FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense

As if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse.

That wasn’t the headline at RSAC 2026 last week — agentic AI dominated the agenda — but the stress was visible at the ground level if you knew where to look.

Sanjay Castelino, president of Skyhigh Security, knew where to look. While the Trump White House was pulling federal agencies off the conference floor — fracturing the public-private threat intelligence pipeline RSAC had sustained for three decades — Castelino was tracking a pressure building from the other direction.

He had spent time in Europe roughly a month earlier, meeting with customers across the EU and UK. The message was uniform and pointed: enterprises there were reassessing whether US-controlled cloud infrastructure could be trusted as the foundation of their defenses.

The concern wasn’t technical. It was political — an erosion of confidence in US oversight that had accelerated sharply in recent months. What they wanted was the guaranteed ability to control their own defensive perimeter, on-premises or inside sovereign cloud environments their own governments could reach.

The federal boycott playing out a few hundred yards away at Moscone was, if anything, a live demonstration of exactly what they were worried about. Over the prior three to nine months, Castelino said, that conversation had moved well beyond regulated industries into mainstream enterprise.

That pressure is arriving simultaneously with the challenge that did own the conference: the explosion of unsanctioned AI tools inside enterprise environments. Castelino puts the number at 320 AI cloud applications per enterprise on average, most outside existing data protection policy.

The exposure is concrete — employees are copying patient records, financial data and proprietary product plans into AI prompts, with no visibility into what the tool does with that content afterward.

What’s striking is how fast enterprises are moving from paralysis to pragmatism — or trying to. A year and a half ago, security teams were still drawing a hard line — block the AI tools or allow them, nothing in between. That binary is collapsing under pressure from the business side, which has made clear that AI access is not optional, Castelino told me.

Policy is evolving toward a risk-based model that attempts to distinguish sanctioned services from unsanctioned ones, he said, but the work is far from finished. The journey from denial to damage control — from hard prohibition to grudging, risk-aware accommodation — is one that took years with shadow IT. Castelino’s assessment: shadow AI has compressed that same arc into roughly 12 months. The security architecture underneath all of it, though, was built for known choke points and known users. It was not built for this.

The full conversation is in the companion podcast.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

The post FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense first appeared on The Last Watchdog.