Today marks AI Appreciation Day, the annual moment set aside to reflect on how far artificial intelligence has come. For the security industry, that reflection looks less like a party and more like a stocktake. AI has quietly become embedded in almost every layer of enterprise IT: writing code, triaging alerts, hunting threats, running backups, and increasingly, acting on its own initiative. The question security leaders are asking this year isn’t whether AI deserves appreciation but whether organisations have built the identity, governance and resilience layers to deserve what AI can now do.
IT Security Guru asked cybersecurity leaders from across the industry, spanning identity, threat intelligence, backup and recovery, GRC and cyber-resilience vendors, what AI Appreciation Day means to them in 2026. Their answers converge on a theme: AI has earned its seat at the table, but trust, accountability and human oversight haven’t kept pace with its capabilities.
The identity gap nobody planned for
The most immediate concern isn’t whether AI works; it’s whether anyone can say with certainty what it did and why. As AI agents move from answering prompts to independently taking action, that ambiguity becomes a governance problem in its own right.
John Cannava, CIO at Ping Identity, argues that this shift demands a fundamental rethink of how organisations manage machine identity:
“Organisations are increasingly deploying AI agents across the enterprise, and the opportunities for innovation and efficiency are tremendous. These systems are doing more than just responding to prompts. They’re making decisions, taking actions, and even spawning new agents with increasing autonomy and speed. That evolution is transforming how work gets done, and it’s also reshaping the security landscape. Now the challenge is that many organisations are adopting AI agents faster than they can establish clear identity, accountability, and governance for them. When you can’t definitively answer what an agent did, why it did it, or under whose authority it acted, you create unnecessary risk and uncertainty. This is why identity for AI must become a foundational priority. Every agent needs a verifiable identity, clear permissions, and continuous oversight, just like any human user or service account. By building trust, visibility, and accountability into AI from the start, organisations can unlock the full potential of autonomous AI while managing risk and strengthening security.”
Dave Hayes, Vice President of Product at FusionAuth, goes further, arguing that the entire framing of “agent legitimacy” misses the point:
“An AI agent is not a new user to authenticate. It has no authority of its own; it acts for a human, and that human is where the authority comes from. So, the question isn’t whether the agent is legitimate, but whether it can do only what its human owner is already allowed to do. Policy can’t enforce that. People follow the rules partly because breaking them gets you fired, and an agent has no job to lose. Give it a goal, and it treats your policy as an obstacle to work around. We surveyed 300 security and technology leaders: 84% of those most confident in their AI security had a confirmed AI-identity breach last year, most with governance they’d have called comprehensive. Architecture fixes this, not wording. AI is probabilistic, so your identity layer has to be deterministic.”
That statistic is worth sitting with: the organisations most confident in their AI security were also the ones most likely to have already been breached through an AI identity. Confidence, it turns out, is not the same as control.
Governance stops being optional by law, not just by choice
If identity is the technical gap, governance is the organisational one. Several contributors argued that the industry’s instinct to treat governance as a brake on innovation is exactly backwards, and that regulators are no longer leaving the choice up to individual companies.
Shane Barney, CISO at Keeper Security, frames the real question of AI Appreciation Day as one of visibility, not capability:
“AI Appreciation Day is a moment to ask a harder question than what AI has made possible: do organisations know what it’s doing once it’s live inside their environments? For most security teams, the honest answer is not well enough. Most organizations have spent the last two years asking how fast they can adopt AI. The better question is whether they actually know what it’s doing once it’s inside their environment. That distinction matters more than most security teams are comfortable admitting. AI agents are operating inside enterprise environments with privileged access, handling sensitive data and making autonomous decisions — often with no more oversight than an unmonitored service account. Keeper’s 2026 global research found that 56% of organisations cite employees inadvertently sharing sensitive information through AI tools as their biggest security gap. That’s not a technology problem. It’s a governance problem, and it’s sitting unaddressed while adoption accelerates. The external pressure is arriving now regardless. From August 2, EU regulators have full enforcement authority under the AI Act, with national authorities across all 27 member states empowered to investigate, restrict and sanction non-compliant AI deployments. For enterprise security teams, that means AI governance is no longer internally discretionary. The organizations that will be in the best position are the ones treating every AI agent like what it actually is: a new identity, with access rights, audit obligations and the potential to cause real damage if left ungoverned. That means enforcing least privilege, maintaining credential controls and building a full audit trail across every identity in the environment, human or otherwise. The fundamentals still apply. They just need to be extended to cover the parts of the environment that weren’t there two years ago.”
