Search IANS

The Model Context Protocol (MCP), an open standard defining how AI assistants connect to external data sources and tools, is becoming vital infrastructure for generative and agentic AI applications. As organizations rapidly adopt these capabilities while managing risks, this symposium helps security leaders understand MCP's architecture, why vendors are quickly developing MCP servers, and the security risks of connecting AI systems to enterprise resources. We also explore how AI Security Posture Management (AI-SPM) tools are evolving to address these challenges and provide practical frameworks for managing MCP-enabled AI deployments.

About 90% of Microsoft 365 environments now have access to Copilot, and actual daily usage hovers around 30%. With this continued uptick in access and usage, security teams face data oversharing risks that now affect 15% of business-critical files. In this symposium, IANS Faculty Shannon Lietz walks through documented failure patterns, outlines ways to implement risk-based adoption strategies, and provides recommendations to help teams develop security controls that balance productivity gains against data exposure risks.

AI is increasingly embedded across enterprise platforms and security tooling, with LLMs and agentic systems reshaping how both defenders and attackers operate. Security teams are under pressure to understand where these capabilities are genuinely improving detection, response and resilience—and where they are introducing new forms of risk.

Many organizations are moving quickly to adopt AI—often faster than their GRC teams can keep up. What started as pilot use cases or productivity experiments has rapidly evolved into production AI systems, embedded copilots, and autonomous or semi‑autonomous (agentic) workflows. Unfortunately, most organizations are discovering that traditional risk, security, and governance approaches were not designed for AI.

IANS CISO Roundtables are an exclusive opportunity to connect with peer security executives. The curated agenda is designed to foster conversations between participants, letting them share best practices in an environment free from press or vendors. It’s a closed-door opportunity to tackle the problems that matter most to you and your teams.

Heather Hinton is a four‑time CISO, cybersecurity executive, and trusted advisor with more than 30 years of experience and over 75 issued patents in security and identity management. A two‑time CISO 100 honoree, Top 40 CISO to Watch, and inductee into the Women in Technology Hall of Fame, she is also a sought‑after mentor and coach for cybersecurity professionals. As a Lecturer at Harvard Extension School, Heather teaches Product Security, Secure Operations, and Ethical Hacking, and leads capstone projects for the cybersecurity master’s program. She has led security initiatives at leading technology companies, with deep expertise in cloud‑native security, global security operations, identity and data protection, and building high‑performing teams.

Greg Day is SVP & CISO at Cybersecurity Wisdom and a respected cybersecurity thought leader with more than 35 years of industry experience. He has been active in cybersecurity since its earliest days, developing an early EDR solution and serving in consulting and senior CTO/CISO roles at organizations including Dr. Solomon’s/McAfee, Symantec, FireEye/Mandiant, Palo Alto Networks, and Cybereason. Greg has led extensive cyber transformation initiatives, SOC and incident response programs, and threat and forensics training. He works closely with public sector and Global 2000 organizations on cybersecurity strategy—spanning risk, AI, IoT/OT, operational resilience, and security consolidation—as well as policy and regulatory frameworks such as GDPR and the EU NIS Directive.

New data on how large enterprise CISOs are navigating declining budgets, rising legal exposure, and an expanding dual mandate.