Boards are being told that AI is transforming their business. Very few are being told what it is doing to their threat surface. The gap between AI adoption and AI risk governance is widening in most organisations, and the consequences are starting to show up in breaches, failed audits, and deals that fall apart in due diligence.

 

This talk is designed for security leaders and senior practitioners who need to close that gap by building a credible AI risk narrative that holds up to scrutiny. It draws on the emerging landscape of AI-enabled attacks: from LLM-powered social engineering to adversarial manipulation of AI-assisted security tooling, and translates them into the language of business risk that a board can act on.

 

The talk also addresses the strategic challenge of integrating AI governance into existing security frameworks like NIST, ISO 27001, SOC2 Type II, and the emerging AI-specific extensions (ISO 42001, NIST AI RMF) without creating a parallel compliance burden. The goal is a coherent AI threat model that is proportionate, explainable, and defensible to clients, investors, and regulators alike.