CyberWire Daily - Is your enterprise AI strategy delivering ROI yet? [AI Security Brief]

Episode Date: July 4, 2026

While we take a break this 4th of July weekend, please enjoy this encore of AI Security Brief. Your enterprise AI strategy isn’t as far along as you think. The reality for most organizations today... is that AI is disrupting existing processes more than it’s delivering outcomes… so far. And according to Dr. Grace Trinidad, Research Director at IDC, that’s how it should be. In this episode, host Johnny Hand sits down with Dr. Grace to discuss how AI adoption follows the same pattern as almost every major digital transformation, and why this disruption phase we’re in is messy, yet critically important.  What we cover: How history demonstrates that automation across industries created disruption well before delivering value Why your AI adoption strategy is much more than simple tool deployment What business and technology leaders need to consider as they integrate AI into operational workflows How token consumption and AI FinOps are the emerging security and cost risk How AI ontologies will be the next real business differentiator Why stick around:  If you’ve been wondering if your organization’s AI adoption strategy is ahead of the curve, Dr. Grace will give you a much clearer picture of where you really stand. Episode resources: Dr. Grace Trinidad on LinkedIn Securing the AI Enterprise: 5 Key Steps for Business Leaders Closing the Governance Gap in Agentic AI ⁠Johnny Hand on LinkedIn TrendAI on LinkedIn About AI Security Brief AI Security Brief is where security and technology leaders come to get ahead. Join us for real conversations on the AI trends, threats, and decisions that can't wait. About TrendAI™ TrendAI™ empowers organizations to lead the future of AI with proactive security designed to inspire innovation and eliminate risk. TrendAI™. AI Fearlessly. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. In addition to the token hygiene of your organization, I think AI FinOps, we're going to see a lot of AI FinOps energy in the next 12 months. We're going to see a slew of players emerge as a layer of security even, because one way to attack an organization is to attack their token consumption. Right? So if they blow their budget on a Wednesday, what do they do at that point? So it's another security leader. Welcome to the AI Security Brief, where we're unpacking emerging threats, vulnerability research, and the strategic decisions that security leaders are making right now.
Starting point is 00:00:50 I'm Johnny Hand. And I'm Dustin Childs. Johnny, for this episode, we were both on the road. I was in Berlin for Pone to Own, and you were in Phoenix where you had the opportunity to sit down with Dr. Grace Trinidad from IDC. I'd love to hear more about your conversation. Yeah, it was honestly a dynamic conversation. So we were at our Spark event, which is our customer-focused event, and Grace was able to attend. And we jumped right in with some really interesting conversations around AI adoption.
Starting point is 00:01:18 She has some really great theories that she's publishing in her research. But one of the things that stood out the most and probably resonated the fastest with me was she used a term that I often use in the military, which is you have to embrace the suck. Yeah, that's the term I used in the military as well. So I'd love to hear how she applies it to artificial intelligence. So let's just go ahead and dive into the conversation. So, Grace, are we going to have realized optimization, realized benefit from AI? Yes. I'm optimistic that we will have realized benefits from AI.
Starting point is 00:01:58 But I do think that the early stages of expectations should probably be more tempered. And so don't lose patience with your chat. not bots. Don't lose patience with your summarization tools. Don't lose patience with the sort of low-hanging fruit that we've got going on right now. Part of what you're doing is you're building the muscle, the AI muscle in your organization. You're building comfort. You're building trust with the product. So that's why hallucinations are such a big deal right now. There's such deteriorations of trust when they happen. So as we smooth out these things, then even more efficiency and productivity gains will come to the floor.
Starting point is 00:02:41 But right now, this is sort of like nascent, learning everyone together in first grade, kindergarten classroom. I love that you said we're building our muscles. I think it's such a good analogy because one of the challenges, I wanted to say what you should shout from the rooftop is really to the board members, that, hey, we're not going to realize true ROI. We're not going to have these net plus benefits that are so easy to document because we are in a very foundational beginning of this process, right?
Starting point is 00:03:12 So let's dive into that a little bit. You know, earlier we were talking, and I get the feeling when I talk to a lot of folks that they are doing very individualistic adoption, but they think they're doing organizational growth. Can you talk a little bit about that what you're seeing? Yeah. Don't ignore the individual-level usage.
Starting point is 00:03:32 We're going to need them for our ontology building, so encourage that. There are treats later on if you continue to talk that track. But we're, so the individual experimentation, part of the issue is we need our staff, we need users of AI to know when to trust AI and when to kick it to the curb. Yeah.
