SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Security leaders urge governance as AI reshapes defence

Security leaders urge governance as AI reshapes defence

Thu, 16th Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

Security leaders are marking AI Appreciation Day with calls for resilience and governance.

Executives from cybersecurity and AI firms say organisations must treat artificial intelligence as a structural change, not a passing trend.

Across the industry, senior leaders describe a shift from viewing AI as a standalone product to embedding it in security operations and broader business processes. Their comments reflect growing pressure on boards and technology teams as attackers, regulators and customers respond to rapid advances in machine learning and large language models.

Several experts argue that AI's role in security is collaborative, not replacement-led. Human oversight and system design, they say, will determine whether AI strengthens resilience or introduces new weaknesses.

Human And Machine

Eoin Keary, Chief Executive Officer and Founder of Edgescan, said AI should work alongside security professionals, not above them.

"What's so important to understand today about AI is how it can enhance human capability, not replace it. While there's no shortage of conversation and handwringing about the risks AI brings (which is reasonable and true), what's sometimes overlooked is the value that AI insights bring to functions like penetration testing, API testing and more. When the conversation fixates on AI replacing humans, it fails to properly understand and appreciate that AI isn't a panacea but instead, it's a powerful new tool in the human security expert's toolbox. Paired, AI and human expertise have the potential to be a truly winning combination," said Eoin Keary, Chief Executive Officer and Founder, Edgescan.

His comments reflect a broader view that automation can extend the reach of scarce specialist skills. Testing teams now face sprawling cloud estates, API sprawl and complex supply chains, all of which put pressure on manual approaches.

From Periodic To Continuous

Joshua Brown, Chief Information Security Officer at Spektrum, linked AI adoption to a redefinition of resilience metrics and assurance methods.

"AI Appreciation Day should challenge us to rethink how we measure resilience in a world where AI is reshaping both offense and defense. One of the biggest misconceptions about AI in cybersecurity is that it creates entirely new risks. That lacks nuance: more often, it changes the economics of existing ones. AI is compressing the time between vulnerability discovery and exploitation, exposing weaknesses that may have existed for years but were simply too costly or difficult to find at scale. That shift doesn't make cybersecurity impossible, but it does render many traditional approaches obsolete. Static assessments and point-in-time attestations can no longer keep pace with dynamic threats. The organizations that thrive in this new reality won't be the ones chasing every new vulnerability. They'll be the ones continuously validating that their security controls are working, reducing attack paths, and proving resilience through measurable evidence rather than assumptions. AI is forcing a transition from periodic trust to continuous verification. That's what we should appreciate about AI: that it's pushing our industry toward more transparent, evidence-based security. As AI continues to evolve, resilience will belong to organizations that can continuously demonstrate, not simply declare, that they're prepared for whatever comes next," said Joshua Brown, Chief Information Security Officer, Spektrum.

Security teams are increasingly deploying AI-driven monitoring and validation tools. The shift moves the focus from occasional certification exercises to continuous measurement of defensive performance.

Reliability Under Stress

Other contributors focus on AI reliability in production environments, where failure carries direct operational consequences. They point to national security, industrial control and critical infrastructure as areas that demand robust engineering around models.

Jags Kandasamy, Chief Executive Officer at Latent AI, framed adaptability as the defining measure of AI's value.

"AI Appreciation Day is a reminder that AI's true value is measured by how reliably it performs when the stakes are highest. As organizations race to adopt AI, there's understandable excitement around model size, reasoning capabilities, and speed. But the next chapter of AI success will be defined by something less glamorous and far more important: adaptability. The real world is unpredictable. Environments change, data shifts, hardware evolves, and users depend on AI to continue delivering trusted outcomes despite those changes. Whether supporting national security, critical infrastructure, manufacturing, or industrial operations, AI must be engineered as part of a complete system, not treated as a standalone model. That means designing for resilience, interoperability, efficiency, and the ability to evolve over time. At Latent AI, we've learned that the question isn't simply, "Can AI work?" It's, "Will AI keep working when conditions change?" That's the difference between an AI application that succeeds in the lab and one that delivers lasting value in production. As AI becomes foundational to how organizations operate, we should appreciate both the remarkable advances in models, as well as the engineering discipline required to make AI trustworthy, adaptable, and operational in the real world. That's where AI creates its greatest impact," said Jags Kandasamy, Chief Executive Officer, Latent AI.

His remarks underscore the need for lifecycle management, hardware awareness and system integration. Those issues sit alongside headline debates about model performance and training data.

Criminal Adoption

AI is also changing attacker behaviour. Netcraft points to data showing both rising scam volumes and the rapid automation of takedowns and response.

Ryan Woodley, Chief Executive Officer at Netcraft, said criminals have already integrated AI into their operations.

"Every conversation about AI seems to start from the assumption that it just arrived. In reality, it hasn't. We've been using it for years. AI and ML have been critical innovations to meet the scale of phishing, fraud, and scams. What's changed is the scale and sophistication of threats as criminals have adopted LLM technologies. Today, cybercriminals are adopting AI as fast or faster than upstart AI-native security solutions. They're using it to launch organized, personalized, multi-vector attacks in minutes. In 2025, the FBI received more than 22,000 reports of AI-related scams, according to the agency's annual cybercrime report, with reported losses totaling about $893 million. And AI-linked investment scams alone accounted for more than $623 million in losses. This is a reminder that AI doesn't take sides. The same capabilities that help us defend can just as easily be turned against us, which means responsible use matters just as much as adoption does. While criminals are advancing, so are defender capabilities. Last year, on behalf of our clients, Netcraft deployed millions of takedowns of criminal infrastructure, of which >99% were fully automated, leveraging AI throughout threat detection, classification, and takedown to establish and maintain trust across the internet. As businesses deploy thoughtful and intentional uses of AI throughout the attack chain, we'll all find greater appreciation and less apprehension as AI continues to proliferate the modern lived experience," said Ryan Woodley, Chief Executive Officer, Netcraft.

The figures point to the growing economic impact of AI-driven fraud. They also show how defenders rely on machine automation to operate at comparable scale.

Shadow AI And Governance

Governance concerns run alongside the technical and operational themes. Coalfire raises the issue of "shadow AI", where employees and business units deploy tools outside formal policy.

Brad Little, Chief Executive Officer at Coalfire, argued that leadership teams must align innovation with control structures.

"AI Appreciation Day could be every day, given that it's fundamentally changing how work gets done and how systems are built. We've have already passed the inflection point where AI adoption and security risk converge into one operating reality. Current data reveals that 80% of leaders encounter shadow AI daily, proving that innovation is moving faster than many traditional operating models can handle. While AI adoption offers immense opportunity, it can look inexpensive on the front end while becoming incredibly costly on the back end if security and governance are not engineered into the foundation from the start. To truly appreciate AI, we must from a compliance-first mindset to a security-first model. It's time to move away from the old habit of bolting on security as a late-stage review and instead treat security, compliance, and innovation as a single leadership problem. Ultimately, modernization cannot move without trust. In this era, the organizations that move the fastest with AI will be those with the strongest security, governance and trust foundations, which need to be part of the business strategy from day one, not after deployment. By engineering resilience into our AI systems today, we turn trust into our most valuable competitive advantage," said Brad Little, Chief Executive Officer, Coalfire.

His stance reflects a broader industry push for security-by-design in AI projects. Boards are now weighing AI investments against regulatory scrutiny, customer trust and long-term operational risk.