The AI Acceleration Imperative and Security Challenge
This RSAC 2026 interview captures a pivotal moment in enterprise AI adoption, featuring Ian Swanson from Palo Alto Networks and Ravi Krishnamurthy from ServiceNow discussing how organizations can accelerate AI deployment without compromising security. The conversation centers on the fundamental tension CISOs face: CEOs demanding rapid AI transformation while security leaders must ensure safe, trusted implementation. Both executives emphasize that enterprises have reached an inflection point where AI is delivering tangible productivity gains across customer service, back-office operations, and core workflows. The discussion introduces the concept of deploying AI bravely—moving fast while maintaining comprehensive security controls through integrated visibility, scanning, and runtime protection capabilities.
Shadow AI Discovery and Runtime Protection
The interview explores three critical security pillars for AI governance: discovering shadow AI deployments across the enterprise, assessing novel AI-specific risks through artifact scanning, and protecting systems at runtime from emerging threats like prompt injection and memory manipulation in agentic workflows. Swanson emphasizes that traditional cybersecurity tools don't adequately address these new threat vectors, requiring purpose-built AI security capabilities. The partnership between ServiceNow and Palo Alto Networks addresses this gap by combining ServiceNow's AI Control Tower—a unified governance model that connects business priorities with risk management—with Palo Alto Networks' scanning and runtime protection capabilities. This integrated approach enables organizations to identify hidden AI risks, scan models and artifacts for vulnerabilities, and deploy protections at the point of inference when AI systems make decisions.
Operationalizing Secure-by-Design AI at Scale
The executives stress that secure AI adoption is not a choice between speed and security but rather an imperative to achieve both simultaneously. Krishnamurthy introduces the AI Control Tower concept as a cross-functional coordination mechanism—analogous to air traffic control—that balances ROI and risk across security, data governance, and compliance teams. The partnership enables organizations to embed security natively throughout the AI lifecycle rather than bolting it on after deployment. Both leaders advocate for applying established security principles like zero trust, least privilege, and secure-by-design to AI systems while acknowledging that the pace and agility required for AI transformation demands new approaches. The key lesson is that organizations must move iteratively and quickly, as the risk of not adopting AI exceeds the risk of moving forward with appropriate security controls in place.
