Note: This blog is based on insights from a recent fireside chat at CISO XC Dallas featuring Eric Bowerman (CISO, DFW Airport) and Anand Singh (Chief Security Strategy Officer, Symmetry Systems).
At the CISO XC Dallas Keynote (04/23/2026), Eric Bowerman and I sat down for what was supposed to be a fireside chat on AI and cybersecurity. It quickly became something more candid. Instead of talking about tools or trends, we found ourselves unpacking a deeper shift that is already underway. Symmetry Systems’ DataGuard and AIGuard products directly play in this space so it was amazing to get Eric’s strategic insights into how he sees the field evolving.
The reality is that the ground under security is moving. And most of us are still trying to understand what that means.
If there is one idea that stayed with me after the discussion, it is this:
AI did not create new security problems. It made existing ones impossible to ignore.
The SaaSpocalypse Isn’t Just Market Noise
We started with the so-called “SaaSpocalypse” and the sharp drop in SaaS and security valuations. It is tempting to dismiss this as macro pressure or short-term correction. It is not.
AI is fundamentally changing how value is created across the security stack. Capabilities that once required entire products are being absorbed into intelligence layers. Detection is increasingly automated. Manual-heavy workflows are becoming harder to justify economically.
Security is shifting away from a model built on scale: more tools, more alerts, more people and moving toward a model built on leverage: fewer systems, more intelligence, more automation
This is not cyclical. It is structural.
Agentic AI Changes the Game
We then moved into agentic AI, using the example of systems like OpenClaw. These are not just automation tools. They are entities that can take on tasks, make decisions, and act on behalf of users.
What makes this different is the combination of identity, access, and autonomy. These agents:
- inherit user identity
- access multiple systems
- make decisions based on context
- chain actions together over time
From a CISO perspective, this changes the core question. It is no longer enough to ask what a user can access. The more relevant question is what an agent can decide to do with that access, continuously and at machine speed.
That also raises a harder question that organizations are not fully prepared to answer. Who is accountable when those decisions lead to unintended outcomes?
Identity Is Where Things Start to Crack
Traditional identity models were designed around humans and static service accounts. They assume predictability. They assume bounded behavior.
Agentic AI breaks those assumptions. These are non-human actors that:
- operate continuously
- make intermediate decisions
- adapt based on context
What begins to fail is not authentication. It is control and attribution.
Least privilege becomes difficult to enforce when behavior evolves in real time. Access reviews lose meaning when the way access is used keeps changing. Audit trails become harder to interpret when actions are chained across systems and time.
Identity is no longer just about who or what something is. It is about what it is doing and how that behavior evolves.
Security Was Already Fragile
One of the most grounded points Eric made during the discussion was simple. AI has not broken security. It has exposed it. For years, organizations have operated with known gaps:
- over-permissioned identities
- unclear data ownership
- inconsistent classification
- fragmented visibility
These issues were manageable when systems moved slowly and humans were in the loop for most decisions. AI removes that buffer. It turns latent risk into active risk. What was previously theoretical or low-impact becomes immediate and scalable.
Governance Is Falling Behind
At the same time, AI adoption is moving faster than governance, visibility, and control frameworks. This creates a gap that CISOs now have to explain to executive leadership and boards. That is not an easy conversation.
Executives are asking direct questions:
- What AI is running in our environment?
- What data can it access?
- Where are we exposed?
The uncomfortable reality is that many organizations cannot answer these questions with confidence. The ones that are navigating this well are not pretending otherwise. They are being explicit about what they can and cannot see, and they are framing the risk in terms of business impact rather than technical detail.
AI Is Accelerating Old Problems
A recurring theme throughout the conversation was that AI is not introducing entirely new categories of risk. It is accelerating and amplifying existing ones. AI systems perform best when they have broad access and rich context. That means they naturally expose long-standing weaknesses:
- over-permissioned data stores
- shadow data across systems
- unclear ownership boundaries
- inconsistent data hygiene
What used to be messy but tolerable is now accessible and actionable by machines. That changes the risk profile in a very real way.
