The role of Chief Information Security Officers (CISOs) is undergoing a radical transformation due to the increasing integration of artificial intelligence (AI) into core business operations. Traditionally, CISOs focused on implementing security measures to protect an organization’s digital assets against various threats. These measures ranged from firewalls to access controls, audits, and incident response, all aimed at mitigating both internal and external risks. However, as AI technology advances and becomes more embedded in enterprise systems, the landscape of what constitutes a security incident is also evolving.

AI brings a new level of complexity to cybersecurity. Failures in AI models—whether from manipulation, misuse, data breaches, or unexpected behaviors—now pose significant risks comparable to traditional cyberattacks. This development means that CISOs must expand their understanding of AI and the data it interacts with, as well as how this data is governed. According to Alex Lanstein, CTO of StrikeReady, this shift represents a monumental undertaking for security leaders. He emphasizes the need for comprehensive oversight of AI applications, data privacy, and user engagement with both approved and unapproved tools.

The changing responsibilities of CISOs are echoed across the industry. Aaron Weismann, CISO at Main Line Health, notes that he is now increasingly tasked with managing AI-related information security risks and sensitive data management. These sentiments are backed by a recent HackerOne report, which revealed that 84% of CISOs oversee AI security measures, while a third actively engage in offensive tests of their AI systems. This shift signifies a departure from traditional IT management toward a more proactive approach in shaping AI deployment and monitoring.

Pritesh Parekh, vice president and CISO at PagerDuty, highlights how CISOs now collaborate closely with product and machine learning teams to ensure model integrity and to guard against issues such as data poisoning and adversarial inputs. The responsibility now extends beyond protecting infrastructure and data to also encompassing governance and assurance of AI usage within the organization.

As AI continues to redefine the role of CISOs, so too does the concept of digital trust within enterprises. This trust now relies on more than just secure infrastructure and compliance; it fundamentally depends on the reliability and resilience of AI systems. AI is increasingly involved in processing sensitive data, generating decision-making outputs, and interfacing with a growing array of third-party tools and models.

The transformation in the CISO’s role underscores the importance of adapting cybersecurity strategies to include AI governance. As organizations depend more on AI technologies, it is imperative for security leaders to have a holistic view of AI systems and their potential vulnerabilities. The need for rigorous oversight and integration between security and AI deployment will influence how businesses operate and establish trust with their customers.

This evolution in the CISO function reflects broader shifts in how organizations approach security in the age of AI. The landscape will continue to evolve as security leaders must navigate this complex interplay of technology, governance, and trust to safeguard digital assets effectively. With increased responsibilities and a heightened focus on AI security, CISOs are not just defenders of their organizations; they are also critical partners in steering the safe and ethical use of AI technology. As this trend continues, the role of the CISO will be pivotal in establishing and maintaining a secure, trusted digital environment that meets the demands of today’s enterprises.