CISO AI Uncertainty at RSAC 2026: Joan Goodchild Interview

Every CISO who walked the floor at RSA Conference 2026 left with the same question and roughly the same answer. The question was about AI. The answer was a long pause, followed by some version of “we’re still working on it.” That hesitation is not a failure of leadership. It is intellectual honesty under pressure, and it is the most important thing happening in security right now.

At the Elisity Video Studio at RSAC 2026, we sat down with veteran cybersecurity journalist Joan Goodchild to talk about what she was hearing on panels, in hallways, and in boardrooms. Joan has spent more than 20 years covering security as the former editor-in-chief of CSO and as a contributor to Dark Reading, SC Media, and CSO Online. Her read on the moment was direct: CISO AI uncertainty is not a weakness to hide from the board. It is a signal that the smart leaders are doing the harder work.

What is CISO AI uncertainty? CISO AI uncertainty is the operating condition of running a security program against AI technology that is moving faster than enterprise planning cycles can absorb. It is not indecision. It is the honest acknowledgment that the threat landscape, the defender toolkit, and the regulatory frame are all evolving simultaneously, and that the right posture is containment-first, not vendor-first. The CISOs who hold this posture in front of their boards are doing more credible work than the ones who pretend the picture is settled.

Who is Joan Goodchild, and why her perspective matters

Joan Goodchild is a writer, editor, content strategist, and broadcaster who has covered cybersecurity for more than two decades. She is the former editor-in-chief of CSO and has contributed to leading security publications including CIO, Dark Reading, and SC Media. Today she runs CyberSavvy Media, where she partners with global security companies on thought leadership, executive communications, and industry research.

What separates Joan from analysts and vendors is the range of conversations she has access to in any given week. She moves between board-level briefings, vendor product launches, practitioner panels, and the kinds of hallway conversations that only happen between two people who have been around long enough to drop the script. That vantage point makes her one of the more honest narrators of where security leadership actually is, versus where the marketing on the show floor says it should be.

At RSAC 2026, the question on Joan’s mind was not which AI vendor would win. It was what CISOs were supposed to do while the ground was still moving under them.

The AI dust storm: driving fast through low visibility

The metaphor we offered Joan in the studio was a desert dust storm. Imagine driving a hundred miles an hour through the desert at the moment the storm hits. The exits are obscured. The cars passing might be ahead or alongside, and there is no way to tell which. The terrain the driver thought they knew is gone. That is the operating picture for security leaders right now, and the companies launching new products into it are often already out of date by the time the press release goes live.

Joan agreed with the framing without softening it. “It’s moving rapid speed,” she said. “Companies launching are already out of date.”

That is the operating condition CISOs are working inside. It is not a temporary turbulence that ends when the next architecture review wraps up. It is the new baseline. And the security leaders who acknowledge that out loud, in boardrooms, are doing more credible work than the ones who pretend to have a tidy three-year roadmap for technology that did not exist eighteen months ago.

“What do we want it for? We don’t know.”

Joan brought up a meme she had seen about six months earlier. It showed a row of stick figures. The first frame read, “CEOs, what do we want? AI.” The next frame read, “What do we want it for? We don’t know.” She laughed when she described it, but the point underneath was serious.

“I still think that there are so many questions around it that all has yet to kind of unfold,” Joan told us.

Most CISOs have lived this pattern. The CEO comes back from a peer dinner or a board offsite with a mandate to “do something with AI.” Procurement is asked to fast-track a pilot. The CISO is told to make sure it is secure. And nobody in the room has clearly articulated the problem the AI is supposed to solve.

The right move in that situation is not to obstruct. It is also not to wave the pilot through. It is to insist on a problem statement before any model touches enterprise data. That is a posture the board can respect, even when it slows things down.

AI agents and ceding human control

The conversation Joan kept hearing on panels was about AI agents. Not chatbots. Not assistants that draft an email and wait for a human to hit send. Autonomous agents that take actions on systems with their own credentials, their own decision-making, and their own blast radius.

“One panel I sat in on talked about AI agents,” Joan said. “Are we in a place now where you really feel comfortable kind of ceding control without the human? We talk a lot in this industry about the human layer and how that always needs to be part of it. But agents kind of uplevel that concern.”

The question she put to security leaders was specific. In which environments are you comfortable letting an AI agent go do work that a human used to do? For most CISOs, the honest answer right now is “very few.” For some, it is “none.” For others, it is “only inside a tightly scoped sandbox where I can see and contain everything the agent touches.”

That last posture is the one that maps cleanly to architecture. If an agent is going to operate with its own identity and its own permissions, the controls cannot live at the perimeter or in the chat interface. They have to live at the network layer, where the agent’s reach is defined and enforced regardless of what the model decides to do next. This is where the conversation about microsegmentation for agentic AI threats gets practical. The goal is not to predict every action an agent might take. The goal is to make sure that whatever it tries, the available paths have already been narrowed to what the business actually authorized.

