and even thrive, in a budget-constrained environment.

The Payoff: Confidence, Impact, and Career Resilience

Mastering strategic finance is not just about surviving another budget cycle—it’s about changing the way the game is played. CISOs who frame investments as options and trade-offs, who can translate dollars into growth and resilience, and who model value creation are no longer trapped in a defensive posture. They step into the role of strategist, gain confidence in boardrooms, and extend their career runway.

A winnable game is one where:

• The board sees clarity, not confusion.

• The CFO sees alignment, not overhead.

• The CISO sees a path forward, not burnout.

That’s the future of cybersecurity leadership—and it’s within reach.

The urgency is real: only 47% of CISOs reported budget increases in 2025, while security’s share of IT spending actually fell for the first time in five years. The game is tightening. Now is the moment to master the skills that make it winnable.

If you want to sharpen these skills and apply them in your own organization, join us on Tuesday, September 16th for the webinar Strategic Finance for Cybersecurity Leaders. We’ll dive deeper into how CISOs can reframe budgets, speak the language of the business, and make smarter strategic bets in the year ahead.

And if you’d like a companion to guide you even further, pick up a copy of The CISO On The Razor’s Edge, especially Chapter 7: Security Leadership as a Series of Real Options. It will help you increase your odds of surviving—and thriving—in the game you’re already playing.

References

IANS Research & Artico Search. (2025, August 5). Security budgets under pressure: How CISOs can navigate tight budget constraints. IANS Research. Retrieved from https://www.iansresearch.com/resources/all-blogs/post/security-blog/2025/08/05/security-budgets-under-pressure--how-cisos-can-navigate-tight-budget-constraints

SecureWorld. (2025, July 24). CISO budget squeeze: Security growth slows as IT priorities shift. SecureWorld. Retrieved from https://www.secureworld.io/industry-news/cisos-budget-squeeze-security-growth-slows

Fast forward a few years, and the landscape looks very different. What began as a fight to control developer pipelines has evolved into a much larger, more urgent problem: safeguarding data privacy, security, and governance in the age of generative AI. Today, that evolution is crystallizing into a new strategic discipline: AI Security Posture Management (AI-SPM).

The Inflection Point for CxOs

The adoption of generative AI and large language models (LLMs) is not optional anymore. McKinsey estimates that generative AI could deliver up to $4.4 trillion annually in economic value across industries. A Salesforce study shows that 61% of employees are eager to leverage generative AI, yet most lack the knowledge or skills to use it securely.

That tension—between enthusiasm and operational readiness—is where risk breeds. On one hand, boards and executive teams see AI as a lever for efficiency and competitive advantage. On the other, CISOs and CIOs are already grappling with a new class of threats, from data leakage to adversarial attacks, without the benefit of well-worn playbooks.

The next 18 months will determine whether enterprises harness AI’s potential responsibly or stumble into costly missteps. And the stakes are high: regulators are moving quickly, consumers are hyper-aware of privacy risks, and adversaries—both criminal and nation-state—are actively probing weaknesses in AI systems today, not tomorrow.

From Governance Gaps to Strategic Imperatives

One of the biggest lessons I’ve seen firsthand is that the governance gaps inside enterprises are often more dangerous than the technology itself.

• Security vs. Data Teams: Too often, the security organization and the data organization operate in silos. Without a shared governance framework, critical questions—Who owns the data? Who sets the policies? Who enforces them?—go unanswered. This disconnect is where vulnerabilities flourish.

• Super Users Without Guardrails: Generative AI has effectively turned non-technical employees into “super users.” With the right (or wrong) prompt, an employee could trigger a destructive query like drop table, leading to catastrophic data loss. Traditional access controls weren’t built for this.

• Model Integrity Risks: Nearly every LLM today is vulnerable to prompt injection and manipulation. What looks like an innocent request for analysis can be hijacked to exfiltrate sensitive data or generate biased, harmful, or even malicious outputs.

The result? An urgent need for proactive, executive-level strategies—not just tactical fixes.

The Three Pillars of AI Security Posture Management

At TrustLogix, I’ve watched the thinking around governance evolve into what we now call AI-SPM: AI Security Posture Management. It’s a high-level discipline designed to give enterprises the same kind of control, resilience, and visibility for AI that they’ve long pursued in cloud and DevOps.

The framework rests on three pillars:

1. Proactive Data Protection

   • Automatic discovery and classification of sensitive data across AI training and inference pipelines.

   • Data lineage tracking to ensure auditability and reproducibility.

   • Granular access controls (RBAC, ABAC) tailored for AI workloads.

2. Secure Model Lifecycle Management

   • Model registries with strict access controls and full audit trails.

   • Integrity verification using digital signatures and cryptographic checks.

   • Real-time monitoring to detect adversarial attacks and anomalous behavior.

3. Continuous Posture Monitoring

   • Centralized visibility into who has access to what data and models.

   • Automated, template-driven policy enforcement.