Starting point is 00:03:55 Right? And so while this is a period of individual experimentation and trying your own prompts, developing your own prompts, developing your own tools, developing your own code. That's all just part of figuring out how wrong it can be and how right it also can be. And that calibration of trust, which we will need when enterprises are fully dependent on AI. So this is happening slowly and under some criticism and duress. I don't think is a terrible thing, but don't lose sight of the fact that this is all
Starting point is 00:04:35 part of the learning process to get to really good stuff down the line. And I think we're finally at this point where the AI security approach is mature enough that we can talk about it in like complete sentences and with, you know, shared ideation. Yeah. I'm so glad that you brought up the topic of AI security because when we, when I talk with folks, I actually like made this kind of equation a while back and you challenged me on this, which I loved, by the way. And it was that I really saw AI adoption, even though it was moving faster,
Starting point is 00:05:11 as kind of like the way that we did cloud adoption. And this idea that we had, cloud came about, you had some early adopters, you started building in cloud. Mostly it was like developers and, you know, sysadmins and architects. And there wasn't really a security presence. So we didn't really have visibility into that plane. And it was probably three or four years later
Starting point is 00:05:32 when we really started building out and having a voice around securing cloud infrastructure. So when I look at the journey of AI, I kind of looked at it through that lens, but you actually challenged me to look at it through a different lens, and I'd love for you to share that. Yeah, well, because while I completely agree that the cloud security story very much mirrors the AI security story, I think that the AI, this AI era that we're entering in, has so much more in common with 1996. It's 2026. It's amazing. It has so much more in common with 1996, then I think most of us recall.
Starting point is 00:06:10 So we're talking about the start of the internet. The start of the internet. So, you know, one of my colleagues' message that they ran out of token on their foundation model of choice. And who's like, it's like 100 hours of AOL. Where's the rest of my internet usage? And that is such a, it's such a funny thing to conceptualize now. like 100 hours of internet access. And in fact, AOL, if you look at the history
Starting point is 00:06:42 of that 100 hours of access, people were really burned because they quickly blew their 100 hours of internet access, as one does. And we're kind of experiencing the same thing with AI, right? So the parallels are really clean. So in 1996, we had usage that people couldn't plan for. we had no idea how people were going to use the internet. And so this 100-hour disk was provided to people in their homes.
Starting point is 00:07:12 Everyone blew their budget. Some people got really, really bad bills. And then the entire pricing model changed with AT&T net, right? And then that competition introduced a new paradigm. And now we have the internet that we have today. My goodness, can you imagine if we were billed by the hour? Terrible. But then the other parallel in 90s,
Starting point is 00:07:34 was the panic around energy consumption. Oh. So this is where, like, it's just like AI all over again. There was so much concern around how much internet usage was going to just blow the grid. Yep. And over, very quickly, actually, there was like all these quotes that it was going to take eight times the power, like we just didn't have the infrastructure because we couldn't, We weren't able, as a globe, to support eight times energy usage.
Starting point is 00:08:07 That was what was forecasted at the outset. But similar to AI models, as time goes by, compute gets cheaper. And so does token. Token consumption is also becoming more efficient with AI models. So we're seeing these costs, those original concerns about energy consumption. and cost, we're seeing these things kind of follow the same trajectory as 1996. Yeah, I'll say that. I honestly wasn't. So, Grace, let's talk a little bit about that, you know,
Starting point is 00:08:45 really around that token hygiene and like what organizations are really struggling with today. Because you mentioned from, especially from the small to medium business, that we want to empower our employees and our folks to innovate and really ideate and use these tools. But there's a real cost behind it. And it's almost like saying, hey, go play, but at what cost? And how are you seeing token usage, the hygiene of that, and maybe how organizations can help manage that a little bit? Yeah.
Starting point is 00:09:14 So this is something that heavy users of AI are encountering, especially heavy users of agents. So the agents who are able to deploy their own work streams and in some instances, their own agents, they actually work very hard on your behalf to your detriment as well. So as an example, sometimes what happens is an agent will be set on a task.