Joan’s framing matters because it shifts the question from “is the model trustworthy” to “what can the model reach.” The first question may never have a clean answer. The second one is an engineering problem CISOs can solve today.

The 60/9/30 board honesty framework

The most useful moment in the conversation was about how CISOs talk to their boards about AI risk. Joan put the tension cleanly. “It’s the CISO’s job to try to educate the board,” she said. “But because there are so many questions about what happens if I deploy this in this particular environment, can I ensure that it’s largely safe and secure and that this is the right thing to do? That’s a really tough question to answer right now.”

The frame we offered Joan, and that she endorsed in the studio, is a way to structure that honesty. Call it 60/9/30. A CISO walks into the board meeting and says, “Here is the truth”:

• About 60% of our AI exposure is known and controlled. We have visibility, controls, and a defensible posture.
• About 9% is compensated. Not the end state, but the risk is wrapped.
• About 30% is in motion. We have a plan, but the technology is still maturing.

“Absolutely,” Joan responded. “The CISOs that can have those conversations and then back it up with action and incorporating it into strategy and demonstrate meaningful results in ROI from it, are the ones that are going to be the leaders in the space that we’re going to be hearing from in a year or two at this event.”

The 60/9/30 frame works because it does three things at once. It gives the board a defensible number. It distinguishes between things that are controlled, things that are compensated for, and things that are still being figured out. And it positions the CISO as the adult in the room who is not pretending to have certainty that nobody in the industry actually has yet.

It also gives the CISO somewhere concrete to point when the board asks what the 30% is being mapped against. The honest answer is the same set of frameworks CISOs are mapping their AI controls against today, including NIST AI RMF, NIST CSF 2.0, IEC 62443, and the evolving zero trust guidance from CISA. Those are not aspirational documents. They are the language regulators and auditors are starting to use, and they are the scaffolding for the 30% column.

The pace of change problem

The reason CISO AI uncertainty is not going away is that the underlying technology is not stabilizing. Joan was clear about this.

“Things are so unpredictable in AI,” she said. “AI changes the game. It makes it even easier for attackers as well as it enables defenders with new types of technology to be more agile and fast. But there’s just so much unknown and so much change that’s happening. It’s really hard to predict.”

This is the part that breaks traditional security planning cycles. A three-year strategic plan assumes the threat landscape and the defender toolkit will both evolve at roughly compatible speeds. AI broke that assumption. The attacker side is compounding faster than most organizations can refresh their controls. We have already seen public research about AI systems autonomously discovering vulnerabilities on unpatchable devices, including previously undisclosed vulnerabilities in decades-old codebases uncovered by frontier models. That is not a hypothetical 2028 risk. That is a 2025 result.

The implication for CISOs is uncomfortable but clear. Defenses that assume patching is the answer do not hold up against an attacker class that can find new bugs faster than vendors can ship fixes. The answer is not faster patching. The answer is narrower blast radius. Reduce what a compromised asset, human or agent, can reach. Then the speed of vulnerability discovery becomes a containment problem rather than an unrecoverable breach.

Watch the full conversation

The lies we tell ourselves: time to reinvent security awareness training

The most uncomfortable RSAC panel Joan attended was titled around “the lies we tell ourselves.” It asked participants to name a long-standing security practice that everyone knows is not working well anymore but that nobody wants to retire. One of the answers was security awareness training.

“We’ve been talking about awareness training for over a decade now,” Joan said. “But those programs, while they are pervasive, really still seem to have a small amount of effect in some instances. I’m not bagging on awareness programs because obviously they’re very effective and they’re very helpful. And you absolutely should have one. But maybe it’s now time for a reinvention and a reinvigorating look at your awareness strategy.”

The reinvigoration argument lands harder when set against the AI-augmented phishing data. The 2025 Verizon DBIR documented that AI-generated text in phishing has doubled over the past two years, producing lures that are more grammatically polished, more context-aware, and harder to spot through the traditional “look for the typo” coaching. The classic phishing simulation, with its tells and templates, is training employees to spot a kind of attack that is becoming less representative of what they will actually face.

Reinvention does not mean abandonment. It means rebuilding the program around assumptions that match the threat. That includes simulations generated by language models rather than templates, scenarios that include voice and video deepfakes, and metrics that measure decision quality under realistic pressure rather than click rates on obviously fake bait. It also means honest conversations with employees about what they cannot reasonably be expected to catch, and shifting more of the containment burden to architecture.

Do people really care about cyber?

One question Joan heard at RSAC stuck with her enough that she brought it back to us. A panelist had asked, “Do people really care about cyber?”

“So what does that mean exactly?” Joan said. “Who’s showing up with the wherewithal and the budget and the strategy? We say that we care about cyber, but sometimes it’s hard for organizations and security leaders to really get the board and executive buy-in on the things that they want. That isn’t the big flashy thing.”

