By Carl Windsor, CISO at Fortinet
Build for Business Continuity in an AI-Augmented Enterprise
The 2026 CISO predictions made one point unmistakable. Large-scale disruption is not hypothetical. AI increases both the likelihood and the blast radius of failure. Because of this, business continuity planning will need to evolve accordingly.
To start, CISOs must redefine the organization’s Minimum Viable Business (MVB) with AI dependencies in mind. Which AI-driven systems are essential to keep operating? Which automated decisions need to be paused or overridden during an incident? What happens if a model, dataset, or agent becomes unavailable or untrustworthy?
Resilience in 2026 means understanding not just how systems fail, but how AI amplifies those failures. Traditional continuity plans rarely account for AI behavior under stress, and that must change. Similarly, tabletop exercises must now include AI failure scenarios, corrupted data pipelines, and autonomous actions that require rapid human intervention.
Treat AI as a Governed, High-Risk Capability
AI is increasingly being embedded across the enterprise, often outside traditional security visibility. Marketing teams use generative tools. Developers integrate external models. Business units deploy automation to accelerate decisions. Each of these introduces risk.
AI systems can leak sensitive data, be manipulated through adversarial inputs, or be coerced into unsafe behavior through prompt injection. And agentic AI introduces additional complexity, as autonomous agents interact with other systems and identities without direct human oversight.
In 2026, CISOs will need to treat AI as a high-risk capability that demands explicit governance. That includes defining ownership, enforcing access controls, securing training and inference data, and monitoring AI behavior in production. AI should be subject to the same scrutiny as any system capable of materially impacting the business.
Used responsibly, AI strengthens resilience by accelerating detection and response. Used without governance, it becomes a force multiplier for attackers.
Harden Identity for Humans, Machines, and AI Agents
Identity has become the control plane for modern environments, and AI is accelerating the complexity of those environments. The “2026 CISO Predictions” highlighted non-human identity as a growing source of systemic risk. A single compromised machine or agent identity can cascade across environments in seconds. Today, non-human identities already outnumber human users in many organizations. AI agents add a new layer by authenticating, querying systems, and taking action at scale.
In an AI-driven enterprise, identity compromise is not just a security incident. It is a resilience failure. CISOs need to ensure that identity controls are consistent across users, machines, APIs, and AI agents, with continuous verification and least-privilege enforcement. At the same time, identity governance must also assume automation, scale, and speed.
Strengthen Collaboration as AI Blurs Traditional Boundaries
AI dissolves traditional organizational boundaries. Decisions once made by individuals are now distributed across systems, teams, and automated workflows. During incidents, this complexity can slow response if roles and responsibilities are unclear.
No organization can build AI resilience in isolation. Instead, resilience depends on collaboration. To achieve this, CISOs need to align security, IT, data science, legal, risk, and executive leadership on shared assumptions about AI risk and response. Externally, collaboration with peers, partners, and public-sector organizations becomes even more critical as AI-enabled threats scale globally.
Assume AI-Accelerated Disruption and Stay Adaptive
AI compresses timelines. Attackers adapt faster. Mistakes propagate faster. Regulatory expectations evolve faster. In this environment, the appropriate mindset is to assume AI-accelerated disruption.
That mindset prioritizes continuous testing, regular reassessment of AI use cases, and rapid feedback loops between security and business teams. Resilient organizations treat adaptation as an ongoing discipline, not an annual review.
Resilience as a Leadership Imperative in the Age of AI
The role of the CISO has never been broader or more consequential. In 2026, effective CISOs will be those who understand AI not only as a technology, but as a force that reshapes risk, governance, and continuity.
Resilience will favor leaders who prepare for AI-driven disruption, test their assumptions, and ensure their organizations can continue operating when automated systems fail. That is the work of the modern CISO.
