Subscribe Home Conversations On AI App Development CRM Enterprise IT Ethics & Governance Futures HR Industries ServiceNow on ServiceNow Platform Foundations Products & Solutions All topics For Leaders In IT & Dev Customer Experience Finance, Operations & Strategy Employee Experience Security & Risk News & Events People & Culture My List Explore All
EXEC SIGNALS July 14, 2026 6 min The agentic enterprise needs a new security operating model Threats move at machine speed. Security must keep pace. Ethics and Governance Research
Abstract big data visualization with colorful data streams
Exec Signals One hundred executives at large, global organizations shared their insights on AI security, scaling, and economics, signaling where the operating model gap is widening, who's closing it, and what the difference looks like in practice.

Cybersecurity threats and AI-driven attacks are reshaping leaders’ technology strategies. Most agree that AI-powered attacks have raised their risk exposure. It’s not just that threats are getting smarter. As AI is embedded across the enterprise, the control surface grows larger and less visible. 

Yesterday’s security operating models aren’t sufficient to address today’s threat landscape. According to ServiceNow’s panel of 100 executives, visibility of exposure is incomplete, threats are surfacing faster than organizations can respond, and governance often stops short of action-level traceability. In the age of agentic operations, security failure begins with what the enterprise can’t see, govern, or prove. 

Visibility gap
SIGNAL 1 The attack surface has outgrown visibility

The attack surface now includes every system, device, and AI agent that can connect, access data, or trigger a workflow. That creates a sharp visibility gap.  

Limited visibility across systems and environments ranks as our panel’s second-most significant security constraint, closely followed by exposure from AI agents and machine identities operating without adequate governance.  

Every AI agent is an identity, but most aren't tracked. Nonhuman identities (digital identities not operated by a human that interact with enterprise systems and data, such as service accounts, API credentials, and AI agents) are seen by most as a greater risk than human ones, yet few report full visibility and control over them. Without visibility, security leaders can’t quantify their risk or act on exposure. 

From insight to action 

Act on asset risk in real time. Connect every digital identity to a single intelligence layer where it’s discovered upon appearance, classified by business criticality, mapped to its access paths, and monitored for exposure changes.  

Knowing what exists is not enough, however. Every asset and identity must be understood in context: what it connects to, which teams and services depend on it, and how changes affect exposure across the enterprise. 

The next step is to connect intelligence directly to action: When a new exposure appears, the workflow to assess and remediate it should already exist. Traditional security controls across endpoint, network, and identity still matter, but they don’t cover the agentic surface on their own.

AI is an accelerator, but the key is understanding your assets and having the right security controls around them. It’s really about strong asset management and maintaining clear visibility. Chief Information Officer Energy Empresa, UK
CISO mandate
SIGNAL 2 The CISO mandate has outpaced operations

The chief information security officer (CISO) role is shifting from defending the perimeter to enabling safe enterprise operations. AI governance, machine identity, autonomous agents, data protection, third-party exposure, and auditability of AI decisions all sit inside the mandate now.

The operating model hasn’t caught up. Governing how AI is deployed and operated is a top security priority. Fragmented tools and systems are the leading challenge panelists face in managing risk in an AI-driven environment.

Many say their organizations can demonstrate oversight and controls. Far fewer produce complete audit trails, making it difficult to identify the root cause of any incident. AI is being deployed faster than governance programs were built to manage it.

From insight to action 

Govern continuously; prove instantly. CISOs need an operating model that matches their mandated scope. That requires a unified governance and control layer. A platform-led approach connects fragmented tools and systems, provides a common interface for oversight, and enforces consistent policy across the enterprise.

As AI agents become more capable, organizations must enforce governance layers that define what these agents can access, trigger, and change—before they act.

Governance needs to move from policy documentation to operational proof. Evidence must accumulate as a byproduct of operations, and manual assembly won’t keep pace with autonomous agent activity. Governance now depends on traceability and accountability.

Every action performed by a non-human identity must be traceable to an accountable human owner to ensure legal attribution, oversight, and responsibility. Jeffrey DiMuro Deputy Chief Information Security Officer, ServiceNow
Detection without action
SIGNAL 3 Detection moves faster than response

AI is already strengthening detection. Reduced manual workload, earlier risk identification, and sharper prioritization are benefits reported by the panel. But detection is not control. Very few describe their AI-driven security operations as fully autonomous from risk identification through closure. Detection delivers meaningful value only when action follows.

