When You Turn On AI, Who Owns the New Signals?
Turning on generative and agentic AI floods the enterprise with alerts, logs, and telemetry. Here's how to decide what's cybersecurity's job — and what isn't.
Turn on AI, and the signals start pouring in.
The moment an enterprise activates generative and agentic AI — ChatGPT, Copilot, internal agents, MCP servers — it starts generating a flood of new alerts, logs, and telemetry. Some of it is unmistakably cybersecurity's problem: prompt injection, credential abuse, over-permissioned tools, rogue agent behavior. But a lot of it isn't. Hallucinations, model misfires, answer quality, workflow accuracy — those are real problems that belong to product and AI governance, not the SOC.
The question I keep hearing from security leaders is where that line sits. Most aren't looking to stand up a separate "AI security" team — they want to embed the security of AI into the cybersecurity organization they already have. But that only works if everyone agrees on what cyber owns, what product owns, and what governance owns, before the signal volume becomes unmanageable.
These slides are how I think through it: from where most enterprises actually are today, to a clean ownership boundary, to the enforcement point that makes AI activity visible (the AI gateway), to the hard problem of detecting rogue agents, and finally to the vocabulary and MCP architecture decisions that quietly determine your blast radius.
One line I keep coming back to: cybersecurity owns whether AI can safely act; product owns whether it acts correctly.
This deck works through five questions I hear constantly:
- Is securing AI wholly cyber's job, or only where cyber risk lives?
- Should cyber build its own AI gateways and guardrails, or partner with product teams?
- Can anything actually detect rogue agentic activity today?
- Do we share a common taxonomy — agent, sub-agent, orchestrator, tool?
- What's leading practice for spinning up and isolating MCP environments?








