{"id":362141,"date":"2026-07-06T04:09:46","date_gmt":"2026-07-06T11:09:46","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=362141"},"modified":"2026-07-06T04:09:46","modified_gmt":"2026-07-06T11:09:46","slug":"it-might-feel-like-weve-been-here-before-but-we-havent","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2026\/07\/it-might-feel-like-weve-been-here-before-but-we-havent\/","title":{"rendered":"It Might Feel Like We\u2019ve Been Here Before, But We Haven\u2019t"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">As artificial intelligence (AI) adoption surges and organisations move from the \u2018should we?\u2019 phase to the \u2018how do we?\u2019 phase, it\u2019s natural to evaluate the likelihood of positive returns on AI investments. That\u2019s always been the case with the onset of each new technology paradigm: C-suite executives, guided by their boards and aided by technical and business teams, remain keenly focused on traditional metrics such as return on investment, shareholder equity, developing and extending competitive advantage, and ensuring superior customer relationships.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This time is different, however. I recently experienced that firsthand when I went to visit a major customer. My contact, a senior decision maker, gave me a pointed piece of advice about how to talk about AI with his boss, the CEO: \u201cPlease don\u2019t say anything negative about AI.\u201d The subtext was clear: The company was fully committed to AI and didn\u2019t want any cognitive dissonance to dissuade them from their mission.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It's hard to imagine a CEO taking such an absolutist stance on previous technology waves, such as cloud, bring your own device, or the internet of things. CEOs, board members, and technical leaders would be pragmatic in evaluating the benefits of investments and put mileposts in place to gauge progress \u2013 and to determine if and how to proceed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI is certainly a different kind of paradigm, though. While no one is casting aside careful evaluation and monitoring of AI investments, the underlying assumption is that we\u2019re stepping on the accelerator. We\u2019re all enthused not only by its potential for transformation and innovation, but also by how this technology can be leveraged for remarkable societal good.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, while the accelerating momentum toward AI and agentic systems is undeniable, it is vitally important to set aside the fervour around AI and take a sober look at how to deliver safe, secure, and tightly governed systems at enterprise scale.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Many organisations are underestimating the challenges of AI governance, in large part because they think they\u2019ve been here before. They already have many experiences of ensuring robust cybersecurity and strict governance for new technologies, as they\u2019ve done for remote systems, cloud computing, the internet of things, and more. They already have a corporate commitment to doing governance correctly and a sound governance model.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But this new era of AI and agentic systems is different. New challenges abound, and AI strategy, build-out, and governance must be in alignment from the start to ensure proper operational, ethical, and regulatory outcomes.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Our intention with this Peer Insights guide is to raise what we believe are existential issues around governance for this powerful, complex, and unprecedented technology wave. Few technologies have merited the often overused phrase \u2018inflection point\u2019 more than AI. The speed of AI adoption is nothing short of breathtaking; however, today\u2019s runaway embrace of AI is far stronger than our current ability to govern it. That\u2019s because AI represents a fundamental shift in how organisations do their business, interact with customers, make vital decisions, and execute their plans. This isn\u2019t just a technology play: It\u2019s a strategy for success and survival for entire industries and our global economy. The stakes have never been higher.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">CEOs care so passionately about AI because they see it changing nearly everything we\u2019ve learned and believed to be true about organisational success and failure. CEOs are in their positions for one purpose: to grow the business. AI can do that by transforming their processes and sparking new ideas. When that customer representative forewarned me, I really wasn\u2019t surprised to hear his CEO felt so strongly about AI: Research from BCG indicates that more than 94% of CEOs say they still plan to deploy AI <\/span><i><span style=\"font-weight: 400;\">irrespective of demonstrated business value<\/span><\/i><span style=\"font-weight: 400;\">, even if there is a lack of tangible ROI or financial benefits from the start.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Which brings us to the central role of AI governance. As we all know, there are many fundamental elements to any governance strategy, starting with robust, scalable, and intelligent cybersecurity. Cybersecurity - the foundation of governance - also includes the twin imperatives of accountability (\u2018rogue AI\u2019 being a real thing, after all) and regulatory compliance.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But good <\/span><i><span style=\"font-weight: 400;\">AI<\/span><\/i><span style=\"font-weight: 400;\"> governance has to go even further. Operational integrity is key to good governance because so much sensitive and even proprietary data is poured into AI models and accessed through powerful agentic AI systems. Now more than ever, organisations have to be transparent with customers and trading partners about how their AI systems operate, what kind of data is accessed, and how it is protected. And that doesn\u2019t just mean being upfront with customers by telling them when they are interacting with an AI agent. Let\u2019s take a typical retail use case: Imagine you\u2019re on a website looking at clothing, and the agent recommends specific styles of clothing in specific colours. True operational integrity would allow you to discover why and when the agent made those recommendations. Was it based on your prior purchasing history, or on your browsing patterns on a recent web session? AI and agentic governance take the guesswork out of the equation for those interacting with the system and help breed greater confidence and trust.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It's critically important for decision makers to view AI governance holistically, rather than through a series of narrow lenses. For instance, even though cybersecurity is the foundation of good AI governance, it\u2019s a mistake to treat AI governance primarily as a cybersecurity problem. If asked about ownership of AI governance, CEOs cannot and should not reply, \u201cOh yeah, the CISO has that covered.