AI development is moving so fast that many enterprises are unprepared for the security risks, according to Jon Oltsik, principal analyst at theCUBE Research. Speaking from RSAC 2026, Oltsik warned that organizations are deploying AI without sufficient policies or controls, creating internal vulnerabilities.
"We’re a little bit spitballing right now," Oltsik admitted, noting widespread uncertainty about how to defend against emerging threats. The core challenge isn’t just external attacks-it’s unchecked internal deployment.
Dave Vellante, co-founder and chief analyst at theCUBE Research, stressed that effective defense requires more than governance-it demands cultural change. "Bad human behavior beats good security every time," he said. Organizations must embed security into operations at scale.
Enterprise-wide frameworks led by business leadership-not just CISOs-are critical. From governance come policies, and from policies come controls. Without this structure, companies risk chaos in their AI rollout.