Matt Kunkel, Co-Founder and Executive Chairman at LogicGate, pushes back directly on the idea that governance and innovation are in tension:
“From HR and marketing to compliance and finance, there’s not a single department that doesn’t use AI in some form or another today. Yet, too many organisations hesitate at the idea of AI governance because, to them, governance means red tape, rules, and other roadblocks. But what these leaders fail to realise is that a strong AI governance framework isn’t hindering innovation — in fact, it’s exactly what your company needs to keep pace with today’s innovation and deliver real value. With an AI governance framework in place, businesses can move forward with full visibility into their current AI landscape, a clear understanding of how AI directly ties to business goals, and immediate recognition of risks and how to mitigate them. This ensures that the AI solutions in use are delivering real value while also allowing you to rapidly deploy them for use cases across departments without encountering legal bottlenecks each time you implement a new tool.”
The shadow AI problem hiding in plain sight
Long before organisations get to agent identity or governance frameworks, many are missing something more basic: a clear picture of how staff are already using AI day to day, sanctioned or not.
Tim Ward, CEO and co-founder at Redflags, argues that the real risk on AI Appreciation Day isn’t capability, but blind spots:
“On AI Appreciation Day, most of the conversation is about what AI can do. The more urgent question for businesses is what employees are already doing with it, often without anyone in security ever finding out. AI tools have moved into daily work faster than any technology in recent memory, and adoption isn’t waiting for a policy to catch up. People are pasting client data, source code, and financial details into public tools because they’re useful, not because anyone approved it. Underneath it, this comes down to visibility. Most organisations can’t currently answer basic questions about their own exposure: which AI tools are being used, by whom, and what’s leaving the business as a result. Blocking tools outright rarely works and just pushes usage further out of sight. The businesses managing this well aren’t the ones with the strictest AI policy on paper, but those who’ve built real visibility into how AI is actually being used day to day, and can guide people toward safer habits in the moment, rather than finding out after something’s already gone wrong.”
Why full autonomy is the wrong goal
As vendors race to market “self-driving” security operations centres, several leaders used AI Appreciation Day to push back on the idea that removing humans from the loop is progress.
Dray Agha, senior manager of security operations at Huntress, is blunt about the risk of handing AI the wheel:
“While threat actors are rapidly weaponising AI to scale their attacks, the defensive answer isn’t to build completely autonomous security systems. Full autonomy is a dangerous goal in cybersecurity because the stakes are simply too high. AI is an incredible engine for processing vast amounts of threat telemetry at lightning speed, but handing it the ‘steering wheel’ without human oversight risks catastrophic false positives, potentially shutting down critical business operations faster than an actual adversary ever could. This AI Appreciation Day, the real celebration shouldn’t be about replacing security analysts, but about augmenting them. AI excels at the heavy lifting, like accelerating triage by connecting the dots across millions of daily alerts and filtering out the noise. However, human judgment must remain the ultimate arbiter in the loop. The future of cyber defence relies on ‘augmented intelligence,’ where AI surfaces the needle in the haystack, and human experts apply the critical thinking, business context, and strategic judgment needed to actually neutralise the threat; an agentic extension of human reach is a better future than locking the human out in favour of black box automation.”
His colleague, Muhammad Yahya Patel, vCISO and cybersecurity advisor for EMEA at Huntress, takes aim at the marketing narrative that surrounds days like this one:
“The security industry has a habit of treating AI as either a silver bullet or an existential threat depending on which narrative suits the moment. AI Appreciation Day tends to bring out the former. The reality, as anyone working in security operations will tell you, sits somewhere less dramatic and more complicated than either position. AI is genuinely useful in security right now in specific, well-defined applications. Threat detection at scale, alert triage, vulnerability scanning, anomaly identification in large datasets. These are areas where AI is producing real operational value and meaningfully reducing the manual burden on stretched security teams. That’s worth acknowledging honestly. The gap between what AI is marketed to do and what it actually does in production environments remains significant, and it has consequences. Organisations are making purchasing decisions based on vendor claims that don’t survive contact with their actual environment. Security leaders are facing questions from the board about their AI strategy when what they actually need is fundamental funding. Rather than appreciating AI in the abstract, security teams would be better served asking two concrete questions. First, where is AI actually reducing risk in our environment today, with evidence? Not in theory, not in the vendor demo, but in practice. Second, where is AI expanding our attack surface, and what are we doing about it?”
AI wrote the code but who’s checking it?
Nowhere is the productivity-versus-accountability tension sharper than in software development, where AI-assisted coding has gone from novelty to the default in a couple of years.