   • Continuous risk detection against benchmarks like NIST and CIS.

This isn’t theory—it’s the pragmatic blueprint enterprises need to operationalize today. Just as cloud security posture management (CSPM) became indispensable for cloud adoption, AI-SPM is fast becoming the non-negotiable foundation for AI.

Why the Next 18 Months Matter

CxOs can’t afford to wait. Here’s why:

• Regulatory Momentum: The EU AI Act, U.S. executive orders, and state-level privacy regulations are converging to place heavy accountability on AI use. Compliance won’t be optional.

• Adversary Sophistication: Organized crime and nation-state actors are already targeting LLMs and AI-enabled applications. Unlike early-stage technologies, this isn’t “wait and see.” The battlefield is live.

• Market Expectations: Customers and investors are paying close attention. A single AI-driven data leak could undo years of trust-building and destroy competitive positioning.

The organizations that will thrive are those that move deliberately—implementing governance frameworks now, before AI adoption scales beyond their ability to control it.

A Real-World Wake-Up Call: The Salesloft Breach

In September 2025, the industry saw just how fast trust can unravel when AI security posture isn’t managed proactively. A breach at Salesloft, an AI-driven chatbot provider, exposed the fragility of enterprise integrations at global scale.

Attackers from the UNC6395 group stole OAuth tokens from Salesloft’s Drift platform, using them to pivot into hundreds of downstream integrations. This wasn’t just a contained incident—it spread into enterprise systems like Slack, Google Workspace, AWS, Microsoft Azure, and even OpenAI environments. Along the way, attackers harvested AWS keys, VPN credentials, and Snowflake tokens, and then deleted logs to cover their tracks (KrebsOnSecurity, ITPro).

The impact was sweeping. Security leaders at firms like Palo Alto Networks and Zscaler confirmed their organizations were affected, reminding us that even cybersecurity vendors aren’t immune (TechRadar, ITPro).

Why it matters: This was a classic case of authorization sprawl—unchecked AI-integrated tokens giving adversaries the keys to the kingdom. For executives, the lesson is crystal clear: AI governance cannot lag adoption. A single data leak or compromised token can wipe out years of trust-building and competitive advantage in a matter of days.

A Call to Action for Leaders

As I look back on my journey with TrustLogix, the throughline is clear: security and governance are not blockers to innovation; they are the enablers of sustainable, responsible AI adoption.

CxOs need to think differently. This isn’t about securing yesterday’s systems. It’s about preparing your enterprise to navigate the next wave of disruption with confidence. That requires new disciplines, new governance models, and new partnerships.

If you’re a CIO, CISO, or senior executive wrestling with these questions, I’d encourage you to take action now:

• Schedule a private briefing or demo. I’m happy to arrange a session where you can see firsthand how TrustLogix is helping enterprises operationalize AI-SPM.

• Connect directly. Reach out to me if you’d like to discuss your specific challenges, roadmap, or board-level concerns.

• Learn more. Visit TrustLogix’s website for additional resources and insights.

Final Word

AI adoption is moving faster than most governance structures can keep up with. The temptation is to prioritize speed and deal with governance later. That’s a mistake.

What I’ve learned as an early advisor to TrustLogix is that governance isn’t the brake—it’s the steering wheel. Without it, you may move fast, but you’ll end up in a ditch. With it, you can accelerate into the future of AI confidently, knowing your enterprise is secure, compliant, and ready for what’s next.

The question isn’t whether AI-SPM will become a strategic priority for enterprises. It’s how quickly your organization will adopt it—and whether you’ll be ahead of the curve or playing catch-up.

👉 Call to Action: Contact me directly if you’d like to arrange a private briefing, demo, or meeting with a representative from TrustLogix. Or visit trustlogix.io to explore more.

References

McKinsey & Company. (2023, June). The economic potential of generative AI: The next productivity frontier. McKinsey Digital. Retrieved from https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/the-economic-potential-of-generative-ai-the-next-productivity-frontier

McKinsey Global Institute. (2023, June). Generative AI could add up to $4.4 trillion annually to the global economy. Retrieved from https://www.mckinsey.com/mgi/media-center/ai-could-increase-corporate-profits-by-4-trillion-a-year-according-to-new-research

Salesforce Research. (2023, August). Generative AI Snapshot Series: AI Ethics. Salesforce Newsroom. Retrieved from https://www.salesforce.com/news/stories/generative-ai-ethics-survey/

Salesforce Research. (2023, October). Generative AI Snapshot Series: AI Skills. Salesforce Newsroom. Retrieved from https://www.salesforce.com/news/stories/generative-ai-skills-research/

Forbes India Staff. (2023, July 14). Generative AI could add up to $4.4 trillion a year to global economy: McKinsey. Forbes India. Retrieved from https://www.forbesindia.com/article/news/generative-ai-could-add-up-to-44-trillion-a-year-to-global-economy-mckinsey/86157/1

This is the paradox of modern cybersecurity. Organizations are checking all the boxes but failing to protect the very thing that matters most: the humans behind the data. When security is reduced to compliance theater, breaches stop being treated as existential failures. They become routine. And in that routine, leadership normalizes the erosion of privacy and dignity.