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI governance is fundamentally an enterprise risk problem, which means everyone must be involved in creating, deploying, managing, evaluating, and adjusting AI governance guardrails on a real-time basis. Again, AI is a different kind of risk environment than any we\u2019ve previously encountered. For the most part, organisations are simply not adequately prepared to apply the right level and right type of governance to AI and agentic systems. I\u2019ve spent much of the past 15 years of my career building governance frameworks, and while it has never been easy, we have had the advantage of being able to control many of the variables \u2013 such as infrastructure and network access \u2013 impacting governance decisions. With AI and agentic, we no longer have that advantage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To explore the critical and complex issues of AI governance, we\u2019ve enlisted five leading voices to bring their real-world experience to the discussion. Together, our five authors help lay out the new rules of the road for governing AI and agentic systems at scale.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Just as my customer gave me a heads up about the realities of speaking with his boss about AI, I\u2019d like to offer you a heads up about the realities of AI governance challenges before you read this <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/ebooks\/executive-edge-peer-insights-governing-ai-and-agentic-systems-at-enterprise-scale?utm_source=blog-pr-comms-emea-cxo&amp;utm_medium=organic\">Peer Insights guide<\/a>.\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Visibility is paramount for successful AI governance.<\/b><span style=\"font-weight: 400;\"> As we learned during the growth of trends such as cloud, bring your own device, and remote work, our employees will push the envelope with a do-it-yourself mindset. These tech-savvy and resourceful users are already making rogue AI a reality, so organisations need more visibility than ever into where AI \u2018science projects\u2019 and sandboxes are operating without anyone\u2019s knowledge.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AI governance must reflect the stunning velocity of change in AI development and deployment.<\/b><span style=\"font-weight: 400;\"> Not only does AI have its own never-imagined rate of change, but the technology is changing everything else faster \u2013 product development, supply chains, marketing programmes, and more. AI governance has to evolve just as rapidly. Governance in the AI world must be a living system, constantly evolving with new technology use cases.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Trust boundaries are incredibly different and difficult to manage in AI governance.<\/b><span style=\"font-weight: 400;\"> AI represents a new class of identity that simply didn\u2019t exist before. That means AI doesn\u2019t fit neatly into your existing identity management framework, making things like application whitelists and zero trust network access less effective.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Unfortunately, many CEOs, board members, and business executives simply don\u2019t understand the profound importance and complexity of these issues. They may have been heartened by how they integrated generative AI into their technology frameworks and their business processes, but GenAI was pretty familiar territory for CIOs, CTOs, and CISOs. Agentic AI is different for several reasons, including its automation and self-learning capabilities. Don\u2019t be lulled into a false sense of security: Agentic AI is not simply a refresh of GenAI.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As you get ready to dive into the following chapters, rethink how you define governance when applying it to AI systems and agentic AI. Most traditional governance models are imagined, constructed, and deployed as gates, preventing people from doing things or going places they shouldn\u2019t. Instead, think of AI governance as a guardrail to guide and direct people to get the most out of AI without creating problems. With so much excitement and investment around AI, organisations \u2013 and their employees \u2013 want to get the most out of their AI and agentic systems. We all know people don\u2019t want to hear \u201cno, you can\u2019t do that\u201d, so an effective governance system should use guardrails to drive proper, responsible, and safe usage of the technology.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Finally, as complex as AI and agentic governance are and will continue to be, don\u2019t overthink things in hopes of creating the perfect model \u2013 it doesn\u2019t exist. My advice is to start now, even if the model and framework are imperfect, and then bring the business along with you.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We at Palo Alto Networks are excited to give you insights, ideas, and actions you can take away from the chapters of this guide. We encourage you to share what you learn with your colleagues, peers, and team members \u2013 and to take prudent steps to build an AI governance model that rewards innovation without allowing your organisation to drift into dangerous waters.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><i><span style=\"font-weight: 400;\">Haider Pasha is VP &amp; Chief Security Officer, EMEA, Palo Alto Networks<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As artificial intelligence (AI) adoption surges and organisations move from the \u2018should we?\u2019 phase to the \u2018how do we?\u2019 phase, it\u2019s natural to evaluate the likelihood of positive returns on AI investments. &hellip;<\/p>\n","protected":false},"author":661,"featured_media":362147,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9943,155,6724],"tags":[],"coauthors":[6831],"class_list":["post-362141","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-security","category-cybersecurity","category-points-of-view"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2026\/07\/Gemini_Generated_Image_nwl4annwl4annwl4.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/661"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=362141"}],"version-history":[{"count":7,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362141\/revisions"}],"predecessor-version":[{"id":362161,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/362141\/revisions\/362161"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/362147"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=362141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=362141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=362141"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=362141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}