AI Appreciation Day: Reflections from the Security Industry
Today marks AI Appreciation Day, an annual observance dedicated to reflecting on the advancements and integrations of artificial intelligence (AI) across various sectors. In the realm of IT security, however, this day is less of a celebration and more of a moment for critical assessment. AI has become intricately woven into the fabric of enterprise IT, playing roles in coding, alert triaging, threat hunting, and backup operations, often functioning autonomously. As security leaders reflect this year, the crux of the discussion pivots away from whether AI merits appreciation. Instead, the focus is on whether organizations are adequately prepared—through established identity, governance, and resilience frameworks—to maximize and safely leverage the capabilities of AI.
To gain insight into the perceptions surrounding this pivotal day in 2026, IT Security Guru consulted various cybersecurity leaders from diverse sectors, including identity management, threat intelligence, backup and recovery, governance, risk management, and cyber resilience. Their responses illuminate a critical theme: while AI has indeed secured its place at the decision-making table, the accompanying facets of trust, accountability, and human oversight have yet to keep pace with its rapid growth and capabilities.
The Identity Gap Nobody Planned For
A pressing concern in the cybersecurity landscape is not whether AI functions effectively but rather whether organizations can definitively diagnose what AI systems do and the rationale behind their actions. As AI transitions from responding to commands to taking independent action, ambiguities threaten to present governance challenges.
According to John Cannava, CIO of Ping Identity, organizations are deploying AI agents at an accelerated pace, reaping immense opportunities for innovation and efficiency. However, Cannava emphasizes that many businesses implement these agents without establishing the necessary identity and accountability frameworks. He asserts, “When you cannot ascertain what an agent did, why it did it, or under whose authority it acted, this introduces risk and uncertainty.” The need for a verifiable identity, clear permissions, and ongoing oversight for every AI agent is crucial. By embedding trust, visibility, and accountability into AI systems from the outset, organizations can mitigate risks while unlocking the full range of autonomous AI capabilities.
Dave Hayes, Vice President of Product at FusionAuth, takes the dialogue further by arguing against conventional notions of “agent legitimacy.” He posits that AI agents do not exercise independent authority; they operate on behalf of humans. As such, the focus should not solely be on the agent’s legitimacy but on ensuring that it can only perform actions within the scope allowed by its human operator.
Compellingly remarkable statistics emerged from a survey of 300 security leaders, indicating that 84% of those who expressed confidence in their AI security faced breaches linked to AI identity issues. This data starkly illustrates that confidence alone does not equate to effective control.
The Governance Dilemma: A Legal Imperative
If identity represents a technical gap, governance signifies a broader organizational challenge. Many contributors to the discussion highlighted that the prevalent tendency to interpret governance as a hindrance to innovation is misguided. Regulatory pressures are mounting, with compliance evolving from a voluntary best practice to a mandatory responsibility that organizations must meet.
Shane Barney, Chief Information Security Officer at Keeper Security, encapsulates the essence of AI Appreciation Day by echoing a vital question: do organizations truly understand what AI is doing within their systems? As AI agents gain privileged access to sensitive data and make autonomous decisions, a lack of oversight can lead to significant vulnerabilities. Notably, Keeper’s 2026 research revealed that 56% of organizations identify unintentional data sharing by employees through AI tools as their greatest security risk—an issue rooted in governance rather than technology.
The enforcement of the EU AI Act further amplifies this responsibility, enabling regulatory bodies across member states to investigate and sanction non-compliant AI implementations. For enterprise security teams, this trajectory signifies that proactive governance is no longer a choice but a critical obligation.
The Shadow AI Problem
Even before addressing identity and governance, organizations often overlook a fundamental aspect: a clear understanding of how employees utilize AI in their day-to-day operations. Tim Ward, CEO of Redflags, emphasizes that the more pressing issue is not solely what AI can accomplish, but what employees are already leveraging it for—often without oversight or approval. Many employees are using AI tools to manage sensitive data without adequate clearance, exacerbating the risks of data mishandling.
Ward points out that organizations commonly lack visibility into the AI tools accessed by employees, including the data that could be leaving their systems. Enforcing blanket restrictions on AI tools rarely yields effective results, as such measures merely drive usage underground. The key to effective management lies not in imposing strict regulations but in fostering genuine visibility into daily AI practices, allowing businesses to guide employees toward safer operational habits.
Rethinking AI Autonomy
As market pressure drives the deployment of fully autonomous security operations, several industry leaders caution against the notion of eliminating human oversight in cybersecurity. Dray Agha, a senior manager at Huntress, articulates the critical need for human judgment in cybersecurity, warning that complete autonomy could lead to disastrous outcomes. Although AI excels at processing vast datasets to generate timely insights, removing human input puts organizations at immense risk of false positives that could disrupt business operations.
Instead of striving for absolute autonomy, organizations should focus on augmenting their human teams with AI capabilities. Dr. Agha envisions a future where AI assists security analysts by facilitating critical functions, streamlining alert triaging, and isolating threats before they escalate. By sustaining a collaborative relationship between human experts and AI, the security landscape can shift towards a more resilient posture.
Recognizing Data’s Role
Underlying every identity and governance discussion is the reality that AI agents are only as reliable as the data they process. Tim Pfaelzer from Veeam points out the widening gap between AI potential and organizational preparedness. While businesses are significantly investing in AI—reportedly, hyperscalers are pouring over $650 billion into AI initiatives—very few organizations possess the foundational capabilities to navigate this new landscape safely.
Pfaelzer emphasizes the need for a robust trust layer that includes governance and resilience across all data assets. Without secure, accurate, and easily recoverable data, AI risks becoming a double-edged sword. To harness its full potential responsibly, organizations must ensure a solid data governance framework that underpins their AI systems.
Moving Towards Proactive Defense
Amid warnings about governance challenges, there exists a genuine optimism surrounding AI’s potential to bridge the gap between threat detection and response. Neena Sharma from Filigran points to how rapidly AI is reducing the time to identify vulnerabilities. However, she urges organizations to approach AI adoption with discipline, ensuring that capabilities are aligned with security objectives rather than recklessly expanding attack surfaces.
By focusing on deliberate engagement with AI, organizations can capitalize on technological advancements while minimizing risks. The anticipation is for a future where autonomous agents effectively manage threats, allowing security teams to transition from reactive roles to proactive strategies.
The Human Element Remains Essential
Both the promises and pitfalls of AI are immense, and the consensus from security leaders emphasizes that while AI continues to enhance operational efficiencies, organizations must not neglect the importance of human oversight and governance. Adopting a deliberate approach in utilizing AI capabilities will pave the way for success while steering clear of potential liabilities.
Looking ahead to next year’s AI Appreciation Day, discussions will likely focus on striking a balance between autonomy and accountability. The overarching objective remains clear: organizations that prioritize governance, visibility, and risk management will not only survive the evolving landscape but thrive within it.
In reflecting on AI Appreciation Day, it becomes evident that AI is an instrumental force in the modern security apparatus. Yet, as security leaders express, genuine appreciation must be coupled with a concerted effort to address the foundational aspects of identity, governance, verification, and resilience that underpin AI’s beneficial applications.