The majority of leaders acknowledge they identify more threats than they can act on in time. But improving response time doesn’t rank high on the security priority list. Instead, the panel focuses on upstream challenges, including fragmentation, visibility, and machine-identity governance.

Deprioritizing response could be costly. The greatest AI-powered threats cited by our panel include hyper-personalized phishing, deepfakes, and the velocity of attacks that outpace human response. These fast-moving threats exploit the gap between seeing and stopping.

From insight to action

Prebuild the response. Solving upstream causes can help, but closing the gap between detection and response requires building response workflows before threats arrive.

AI-enabled detection should trigger workflows that route ownership, isolate exposure, monitor and revoke access, deploy patches, escalate exceptions, and document the response without forcing teams to rebuild context manually each time.

Human judgment still matters for high-impact decisions, but it shouldn’t be a bottleneck for routine containment. The operating goal is preventive and predictive: fewer handoffs, faster triage, automated guardrails, and clear escalation paths when human review is needed. 

In this AI-driven world, where the speed of attacks is extremely fast, making IPS [intrusion prevention system] more effective is probably the most critical need. Chief Information Officer Manufacturing Conglomerate, U.S.
Stalling scale
SIGNAL 4 AI scale is exposing organizational cracks

The barriers to scaling AI are no longer just technical. The panel says operating-model silos and weak cross-functional alignment are blocking value alongside data readiness and system fragmentation.

Pilots can work around organizational complexity, but once AI is more integrated at scale, the challenge becomes coordinating ownership, governance, data, process change, and accountability across the enterprise. This is where many AI strategies are strained.

Only a small minority of the panel reports significant return from AI investments, and many say the benefits of AI haven’t yet been proven at scale. Significant barriers remain, and they now sit as much in the operating model as in the technology stack.

From insight to action

Design for scale, not pilots. Scale demands a different management model: shared ownership, connected workflows, common data foundations, governance built into execution, and leaders who can manage cross-functional change. AI-enabled workflows should be designed around enterprise outcomes instead of function-by-function automation.

Business and technology leaders must come together earlier. Before scaling a use case, define who owns the decision, who owns the risk, what data is required, what systems need to connect, and how success will be measured.

Consolidating fragmented systems and platforms to create a more connected and secure environment is important. Improving data quality will be critical for better decision-making. SVP, Security Engineering Retail Empresa, U.S.
AI value
SIGNAL 5 AI’s measurement frame needs to evolve

The panel is split on AI cost versus human labor cost. Some say AI-related costs are lower due to efficiency and automation gains. Others say they’re comparable or higher, or that it’s too early to assess them. The reality is that the full cost picture is often fragmented or incomplete.

How leaders measure AI value shapes cost realization. When we examine the metrics our panel commits to from AI investments, a pattern emerges. Most focus on productivity and cost- reduction metrics. Very few commit to other enterprise-level outcomes, such as revenue growth, customer acquisition, or risk exposure reduction.

AI's broader cost versus contribution across the operating model is not yet inside most measurement frames. 

From insight to action

Measure the total value of AI. Cost comparison should move beyond “AI versus human labor” as the unit of analysis. AI may be able to perform a task more cheaply, but the more important question is whether the full system—including the infrastructure, data, workflow, and governance—delivers value across the entire operating model.

A better investment case measures what AI has made possible over time: exposure reduced, incidents prevented, resilience improved, decisions accelerated, capacity released, and revenue or service outcomes improved. Those outcomes make AI’s economic advantage clear.

The most visible costs are token usage and the technology itself. Governance and related operating costs are less prominent and visible. Head of Security Ops Retail Empresa, U.S.

Our panel of executives knows the threat surface is expanding at machine speed while the security operating model is still evolving.

The organizations that connect visibility to action, governance to operations, and AI investment to auditable outcomes will be the ones that treat security not as a constraint, but as an operating model for growth. In that model, every signal drives action, and every action is traceable.

About the Exec Signals panel

The Exec Signals panel comprises 100 technology and business executives from large global companies, all with decision-making or significant influence over AI and enterprise technology strategy. Insights were gathered through a structured survey, surfacing directional intelligence on how the leaders are navigating AI. Research was conducted independently by global research firm Phronesis Partners. 

Next up
Stay in the know Join Us
stay in know image
Alt