Dipto Chakravaty, chief technology officer at Black Duck, frames the shift in stark terms:
“AI Appreciation Day is a fitting moment to acknowledge that AI has become the most productive teammate developers have ever had, but also the least accountable one. With 97% of enterprise development teams now using AI coding assistants, code is being generated faster than most organizations can govern, review, or secure it. The next chapter of AI appreciation has to be about trusted verification: treating every line of AI-written code as untrusted until it’s been contextualized and validated against policy. Productivity without governance isn’t acceleration, it’s accumulated risk.”
Dr Andrew Bolster, Senior Manager, Research and Development at Black Duck, puts the burden of proof on enterprises rather than the tools themselves:
“The organizations getting the most out of AI-generated code aren’t the ones writing the most of it; they’re the ones verifying it the fastest. On AI Appreciation Day, the honest takeaway is that AI coding assistants have moved bottlenecks downstream: into manual review, security testing, and remediation. Enterprises need to be asking three questions before AI-written code ships: Do we know it was AI-generated? Has it been tested with the same rigor as human-written code? And can we prove it complies with our policies and the regulations to which we’re accountable? If the answer to any of those is ‘not consistently,’ the productivity gains are borrowed, not earned.”
Data is the foundation agentic AI stands on
Behind every identity and governance conversation sits a more basic problem: AI agents are only as trustworthy as the data they act on and only as safe as the backups that sit behind them if something goes wrong.
Tim Pfaelzer, SVP and General Manager, EMEA at Veeam, points to a widening gap between AI ambition and AI readiness:
“AI is revolutionising how organisations unlock value from their data, providing instantaneous insights and uncovering opportunities that were previously out of reach. To realise these benefits, businesses are entering the agentic era, driven by a new generation of AI agents that can act on data at machine speed. These agents are becoming autonomous, 24/7 digital workforces, scaling productivity and accelerating decision-making. The rise of the agentic era is driving tremendous investment in AI, particularly among hyperscalers, which have reportedly spent more than $650 billion building the foundations for the next phase of AI innovation. The potential of AI agents has earned a significant vote of confidence from enterprises, with 88% of organisations already actively piloting them across their technology stacks. However, it’s important to recognise that only around 7% of organisations have the foundational capabilities in place to be truly AI-ready. This presents a significant risk. A major challenge is the lack of visibility into data, which can cause AI models and agents to act on incomplete, outdated, or inaccurate information, leading to unreliable outcomes at machine speed. To address this, organisations must build a trust layer through complete visibility, governance, and resilience across every data asset. By ensuring AI agents are powered by secure, accurate, and readily recoverable data, businesses can unlock AI’s full potential without allowing it to become their Achilles’ heel.”
Geoff Burke, Senior Technology Advisor at Object First, has been tracking the same risk since last year’s AI Appreciation Day, and says his warnings have already started to materialise:
“Last year on AI Appreciation Day, I cautioned my peers on the hidden cybersecurity dangers associated with AI. Since then, many of my concerns have materialised, from highly sophisticated AI-generated attacks to accelerated vulnerability exploitation. That’s not to say I am against AI — I’m a user of it myself — but the efficiency and technological advances we’ve seen from AI haven’t come without cost. An AI agent with too much autonomy and inadequate guardrails can cause major vulnerabilities, blind spots, and challenges that may outweigh the positives. However, as long as companies are aware of and realistic about these risks, they can take action to mitigate the consequences should an AI agent malfunction and delete important data, for example. Part of this preparation should include building recovery and resilience into the foundation of IT infrastructure with Absolute Immutability, ensuring backup data cannot be modified by anyone, not even the most privileged admin, attacker, or agent.”
From reactive triage to proactive defence
Set against the governance warnings is a genuinely optimistic case: that AI is closing the gap between detection and response faster than any prior generation of tooling managed to.
Neena Sharma, Head of Customer and Product Marketing at Filigran, frames adoption speed as a secondary concern to adoption discipline:
“The way we are seeing Frontier AI making advancement, it can be difficult to predict how AI will evolve over the next year. In the present, we are already seeing how vulnerability discovery time is shrinking. However, we need to be careful about blind uptake of these tools as it’s a double-edged sword. The winners won’t be who adopts AI fastest; it’ll be who adopts it deliberately. Security teams must focus on how they want to be able to utilize AI to improve defenses, not to open the attack surface even wider.”
Her colleague Deborah Galea, Cybersecurity Specialist at Filigran, sees the practical payoff already showing up in how teams operate day to day:
“AI’s biggest impact is that it’s rapidly closing the gap between spotting a threat and neutralizing it. Rather than analysts manually sifting through thousands of alerts, autonomous agents can now cross-reference indicators against an organization’s real environment, filter out the noise, test actual exposure, and trigger containment in real time. The result: security teams that move from reactive triage to genuine proactive management, catching and addressing threats before they escalate.”
