Autonomous AI has crossed the brink from experiment to enterprise precedence. The fashions are correct sufficient. The enterprise case is obvious. Boards are pushing for velocity. However for many CIOs, safety issues — not technical limitations — are holding them again.
Certainly, 77% of greater than 11,000 CIOs in Gartner’s 1H26 CIO Report stated safety and danger have been the most important boundaries to scaling autonomous applied sciences. Their issues are reliable: Autonomous AI brokers can leak knowledge, make expensive errors and create audit nightmares.
However a rising variety of CIOs are discovering methods to maneuver quick with out sacrificing safety. The reply, they are saying, lies in guardrails, governance and a unique form of partnership amongst CIOs and safety and privateness executives.
Rising strain from autonomous AI
Roughly eight in 10 executives count on autonomous enterprise to dominate their business by 2030, in accordance with an April 2026 Gartner survey of 469 CEOs. Boards and management, recognizing the aggressive stakes, are pushing CIOs to maintain up with the shift.
“My govt workforce and board are comparatively fluent in AI,” stated Keith Fulton, chief knowledge officer at Jack Henry, a software program supplier for monetary establishments. “They see the potential. They’re saying, ‘How can we go quicker?’ I am saying, ‘I need to go quicker, too. However we need to watch out.'”
That rigidity between enterprise strain and safety self-discipline is enjoying out throughout industries. A Sembi survey of almost 3,800 software program growth leaders discovered that 86% say safety points delay releases not less than often, and 63% cite privateness and safety issues as boundaries to AI adoption.
“There’s actual strain from each a part of the enterprise to speed up AI adoption proper now, and safety [and IT] groups cannot reply to that strain by merely saying no,” stated Rinki Sethi, CISO at Upwind Safety and former safety chief at Twitter, Rubrik, and BILL. “The dialog has shifted from blocking innovation to enabling it responsibly.”
Prime points with agentic AI
Information publicity. The core concern, a number of leaders say, is visibility — or the dearth of it. “Most organizations nonetheless do not absolutely perceive what AI brokers have entry to, what actions they’re able to taking or how they behave as soon as deployed into manufacturing environments,” Sethi stated. “Information publicity is a significant concern, notably when brokers can entry inside methods or transfer info throughout environments with out clear controls.”
At Jack Henry, Fulton attracts a distinction between cybersecurity and knowledge safety. “It is probably not cybersecurity” that’s the largest concern, he stated. “It is the safety of cash and knowledge. We’d like to ensure PII would not depart the constructing after we’re speaking to hyperscale brokers.”
Agent fallibility. The problem is compounded by the fallibility of agentic AI. “The brokers have gotten to 80-99% accuracy. They’re getting higher, however they don’t seem to be 100%,” Fulton stated. “Should you had an Excel spreadsheet and 1% of what it returned was a made-up quantity, nobody would use it. That is the place brokers are right this moment.”
Shadow AI. Including to the complexity is the rise of shadow AI. “Workers are adopting AI instruments as a result of they enhance productiveness, and most safety groups are discovering utilization after the actual fact slightly than by formal approval processes,” Sethi stated. “The reply is not banning every part as a result of that often drives exercise additional underground.”
Safety in AI from the beginning
The organizations shifting quickest aren’t bolting safety on after deployment. They’re constructing it from the start.
“[Security] has not been a brake for us,” stated Chase Christensen, section CIO and vice chairman of enterprise options at Jabil, a world manufacturing providers firm. “It solely slows issues down after we do not design safety into our processes. We actually ensure we design safety upfront inside our [software development lifecycle] SDLC. That removes all of the hurdles and permits us to scale rapidly.”
Christensen has additionally reframed how Jabil thinks and talks about shadow IT — and AI. “We do not discuss shadow IT — we discuss democratization of IT,” he stated. “Enterprise IT could be sluggish. Our job is to allow platforms. After we present the proper knowledge and guidelines round consumption, what seems like shadow IT turns into a progress engine for the group.”
Sethi agreed that early integration is important. “The organizations doing this properly are treating AI methods like manufacturing workloads from day one, slightly than experimental aspect initiatives,” she stated. “Retrofitting safety after deployment hardly ever works as a result of by that time the AI system is already built-in into workflows, APIs and knowledge environments which can be tough to untangle.”
Set the proper AI guardrails: The canine park precept
Jack Henry’s Fulton has embraced guardrails not as constraints however as accelerants.
“I come again loads to the analogy of a canine park,” he stated. “I take my pet to the canine park as a result of I need her to have freedom, however I do not need her to run on the street. She sees the fence and would not transcend it. She could be playful, and I do know she’s OK. The important thing to going quick is having the proper guardrails.”
Threat stage determines guardrails. These constraints are risk-calibrated at Jack Henry. “We now have a rubric for judging the danger stage of actions an agent would possibly take,” Fulton stated. “Relying on the danger stage, we apply completely different guardrails. Cash motion could be very exhausting to undo. The guardrails for that must be very cautious and rigorous in comparison with these for a copilot used to assist write a Phrase doc.”
Accountability is nonnegotiable. “Each agent needs to be tracked, audited and traced to a single human being accountable for its conduct,” Fulton stated, pushed partly by federal laws. “You may’t ship an agent to jail. Each motion of an agent needs to be traced again to an individual accountable for it.”
Steady visibility into AI deployments
For Sethi, the most important shift is shifting from static coverage evaluations to runtime monitoring.
“Safety turns into a brake when groups depend on conventional governance fashions that weren’t constructed for real-time, autonomous methods,” she stated. “The organizations shifting quickest are those constructing visibility and runtime context into AI deployments from the start as an alternative of making an attempt to bolt controls on later.”
Which means redefining what “ok” safety seems like. “If you cannot reply what knowledge an agent can entry, what actions it could possibly take, or whether or not its conduct has deviated from regular patterns, you are not able to scale,” Sethi stated. “The error is treating AI deployment as a one-time safety evaluate slightly than an ongoing monitoring dedication.”
The altering CIO-CISO relationship
A number of leaders level to the CIO-CISO dynamic as a essential enabler — or a bottleneck — in relation to autonomous AI.
“AI has made the CIO-CISO relationship rather more operationally intertwined,” Sethi stated. “Traditionally, safety and IT may function on parallel tracks, however autonomous methods power a lot tighter coordination as a result of infrastructure, knowledge governance, software growth and safety are actually deeply linked.”
The conversations have modified, as properly. “It is much less about compliance checklists and extra about operational resilience, visibility and managing enterprise danger on the velocity of automation,” she stated. “In lots of organizations, the CIO and CISO are actually collectively accountable for enabling AI safely, slightly than treating safety as a downstream approval operate.”
Chief privateness officer’s function. At Jack Henry, Fulton stated the normal CIO-CISO partnership is barely a part of the image. “The CPO could also be extra concerned than the CISO,” he stated. “It is about respecting the privateness of shoppers and clients — and never trusting hyperscalers with that knowledge.”
The organizations scaling autonomous AI aren’t ignoring safety. They’ve simply stopped letting or not it’s the explanation that nothing ships.
“Do not watch for excellent governance earlier than shifting ahead, as a result of the enterprise will outpace you,” Sethi stated “Velocity with out visibility creates danger, however visibility provides you the arrogance to maneuver quicker responsibly.”
