The Signal
The network stopped asking whether to allow AI. This month it started asking whether the security stack survives it.
Across the last 30 days of member priority submissions, the loudest AI thread was not shadow-AI policy. It was members re-opening controls they had already bought. A Business Services CISO said the external MDR model they run "seems to not be on par" now that AI is in the picture. A Finance CISO is evaluating an AI-native MDR to replace the one in production. A Manufacturing analytics leader is deploying agents over the next six months and wants a security layer wrapped around them before they ship.
No single vendor owns this yet. Members named a dozen different tools across MDR, secure access, identity, and AI red-teaming, and none showed up more than a handful of times. That scatter is the point. There is no default "AI security" purchase, so buyers are re-evaluating the stack one control at a time.
The pattern underneath: AI is not a new line item for these leaders. It is a reason to re-open decisions they thought were closed.
From the Network
"We currently utilize a hybrid model with external MDR active. However as we are approaching AI, the strategy seems to not be on par with our current model."
"Reducing security risk as we adopt agentic AI capabilities. We need an observability and security platform for cloud applications."
"We are investigating how to upgrade our current internal security environment to address the rapidly changing landscape as AI is used more by attackers."
All three describe the same move. The AI decision forces the security decision, and the security decision is a re-evaluation, not an add-on.
Top Open Priorities This Week
Two raw asks pulled directly from member submissions in the last 14 days, unedited:
"Deploying a lot of AI agents in the next 6 months and need to add the security layer to this."
"We're evaluating AI-powered MDR solutions to improve threat detection and response. I'd like to assess the vendor's AI capabilities, analyst model, integrations, automation, and measurable improvements over our current MDR approach."
Both members are buying controls to wrap around AI their organizations already committed to. One is securing agents headed for production. The other is replacing an MDR model that no longer fits.
Member Spotlight: Ammar Ammar, University of Tennessee Health Science Center
The Signal is about putting security ahead of the AI decision, and few members live that more directly than Ammar Ammar. He leads technology and security at the University of Tennessee Health Science Center, where his teams are wiring AI into healthcare work that touches heavily regulated data, and he put his rule for it plainly in his DoGood member spotlight: "We do security first, and then we design things to fail in a secure way, but we provide availability in a secure way."
The Context
The headlines are catching up to what the network is already voicing. NeuralTrust surveyed 160 CISOs for its State of AI Agent Security 2026 report, published June 25. It found 72% of organizations have deployed or are scaling AI agents, while only 29% report comprehensive security controls for them. That leaves 71% running agents with no adequate controls in place.
Bottom Line: The gap is not a policy problem. The controls these enterprises already own were built for human users, not autonomous agents, so closing the gap reads as replacement spend, not a new budget line.
What to Do About It
Pull your MDR, EDR, and identity contracts this week and ask one question of each: does this control see and stop a non-human identity or an agent taking action on its own? Where the answer is no, you have found your first AI-security decision. Treat it as a renewal conversation, not a net-new purchase.
The CXO Brief is powered by the DoGood network, 5,000+ IT leaders sharing what they are actually working on.
Know a CIO who needs this? Forward it and they can subscribe here.
Enterprise IT leader at a $100M+ company? Apply to join DoGood.