The translation for CISOs is this. Boards and executives say cyber matters. They will write that into the proxy statement. But when the funding request lands on the table and it is for something unsexy, like reducing east-west exposure on the network or replacing a NAC that is past end-of-life, the enthusiasm cools. The flashy AI pilot moves forward. The architecture work that would make the flashy AI pilot survivable in the event of a breach gets deferred.

The 60/9/30 framing helps here too. It gives the CISO a way to connect the unsexy work to the flashy work. The 60% is only defensible because the boring architecture work happened. The 30% is only manageable because there is a containment story underneath it.

Where CISO AI uncertainty goes from here

The through-line from Joan’s RSAC 2026 read is that CISO AI uncertainty is not a phase that passes once the right vendor wins. It is the durable condition of the next several years of security work. The leaders who handle it well are the ones who do four things.

• Refuse the false certainty. If a vendor or a peer claims to have AI security figured out, that claim should raise skepticism, not relief. Joan’s read of the show floor was that the people doing the most credible work were the ones admitting what they do not know.
• Insist on a problem statement. Before an AI pilot moves forward, the CISO should be able to write down, in one sentence, what business problem the AI is solving and what would have to be true for the project to be considered a success or a failure.
• Move the controls toward containment. When the model is unpredictable and the attacker pace is faster than the patching pace, the defensible move is to narrow what a compromise can reach. That is an architecture conversation, not a model conversation.
• Bring honest math to the board. The 60/9/30 frame, or some version of it, gives the board something useful to work with. It also gives the CISO room to update the numbers quarter over quarter as the picture clarifies.

Joan closed our conversation with the line that captures the disposition this moment requires. “I’m super excited about RSA this year and next year and how it all pans out.” Excited. Not certain. That is the right register for the work, and the honest posture toward CISO AI uncertainty as a durable operating condition rather than a vendor problem waiting for a vendor solution.

Frequently Asked Questions About CISO AI Uncertainty

Is AI in cybersecurity secure?

AI used in cybersecurity is not categorically secure or insecure. The 2025 IBM Cost of a Data Breach Report found that 97% of AI-related breaches occurred in organizations without proper AI access controls, while organizations using AI and automation extensively saved $1.9 million per breach. The security of an AI system depends on three architecture-level questions: what data it can access, what actions it can take autonomously, and how its activity is contained if its credentials are abused. CISOs who treat AI security as an access-and-containment problem rather than a model-trust problem tend to make faster, more defensible progress.

How should CISOs evaluate AI agent security?

CISOs should evaluate AI agent security across four layers: the identity the agent uses to authenticate, the scope of systems and data the agent can reach, the runtime visibility into what the agent actually does, and the containment posture if the agent or its credentials are compromised. Agents that operate with broad standing privileges and live inside flat network segments represent the highest-risk deployment pattern. Agents that operate with narrowly scoped, identity-aware permissions and inside microsegmented zones are easier to contain. Reference frameworks include NIST AI RMF, NIST CSF 2.0, and the evolving CISA Zero Trust Maturity Model.

What are the biggest AI security risks for enterprises in 2026?

The four risks security leaders raised most often at RSAC 2026 were shadow AI usage on unsanctioned tools, autonomous AI agents operating without human review, AI-augmented phishing and social engineering campaigns, and AI-accelerated vulnerability discovery on unpatchable devices. The common thread across these risks is that none of them are solved by stopping the AI. They are solved by reducing the blast radius of what a compromised user, agent, or device can reach.

Why is security awareness training failing?

Security awareness training is not failing in the absolute sense. It is failing to keep pace with how attacks now reach employees. The 2025 Verizon DBIR documented that AI-generated text in phishing emails has doubled in two years, which strips away the grammar and formatting tells that traditional training emphasized. Programs built around template phishing simulations and annual click-rate metrics underprepare employees for AI-augmented voice, video, and conversational social engineering. The reinvention path involves model-generated simulations, multi-channel scenarios including deepfake voice and video, and a shift in metrics from click rates to decision quality under realistic conditions.

For security leaders looking to translate this posture into architecture, Elisity provides identity-based microsegmentation that narrows the blast radius for both human users and autonomous AI agents across IT, OT, and IoT environments without requiring agents on endpoints.

Further reading:

• Cyber Resilience at RSAC 2026: An Interview With 7-Time CSO Roger Hale
• Andy Ellis on Preventing Lateral Movement in the Age of AI Agents
• Zero Trust Microsegmentation: A Conversation With Forrester Analyst David Holmes
• AI Security Microsegmentation for Agentic AI Threats
• Claude Mythos, AI Vulnerability Discovery, and the Case for Microsegmentation
• Microsegmentation Compliance Requirements: A Six-Framework Guide for 2026

Sources and references

1. Gartner. “Gartner Predicts AI Applications Will Drive 50% of Cybersecurity Incident Response Efforts by 2028.” Press release, 17 March 2026. gartner.com
2. IBM Security. “Cost of a Data Breach Report 2025.” ibm.com/reports/data-breach
3. Verizon. “2025 Data Breach Investigations Report.” verizon.com