Falk Schwendike, Senior Solutions Engineer at Filigran, adds that the same logic applies to identity and access risk:
“With AI, risk management stops being something you do after the fact. Modern defense models can now track how users and devices actually behave, so attackers hiding behind stolen credentials don’t stay hidden for long. If you feed enough alerts into the right automated workflows, the system can isolate a compromised endpoint or kill leaked access in milliseconds, significantly faster than any analyst could react manually. Add dark web monitoring and regular breach simulations on top, and AI makes threat management proactive.”
Keeping humans in the loop, deliberately
For all the optimism about speed, nobody in this piece is arguing for handing AI a blank cheque. Schwendike’s second contribution lays out what disciplined adoption actually looks like in practice:
“AI-powered security tools should take work off people’s plates, not bury them in false alarms. It is important for security teams to steer the technology rather than trust it blindly. Looking ahead, I see four areas that stand out. First, there’s context. Teams will have taught their AI that a break-in on an intern’s laptop is a different animal entirely from someone touching the customer database, and clean exception lists will mean the system stops flinching every time IT runs its nightly backup. Second, humans stay in the loop. The big calls, locking an executive’s account, pulling the plug on a production line, should still wait for a person to click approve. And when the AI gets something wrong, analysts won’t just dismiss it; they’ll correct it, so the system actually learns. Third, prompt engineering becomes routine. Teams build up libraries of tried-and-tested threat-hunting queries, and when they lean on an AI assistant, they give it a real job to do. An example prompt could be: ‘act as a seasoned incident response analyst and check this script for obfuscation.’ Fourth, the AI itself gets locked down. Nobody wants source code or internal logs leaking into a public model, so that gets watched closely, and the training data behind in-house systems gets protected too, so no one can quietly poison the AI’s judgment from the outside.”
What next year’s AI Appreciation Day might look like
If this year’s theme is guarded optimism, next year’s may be a genuine test of whether the industry can scale autonomy responsibly. Galea offers a note of caution about what’s coming:
“By next year’s AI Appreciation Day, I expect the industry to have moved further toward autonomous defensive agents operating at machine speed. But that progress only counts if it’s built on strict architectural guardrails, not left to the AI’s own judgment. Without those boundaries, the very agents meant to defend us risk becoming threats themselves.”
Schwendike’s own prediction for 2027 is more sweeping still, describing a world of self-remediating infrastructure and fully autonomous vulnerability hunting:
“By AI Appreciation Day 2027, we will see zero-human remediation taking over. Systems will be able to rewrite their own firewall rules and spin up clean mirror environments to keep businesses running, way before an analyst is even paged. Autonomous agent swarms will hunt for vulnerabilities around the clock, quietly deploying their own micro-patches for zero-day exploits before vendors even realize they exist. On the privacy front, enterprises will completely walk away from public AI APIs, choosing to run highly compressed, air-gapped language models on their own hardware, all so every threat prediction stays strictly inside the building. Finally, supply chain auditing will achieve true machine speed, meaning every single piece of third-party code is inspected and cleared at compilation, while auditable compliance reports assemble themselves the moment they are requested.”
The verdict
Strip away the vendor branding and a consistent picture emerges from this year’s AI Appreciation Day commentary. AI has genuinely earned its place in the security stack, accelerating triage, shrinking vulnerability discovery windows, and taking grunt work off overstretched teams. But almost every contributor here paired that appreciation with a warning: identity and accountability haven’t kept pace with autonomy, AI-generated code is shipping faster than it’s being verified, the data agents act on is often less trustworthy than assumed, and the organisations most confident in their AI security are, by Hayes’s own data, often the ones who’ve already been breached because of it.
Regulation is no longer a future consideration either. With the EU AI Act’s enforcement powers landing on 2 August, Barney’s point applies well beyond Europe: governance is moving from a discretionary best practice to a legal obligation, and organisations that treat every AI agent as a new identity with access rights, audit trails and recoverable data behind it will be the ones left standing when enforcement, or an incident, arrives.
The consensus isn’t that AI should be reined in. It’s that appreciation without architecture is just marketing. As Chakravaty puts it, productivity without governance isn’t acceleration; it’s accumulated risk. If there’s a single takeaway for security leaders heading into AI Appreciation Day 2026, it’s this: celebrate what AI has made possible, but spend at least as much energy on the identity, governance, verification, and resilience layers that determine whether that possibility becomes a liability.