Ownership Is Getting Blurry
As AI agents begin to pull together data across systems, ownership becomes increasingly unclear. Data may originate in one system, be processed in another, and be acted upon in a third. Each of those systems may have different owners, controls, and assumptions.
Today, responsibility is fragmented across:
- data owners
- application owners
- security teams
- platform teams
AI collapses those boundaries, but organizational structures have not caught up. The result is a growing accountability gap where risk exists without a clear owner.
Legacy Assumptions Are Breaking
We also discussed how core security pillars like IAM, DLP, and SIEM were built on assumptions that no longer fully hold.
- IAM assumes identities behave in relatively predictable ways
- DLP assumes data can be bounded and movement can be tracked
- SIEM assumes activity occurs at a pace that can be monitored and analyzed
Agentic AI challenges each of these assumptions. If one area is showing the most strain, it is DLP. Data is no longer stationary, and context matters more than location. Static rules struggle to capture intent, which is increasingly what matters most.
The Hardest Question to Answer
Executives are asking sharper questions now, but one consistently stands out as the hardest to answer with confidence: what data can it access?
This is not a simple inventory problem. It requires a living, continuously updated understanding of how identity, data, and behavior intersect across systems. Who has access is only part of the story. How that access is actually used, how it evolves, and how it propagates across connected environments is what really matters.
Most organizations do not have that level of visibility today. The context exists, but it is fragmented across tools, teams, and platforms.
That gap is exactly what we are focused on solving at Symmetry Systems. Our AIGuard and DataGuard products bring together identity, data access, and behavioral context into a unified view, helping enterprises understand and secure how data is actually used in both human and AI-driven environments.
Where to Start
We closed the formal discussion on a practical note. If AI governance depends on understanding data, identity, and how they interact, then the first priority is visibility.
Not just where data lives, but:
- who or what can access it
- how that access is being used
- how it changes over time
Without that foundation, governance becomes reactive and incomplete.
When Agents Don’t Behave as Expected
A recent example from the Cursor ecosystem brought these ideas into sharp focus.
An AI coding agent, operating inside a development environment, began taking actions beyond what the user explicitly intended. It was not malicious. It was following its objective and continuing execution based on available context.
In the process, it:
- modified files across the codebase
- chained multiple steps without explicit checkpoints
- continued operating longer than the user anticipated
There was no breach. No attacker. No traditional failure. The system behaved according to its design. It had access, context, and autonomy. What caught people off guard was the lack of control and visibility once the agent started acting. The behavior was technically valid, but operationally surprising.
This is the shift that matters.
Security models have historically been built around:
- intentional human actions
- clear session boundaries
- observable decision points
Agentic systems do not operate within those constraints. They act continuously, make intermediate decisions, and move faster than humans can realistically monitor.
When applied to enterprise environments, the implications become clear. An agent with access to sensitive data can combine sources in ways no one explicitly approved. It can act on incomplete or misinterpreted context. It can produce outcomes that are valid from a system perspective but risky from a business perspective.
This is not a traditional breach scenario. It is a behavioral risk scenario. And most existing controls are not designed for it.
Ending on a Human Note
I asked Eric what stood out to him as he prepares DFW Airport for the FIFA World Cup influx. His answer was simple and unexpectedly memorable. Japanese fans clean up the stadium after games. Win or lose. It reflects a sense of ownership and responsibility that goes beyond obligation.
I joked that hopefully one day our AI agents will behave the same way. That they will clean up after themselves and leave systems in a better state than they found them.
We are not there yet.
Final Thought
AI is forcing a reset in how we think about security. Not just at the level of tools, but at the level of fundamentals. Eric and I discussed the three critical factors to being able to do good AI Governance – Data Context, Identity and Permission Context, and Data Flow Context.
The organizations that adapt will not be the ones with the most tools. They will be the ones that understand their data, control access with context, and remain honest about what they do not yet know.
Because in this new world, security is no longer just about defending systems.
It is about understanding behavior.