Starting point is 00:09:46 You'll give it your instructions, and it'll set on a task, and then it'll run into a roadblock. Maybe you don't have access to that particular data set or there's something was set up wrong. That agent will try in every, permutation to get through your organization to get to that resource. Bless their heart. But what ends up happening is the cost of that effort or that whatever it is you wanted to do, that
Starting point is 00:10:16 that now costs 14 times what you had anticipated, right? Because now it's routed itself through the entire enterprise looking for what it needs to provide you to execute on your instructions and it can't. Yeah, it's a good parallel because you see this where it's like, oh, I might have a thousand token allotment and then before you know it, they've spent $15,000. Yeah. On something that wasn't worth that order of that. And so where I'm seeing some pressure build up in enterprises right now is not so much in
Starting point is 00:10:48 AI security, but in token consumption. And so in that, you know, organizations are going to want to. look at the hygiene of their models. So does it exclude unnecessary words or, you know, a lot of the foundation models are already optimized to not, not spend tokens when they're saying thank you or you bet, right? So, but the smaller language models may not have those. So in enterprise adoption, what we don't realize as we're using Claude or as we're using Open AI is those foundation models have actually come with constraints to trim down token consumption.
Starting point is 00:11:31 And so organizations that are using, will soon use domain-specific models, small language models, that's an area where you're going to want to probe. What is the token hygiene of that model itself, right? So in addition to the token hygiene of your organization, I think AI FinOps, we're going to see a lot of AI FinOps energy in the next 12 months. We're going to see a slew of players emerge as a layer of security even, because one way to attack an organization is to attack their token consumption, right? So if they blow their budget on a Wednesday, what do they do at that point?
Starting point is 00:12:11 So that's another security layer. So, Grace, earlier we were talking about disruption and recognizing that we're in this phase of disruption. We're not in the transformation phase. And I think there's probably industries that showcase this better than others. What are you finding in your research? So I didn't make up the experimentation, disruption, stabilization, and then transformation phases. We've seen these through other digital transformation projects. So my background is actually in health care information assurance.
Starting point is 00:12:43 And one of the biggest transformations is introduction of electronic health records. into hospitals and health care systems. And that transition on the heels of the High Tech Act occurred, what, 2010 through 2015. And we had a slew of retirements because that's a really, really tough thing to introduce into a physician's workflow. Now you have EHRs that you have to interact with. People just full on left. But more tragically, mortality also went up. So there's research that shows that pediatric mortality in intensive care units went up 136% once electronic health records were introduced.
Starting point is 00:13:31 Yeah, that's not a great number. And can you imagine if I came to a business leader with that number and said, if you implement this, mortality is going to go up 136%. But it's going to be great. No one would have implemented it. Yet look at where we've come as a result of EHR implementation. We have, it's easier to ship your records. It's easier to examine your records. We have better surveillance as a result of it, better data tracking.
Starting point is 00:14:00 So. Correlation, right? Yeah, exactly. Better correlation. This is, again, if you want to go back to ontologies, healthcare. But so that's not the only digital transformation that occurred. Health care is a really, really great example of one. It's a very disruptive one that did pay out in the end.
Starting point is 00:14:15 Very painful, but very transformative. The other transition that occurred, there's a number, but the other transition that I really like to talk about is aviation. So I just got off of plane today. You got off of a plane yesterday. We get on planes every single day and we trust that we're going to get to our destination. A lot of that is fly by wire now. So that's automation that we have as a culture have come to trust. But it wasn't always trustworthy. You know, we lose sight of this. Aviation. went from pilots being the primary driver to pilots being a supervisor of the plane's automation with training to intervene when expertise was necessary.
Starting point is 00:15:03 It's the parallel to AI's. Kind of amazing. So crazy, yes. So our pilots today are not just trained in how to fly a plane. They're trained in human factors research. They're trained in a concept called Automation Surprise, and that's when an automated system does something that you're like, what is this?
Starting point is 00:15:22 Why did it do that? You have the tools, the cognitive tool set to sort through what might be happening so you can break down the problem. So that's how pilots are being trained now. Human factors, automation surprise, and how to maintain supervision over an automated system while still being engaged with that system. That's the tough part.
Starting point is 00:15:46 Like, how do you not just fall asleep at the wheel? And so that's what a lot of the training of pilots is in now. And I do want to emphasize, like, we didn't lose pilots. We didn't just start handing controls to me, anyone, you know, some random person and say, like, this is automation. Now you can fly it. We absolutely didn't do that. We still have highly trained pilots who must operate this very, very technical machinery that, for the the most part runs itself.
Starting point is 00:16:18 And the same is going to happen with AI. We need to train pilots to stay in the loop, but out of the weeds. Yeah. So as we kind of wrap up for today, if you had to give three or four key takeaways for our audience and those security leaders that are looking at how do I navigate through this disruptive phase, understanding I need to secure my organization, are there any key takeaways that you would just, you know, want to impart with them? Yeah, absolutely. So if we go to those historical digital transformations, they actually offer very, very good advice. In industrial automation,
Starting point is 00:17:03 research was so clear. The firms that enjoy the best productivity increases and the best efficiency were the firms that re-architecteded their whole workflow around that automation technology, rather than inserting that automation technology into existing industrial line operations, they reworked everything. So no bolt-ons. So no bolt-ons. So the parallel here is, if you're enabling AI in your enterprise, where do you think it actually fits best? So where is there actually a problem to solve?