Sidelining CISOs Normalizes Breaches

The sidelined or weakened CISO is the hallmark of this dysfunction. Instead of acting as strategic multipliers, CISOs are too often cast as compliance managers. Their remit is narrowed to passing audits rather than preserving trust.

The result? A culture that tolerates breaches as the “cost of doing business.” This isn’t just bad governance. It’s organizational surrender. When boards minimize the CISO’s voice, they signal to the enterprise that protecting dignity is optional.

Recent research underscores this gap. In a 2025 Harvard Business Review study, 71% of executives believed their cybersecurity funding was adequate or strong. Yet only 39% rated their board’s understanding of cyber risk as proactive, and just 31% considered their organization an innovator or early adopter in cyber readiness[^1]. The illusion of readiness masks the normalization of failure.

The People/Process/Technology Prison

Why does this dynamic persist? Because CIOs and CISOs are often trapped in what I call the people/process/technology prison.

Legacy frameworks treat people as risks to be managed, processes as boxes to check, and technology as the silver bullet. Humans are reduced to “actors,” “insiders,” or “threat vectors.” Leadership is forced to view the enterprise through a compliance lens, not a human lens.

This prison strips cybersecurity of its real purpose: enabling people to thrive with dignity in a digital-first world.

The Stakes: Privacy and Dignity

Breaches aren’t just technical failures. They are human failures. They rob customers, employees, and citizens of their dignity. They leave people feeling exposed, powerless, and undervalued.

HBR research shows that dignity violations are common in organizations, and that treating people with dignity significantly improves motivation, satisfaction, and overall flourishing[^2]. Cybersecurity is no different. Each time leadership accepts compliance theater, it chooses to normalize dignity violations at scale.

The Golden Rule has long reminded us: treat others as you would like to be treated. Today, leadership demands an even sharper ethic: treat others as they want to be treated[^3]. That requires designing systems of trust, not systems of control.

The Escape Route: SPIRE as Human-Centered Leadership OS

How do CIOs and CISOs escape the prison? By reframing security leadership through SPIRE: a human-centered operating system for leadership .

• Signal – Upgrade the signal. Replace noisy dashboards and vanity metrics with board-relevant telemetry: drag, control effectiveness, velocity friction, trust signals.

• Performance Intelligence – See the real system. Surface blind spots, entropy, and misaligned incentives that undermine execution.

• Insight – Understand what system you’re truly running. The CISO is not a translator but a Strategic Multiplier, co-designing systems of trust, speed, and resilience.

• Reframe – Stop reporting problems. Start commanding the system. Position security not as liability management but as enterprise execution.

• Execution – Close the loop. Translate insight into prioritized action with financial discipline, governance, and feedback.

SPIRE is not abstract philosophy. It is a leadership design system. It restores agency to CIOs and CISOs. It elevates the role from compliance enforcer to guardian of dignity.

Why Symbolic Leadership Matters

MIT Sloan Management Review warns that simply adding more senior cybersecurity roles can actually increase collective overconfidence, leading leaders to overestimate capabilities compared to peers[^4]. In other words, title inflation doesn’t fix the problem—it makes it worse.

The solution isn’t more hierarchy. It’s more symbolism. An empowered CISO isn’t just a functional leader; they are a signal to the enterprise that dignity, trust, and momentum matter. Weakening that signal weakens the system.

Actionable Moves for CIOs and CISOs

1. Reframe Board Discussions

   • Don’t settle for “Are we compliant?” Ask: “How does this strategy preserve dignity and trust?”

2. Elevate the Symbolic Role of Security

   • Communicate not only risk reduction but also human empowerment.

3. Challenge the Prison Mindset

   • Reject frameworks that treat people as liabilities. Treat them as voices with potential.

4. Measure What Matters

   • Replace red-yellow-green dashboards with metrics tied to performance, friction, and trust.

These aren’t theoretical exercises. They’re boardroom moves CIOs and CISOs can make today.

Closing Call-to-Action

Compliance theater might pass audits. But it fails people. And in failing people, it fails the enterprise. Normalized breaches don’t just erode data—they erode dignity.

CIOs and CISOs who want to break free from the people/process/technology prison need a new operating system for leadership. That system is SPIRE.

Learn how to apply SPIRE as a leader, and inside your organization: identient.ai/spire

Footnotes

[^1]: “Boards Need a More Active Approach to Cybersecurity.” Harvard Business Review, May 20, 2025.

[^2]: “The Dignity Mindset: How to Build Organizations Where People Flourish.” Harvard Business Review, Oct 30, 2024.

[^3]: “The New Golden Rule of Leadership.” Harvard Business Review, Aug 2022.

[^4]: “The Case for Lean Cybersecurity Leadership.” MIT Sloan Management Review, Feb 10, 2025.