All articles

AI-Era Security Demands Runtime Proof Over Policy Reporting

The Security Digest - News Team
Published
July 13, 2026

Albert Evans, Director of Cybersecurity at Tata Consultancy Services, explains why security leaders need to validate controls at runtime as AI accelerates the attack surface.

Credit: The Security Digest

Make The Security Digest one of your go-to sources on Google

Add The Security Digest on Google

You need to connect the governance, which is still important, but you need to tie it to runtime, to conditions on the ground. Wishing it won’t make it so.

Albert Evans

Director of Cybersecurity

Albert Evans

Director of Cybersecurity
Tata Consultancy Services

Many enterprise AI programs face one of two recurring constraints: funding without a coherent operating model, or a credible plan without sustained funding. Both share the same downstream problem, with boards and executives treating AI as a standard IT infrastructure project and taking governance shortcuts that surface later as failed initiatives, wasted spend, and security postures no one can actually validate in production. The cost of those shortcuts is what makes runtime proof an emerging operational requirement.

Albert Evans, Director of Cybersecurity at Tata Consultancy Services and an Expert Advisor at Primary Venture Partners, has spent his career securing the systems most organizations would call un-securable. He previously served as CISO for ISO New England, where he protected a $13 billion wholesale electricity marketplace and the bulk power grid serving 15 million residents. The U.S. Army veteran brings a battle-tested perspective to the boardroom, and his current read on enterprise AI is that the operating model behind most initiatives is structurally flawed.

"You need to connect the governance, which is still important, but you need to tie it to runtime, to conditions on the ground. Wishing it won’t make it so," says Evans. Industry analysts frequently argue that AI technology moves too fast for security teams to keep pace, and Evans pushes back on that framing. In his read, the real vulnerability is an accountability gap, and he believes in a layered operating model. Autonomous AI requires board oversight and clear management accountability, not routine board involvement in operational decisions.

In Evans' model, the board should establish risk appetite, approve governance principles, oversee material AI risks, and require evidence that high-impact autonomous systems remain within authorized boundaries. Executive management and a cross-functional AI governance body should assign accountable owners, risk-tier use cases, define decision rights, approve material exceptions, and ensure adequate funding. Business, technology, security, data, legal, privacy, HR, and risk leaders should implement and monitor the controls and internal audit should provide independent assurance. Material residual risks, repeated control failures, or unresolved exceptions that exceed management authority or organizational risk tolerance should be escalated to the appropriate board committee.

Closing the runtime blind spot

Without executive oversight, autonomous tools are being deployed into production environments with no one watching them, creating the blind spot where autonomous AI agents can be manipulated through trusted content, tools, memory, credentials, or indirect prompt injection, causing harmful actions that may appear authorized to conventional controls. Evans argues that securing these environments requires the kind of organizational redesign Six Sigma demanded a generation ago, with executive commitment to break down departmental silos and re-engineer business workflows. HR has to be involved early to reconstruct job descriptions and pay bands so the right humans stay in the loop to check the AI's work. The urgency is operational, with cybercrime groups restructuring themselves to operate at machine speed, which puts unmonitored deployments at the front of the attack surface.

"Instead of traditional 'living off the land' using other tools, they get into your autonomous AI and use that against you. And so many people don't have any type of runtime controls. They're not going to know it, they're not going to be able to detect it, they're not going to be able to respond to it, they're not going to be able to contain it," Evans says. The deeper problem is that static authorization models were built for human employees and do not translate cleanly to systems that act on their own. As enterprises delegate more execution authority to AI agents, they must extend identity governance beyond human users and conventional service accounts

The capability gap is not solely technical. Many necessary controls exist, but tooling maturity, integration, operating discipline, and organizational authority remain uneven. Advanced tooling can automate exposure discovery, validate defensive controls, prioritize likely exploit paths, and deploy compensating controls while patches are developed, tested, or scheduled. The challenge is implementation discipline, with real-time tracking of autonomous actions being exactly what most teams have yet to operationalize. "Now with an AI agent, it's, 'Here's what I'm telling you that you can do.' And then I need to track it in real time to make sure that's what you did," Evans notes.

Containing attacks at machine speed

Public data has confirmed for more than a year that threat actors are already operating with AI, yet many organizations continue relying on manual SOC processes while ignoring published best-practice documents, adoption guidelines, and warnings from global intelligence agencies about the future of autonomous identity operations. DevSecOps is the clearest example of the pattern, where paper-based policy rarely connects to the technical enforcement that would actually contain risk in code. It can become organizationally isolated when policy ownership, pipeline authority, application risk, and security accountability are not clearly connected.

The same enforcement gap shows up across incident response, where the speed required to contain modern attacks runs directly into the bureaucratic approval chains most organizations still use. Reconfiguring containment authority is what separates organizations that survive a machine-speed compromise from those that find themselves on a war-room call hours after the damage is done. "Even if they focus on improving the SOC, they have things outside the SOC," Evans notes. "If you want to contain a system, I need to talk to the system owner, the application owner, I need to get this director's approval. That's hours and hours of time. You get a compromise at two in the morning on Saturday. How long does it take you to get the human bureaucratic approval to contain the system? It's too slow."

The disconnect also plays out at the board level, where security leaders often report against static metrics that signal coverage without measuring actual exposure. Closing the gap means translating policy into enforceable runtime controls, continuous telemetry, tested response procedures, and evidence of operating effectiveness. Evans has published a free, open-source Agentic AI framework covering AI FinOps, control mapping, and governance modeling for organizations still treating the work as theoretical. "Framework alignment identifies desired outcomes. It does not by itself prove that controls are appropriately designed, correctly configured, or operating effectively," he concludes.