Starting point is 00:17:40 And how would you actually reformat that to better take advantage? of that technology. So that would be my first thing, is like, look for, look for places where the technology makes sense or change systems or change your organization to make the technology makes sense. That's a tall order, but it is part of how digital transformations unfold. And then kind of next steps, just to go back to token hygiene and then to the ontology that we're talking about for ontology creation. And I think, this is the next decider, or this is the next differentiator of business. I really do believe that ontologies will be the next differentiator of business.
Starting point is 00:18:27 But I really do want every CTO or data scientist in an enterprise to think about what ontological structure that enterprise might actually benefit most from. There are a number that exists in the world. Basic formal ontology is one, and then there's owl. So there are a number of places to start. So for this year, I think the real heat in this industry will be around semantic intent, arontologies, and then token consumption and AI thin ops. And I think we're getting to a place where enterprises are really having to square that cost
Starting point is 00:19:05 with what they're able to achieve. And that just goes back to what we talked about is the need for security leaders to partner more tight. become better understanders of the business. Yeah, absolutely. And really drive a relationship that becomes a business enabler. Yes, yeah. And then think about, like, structuring and ontology, you have to be well acquainted with,
Starting point is 00:19:26 or you have to have some way of getting well acquainted with each area of the business in order to build that real differentiator. Yeah, and I love the fact that I think we did this with security and we realized it wasn't great and we kind of re-architected it, but that it can't be bolt on. We have to natively build with these technologies
Starting point is 00:19:42 and so we can natively secure them. Yeah, yeah. And that's just been, that's part of the experimentation disruption cycle, right? We're sorting it out. And we're just firmly in that disruption. Well, thank you so much for joining us on the AI Security Brief podcast. It was a real pleasure having you. And hopefully we can have you back on the show.
Starting point is 00:20:08 All right, Dustin, we're back. I told you it was going to be a dynamic. What did you think about Dr. Grace? I thought she made a lot of really good points. And it was really interesting to get her perspective, especially when it comes to the disruption phase of organizations implementing AI. And really, we're still all in the experimentation phase. And it's messy.
Starting point is 00:20:27 And that's normal. And it's great for her to describe it in that manner. Yeah, I loved it. It was messy. It's painful. We have to embrace the suck and get on through it. You know, another thing that she talked about, which really stood out is, you know, the fact that organizations just aren't in this mature area of transformation,
Starting point is 00:20:44 that we actually are in the very early stage. of those disruptions, and that's totally okay. I love that when we went to this conversation, I think probably, if I'm being honest, I attributed the AI adoption phase that we're in to be more like the cloud and cloud security phase of 10 years ago, and she really changed my perspective about that with her point around how this is more like 1996
Starting point is 00:21:08 and the early beginnings of the Internet. Yeah, I thought that was really interesting too, and it really, I don't want to say, made me, feel old, but it definitely brought back some memories of going to bookstores for AOL disks for another 100 hours and telling people that I'd have to call them back after 9 p.m., because that's when my minutes were free. But yeah, I mean, that looking at the tokenization and following that is very interesting and very comparable to the beginning of that.
Starting point is 00:21:36 I also like the way she really talked about the business leader partnership angles. AI security requires participation from everyone in every line of business and not just the security team, and I thought that was a really important takeaway as well. Yeah, and then she had that final security leader takeaway, which is this isn't about bolting on new tools in your company. It's an operating model transformation to let you move fast. Yes, and I completely agree with her on those points. All right, so thank you, Dr. Grace, for joining us and sharing your insights. If you want to connect with her on her research or learn more about Dr. Grace, you can see
Starting point is 00:22:10 our show notes for more information on connecting. And that does it for another episode of AI Security. Brief. We want to thank you for joining us. Our goal is to host conversations that get you thinking differently about security. And if it does, consider subscribing so you don't miss what's next. AI Security Brief is mixed and produced by Elliot Pelsman with original music by Omnihijinks. Our executive producer is Jennifer Ivan with content strategy by Maya and Melanie Gallant. Additional production helped by Liz Stokes, Kasia Ferguson, and the Black Rabbit Team. Video editing by Sorrel Jopi and Bridget Creekie Wild. Thank you.
Starting point is 00:22:46 so much for listening. We'll see you next time on AI Security Brief.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.