Sign up to save your podcasts
Or
Share Shadow AI Agent Risk: It's Not Just the CISO's Problem | EP28
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Shadow AI Agent Risk: It's Not Just the CISO's Problem | EP28
Shadow AI agent risk has moved from information risk to operational risk in less than six months — and that shift means accountability no longer sits with the CISO alone. Vivek Menon, CISO and Head of Enterprise Data at Digital Turbine, explains why the COO, CMO, and CFO are now on the hook when an agent acts without human review.
In this conversation, you'll learn how shadow agent risk differs from shadow AI and shadow IT, why Vivek builds governance to the EU AI Act as his North Star even for US operations, and what "survivable, auditable, explainable" actually looks like when an incident reaches auditors at a public company. If you're still getting up to speed on what agents actually are, the AI Agent Cheat Sheet breaks it down: https://www.insight.com/en_US/content-and-resources/guide/the-ai-agent-cheat-sheet.html
Vivek also shares the one hiring metric that tells you whether AI adoption is working — and why zero friction in AI tools is a red flag, not a feature. For more on the questions executives are asking behind closed doors about agents, check out our companion episode: https://www.insight.com/en_US/content-and-resources/insight-on/what-executives-are-too-embarrassed-to-ask-about-ai-agents-answered.html
This episode wraps our series on the agent economy. If you're building an AI transformation playbook, see how one organization approached it: https://www.insight.com/en_US/content-and-resources/case-studies/case-study-the-ai-playbook-ai-transformation.html — and learn more about Insight's full AI services and capabilities here: https://www.insight.com/en_US/what-we-do/expertise/data-and-ai.html
Book a Radius strategy workshop because you'll get a structured path to AI governance and agent readiness tailored to your environment: https://www.insight.com/en_US/what-we-do/methodology/radius-business-strategy-workshops-and-planning.html
Chapters (5–12)
-
00:00 — Welcome and introduction
-
01:35 — What Digital Turbine does
-
02:18 — What CISOs admit to each other behind closed doors
-
03:01 — Shadow IT to shadow AI to shadow agent risk
-
04:33 — Why AI agent risk is now an operational risk
-
05:32 — What a survivable AI incident looks like
-
07:03 — Pressure on CISOs to not be the department of no
-
08:45 — Red flags when new AI capabilities launch
-
10:04 — How a dual mandate in security and data helps
-
12:35 — How business units get green-lit to build agents
-
15:38 — Managing AI governance across 10 regulators
-
17:36 — Biggest productivity gain from AI so far
-
20:53 — How to detect shadow agent activity in your team #AIAgents #ShadowAI #CISO #EnterpriseAI #AIGovernance
View all episodes
By Insight EnterprisesShadow AI agent risk has moved from information risk to operational risk in less than six months — and that shift means accountability no longer sits with the CISO alone. Vivek Menon, CISO and Head of Enterprise Data at Digital Turbine, explains why the COO, CMO, and CFO are now on the hook when an agent acts without human review.
In this conversation, you'll learn how shadow agent risk differs from shadow AI and shadow IT, why Vivek builds governance to the EU AI Act as his North Star even for US operations, and what "survivable, auditable, explainable" actually looks like when an incident reaches auditors at a public company. If you're still getting up to speed on what agents actually are, the AI Agent Cheat Sheet breaks it down: https://www.insight.com/en_US/content-and-resources/guide/the-ai-agent-cheat-sheet.html
Vivek also shares the one hiring metric that tells you whether AI adoption is working — and why zero friction in AI tools is a red flag, not a feature. For more on the questions executives are asking behind closed doors about agents, check out our companion episode: https://www.insight.com/en_US/content-and-resources/insight-on/what-executives-are-too-embarrassed-to-ask-about-ai-agents-answered.html
This episode wraps our series on the agent economy. If you're building an AI transformation playbook, see how one organization approached it: https://www.insight.com/en_US/content-and-resources/case-studies/case-study-the-ai-playbook-ai-transformation.html — and learn more about Insight's full AI services and capabilities here: https://www.insight.com/en_US/what-we-do/expertise/data-and-ai.html
Book a Radius strategy workshop because you'll get a structured path to AI governance and agent readiness tailored to your environment: https://www.insight.com/en_US/what-we-do/methodology/radius-business-strategy-workshops-and-planning.html
Chapters (5–12)
-
00:00 — Welcome and introduction
-
01:35 — What Digital Turbine does
-
02:18 — What CISOs admit to each other behind closed doors
-
03:01 — Shadow IT to shadow AI to shadow agent risk
-
04:33 — Why AI agent risk is now an operational risk
-
05:32 — What a survivable AI incident looks like
-
07:03 — Pressure on CISOs to not be the department of no
-
08:45 — Red flags when new AI capabilities launch
-
10:04 — How a dual mandate in security and data helps
-
12:35 — How business units get green-lit to build agents
-
15:38 — Managing AI governance across 10 regulators
-
17:36 — Biggest productivity gain from AI so far
-
20:53 — How to detect shadow agent activity in your team #AIAgents #ShadowAI #CISO #EnterpriseAI #AIGovernance