AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk - IT Security Guru
About Us
Thursday, 16 July, 2026
Home
Features
Insight
Channel News
Events
Most Inspiring Women in Cyber 2026
Topics
Cloud Security
Cyber Crime
Cyber Warfare
Data Protection
DDoS
Hacking
Malware, Phishing and Ransomware
Mobile Security
Network Security
Regulation
Skills Gap
The Internet of Things
Threat Detection
AI and Machine Learning
Industrial Internet of Things
Multimedia
Product Reviews
About Us
No Result
View All Result
Home
Features
Insight
Channel News
Events
Most Inspiring Women in Cyber 2026
Topics
Cloud Security
Cyber Crime
Cyber Warfare
Data Protection
DDoS
Hacking
Malware, Phishing and Ransomware
Mobile Security
Network Security
Regulation
Skills Gap
The Internet of Things
Threat Detection
AI and Machine Learning
Industrial Internet of Things
Multimedia
Product Reviews
About Us
No Result
View All Result
No Result
View All Result
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk
by<br>Guru Writer
July 16, 2026
in<br>Featured
Share on FacebookShare on Twitter
Today marks AI Appreciation Day, the annual moment set aside to reflect on how far artificial intelligence has come. For the security industry, that reflection looks less like a party and more like a stocktake. AI has quietly become embedded in almost every layer of enterprise IT: writing code, triaging alerts, hunting threats, running backups, and increasingly, acting on its own initiative. The question security leaders are asking this year isn’t whether AI deserves appreciation but whether organisations have built the identity, governance and resilience layers to deserve what AI can now do.
IT Security Guru asked cybersecurity leaders from across the industry, spanning identity, threat intelligence, backup and recovery, GRC and cyber-resilience vendors, what AI Appreciation Day means to them in 2026. Their answers converge on a theme: AI has earned its seat at the table, but trust, accountability and human oversight haven’t kept pace with its capabilities.
The identity gap nobody planned for
The most immediate concern isn’t whether AI works; it’s whether anyone can say with certainty what it did and why. As AI agents move from answering prompts to independently taking action, that ambiguity becomes a governance problem in its own right.
John Cannava, CIO at Ping Identity, argues that this shift demands a fundamental rethink of how organisations manage machine identity:
"Organisations are increasingly deploying AI agents across the enterprise, and the opportunities for innovation and efficiency are tremendous. These systems are doing more than just responding to prompts. They’re making decisions, taking actions, and even spawning new agents with increasing autonomy and speed. That evolution is transforming how work gets done, and it’s also reshaping the security landscape. Now the challenge is that many organisations are adopting AI agents faster than they can establish clear identity, accountability, and governance for them. When you can’t definitively answer what an agent did, why it did it, or under whose authority it acted, you create unnecessary risk and uncertainty. This is why identity for AI must become a foundational priority. Every agent needs a verifiable identity, clear permissions, and continuous oversight, just like any human user or service account. By building trust, visibility, and accountability into AI from the start, organisations can unlock the full potential of autonomous AI while managing risk and strengthening security."
Dave Hayes, Vice President of Product at FusionAuth, goes further, arguing that the entire framing of “agent legitimacy” misses the point:
"An AI agent is not a new user to authenticate. It has no authority of its own; it acts for a human, and that human is where the authority comes from. So, the question isn’t whether the agent is legitimate, but whether it can do only what its human owner is already allowed to do. Policy can’t enforce that. People follow the rules partly because breaking them gets you fired, and an agent has no job to lose. Give it a goal, and it treats your policy as an obstacle to work around. We surveyed 300 security and technology leaders: 84% of those most confident in their AI security had a confirmed AI-identity breach last year, most with governance they’d have called comprehensive. Architecture fixes this, not wording. AI is probabilistic, so your identity layer has to be deterministic."
That statistic is worth sitting with: the organisations most confident in their AI security were also the ones most likely to have already been breached through an AI identity. Confidence, it turns out, is not the same as control.
Governance stops being optional by law, not just by choice
If identity is the technical gap, governance is the organisational one. Several contributors argued that the...