Boyd Clewis

expert panel

AI agents are quickly moving from helpful assistants to active participants in business workflows, and that shift is creating a new access-control challenge for security leaders. To do their jobs well, these systems often need to interact with customer records, financial systems, employee data, proprietary information and other sensitive resources. That creates a difficult balance: The more access agents have, the more useful they may become—but the more damage they can do when something goes wrong. And that risk isn’t theoretical. A 2025 IBM report found that among organizations that experienced an AI-related breach, 97% lacked proper AI access controls, and 63% had no AI governance policies at all.Traditional access models weren’t built for autonomous tools that can act across systems, make rapid decisions and process large volumes of data in seconds. When convenience trumps safety in AI adoption, loose access can expand an organization’s attack surface before security teams can assess the risk. As AI agents become more embedded in daily operations, organizations need to think differently about identity, permissions and accountability. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security architecture. Below, five of them share how leaders should weigh the trade-offs of AI agent access and rethink permissioning for AI-driven systems.

expert panel

The challenge is in the name: Zero-day attacks don’t wait for a convenient moment. They arrive before there’s a known fix, before teams fully understand the blast radius and often before leaders have a clear answer to the most basic question: “What exactly is happening?” In that moment, an incident response plan becomes more than a document. It becomes a stress test of how well an organization can coordinate a solution and make critical decisions with limited information and zero warning.That kind of pressure can expose system and human weaknesses that routine drills miss. With exploited zero-day vulnerabilities affecting enterprise technologies reaching an all-time high in 2025, leaders must act now to strengthen weak links in the response chain: approval chains that move too slowly, communication channels that break down, and assumptions about staff, systems and partner readiness that don’t hold true. The risk isn’t limited to technical disruption: A poorly handled response can affect operations, customer trust, regulatory exposure and reputation all at once.While zero-day attacks strike without warning, it doesn’t mean organizations can’t prepare. Teams that are ready to respond aren’t built only around technical expertise. They’re trained to act decisively under uncertainty, structured to coordinate across functions and empowered to make fast, informed calls when waiting could make the situation worse. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security leadership. Below, three of them share what zero-day incidents reveal about incident response readiness and how organizations can build teams capable of withstanding the pressure.