So it was Tom Cruise waving his hands around to use a computer, but it showed a world where people got arrested for crimes they hadn't committed yet based on data that could be flawed or biased. And it turns out that movie was a warning.

Kayne McGladrey raises another concern: the transfer of risk. AI vendors may provide the tools, but providers often carry the legal and financial consequences when things go wrong. In already stretched rural systems, that imbalance could have serious implications. There is also the issue of data. Many AI models are trained on urban populations, which may not reflect the realities of rural patients. That increases the risk of misdiagnosis or ineffective recommendations, particularly in communities with different health profiles.

Kayne McGladrey, an IEEE Senior Member who advises enterprises on identity risk, made the same diagnosis in an exclusive interview with VentureBeat. "It uses far more permissions than it should have, more than a human would, because of the speed of scale and intent."

DORA compliance requires both proper documentation and comprehensive data generation. The gap between policy and practice can be bridged by rigorous, automated evidence collection alongside documented ICT risk management frameworks. But as agentic AI continues to redefine modern operations, the definition of sufficient evidence must similarly modernize. Organizations that adopt JIT access, unified logging, and agent-specific telemetry today will not only survive the next NCA audit, but will also achieve longstanding operational resilience.

"You can reduce risk," said cybersecurity expert Kayne McGladrey. "But nobody out there can be perfect. It's an unattainable goal." McGladrey said he tends to think of cybersecurity in terms of risk; sometimes the risk is increased, and some things decrease risk.

This guide is for compliance officers, technical leads, CISOs, and their legal advisors preparing for increased regulatory scrutiny. Organizations must prepare for potential reviews of their risk management systems, data governance, and cybersecurity measures. Failure to provide adequate documentation may result in significant administrative fines, making the preparation of sufficient evidence a top priority for legal and technical teams alike.

McGladrey cut to the governance failure. “If crime was a technology problem, we would have solved crime a fairly long time ago,” he told VentureBeat. “Cybersecurity risk as a standalone category is a complete fiction.”

We move past the buzzwords to discuss the gritty reality of ripping out legacy "flat" networks and replacing them with Zero Trust architectures that actually improve performance while reducing liability. Kayne breaks down why the private sector continues to struggle with risk and how the rise of Agentic AI is changing the identity landscape in 2026.

In this episode of MY GRC POV, Monica sits down with Kayne McGladrey to challenge a common leadership trap. Teams talk cyber. Executives hear noise. Budgets stall. Decisions slow. Kayne breaks down how to translate security and compliance risk into business outcomes leaders act on. Revenue impact. Cost exposure. Operational uptime. Customer trust.

Integrating AI into production environments expands the scope of SOC 2 to cover models, training data, and automated decision-making systems. This shift affects every Trust Services Criterion. It also expands “evidentiary requirements,” requiring auditable records for production execution in addition to the AI decisions and automation workflows that triggered those executions.

In this episode of Root to CISO Byte Size, Kayne McGladrey shares practical insights on how cybersecurity professionals can align technical skills with business priorities to strengthen their impact. From conducting meaningful skills gap analyses to communicating security in revenue-focused terms, Kayne explains how CISOs can protect budget, support growth, and position security as a strategic enabler. He also offers grounded advice for early-career professionals on building the right skills, engaging with the community, and making informed career decisions in today’s evolving market.

“If this was easy, Microsoft would have written this,” says IEEE’s McGladrey. “But there aren’t a lot of options out there. I think that’s the real thing we’re working against here.”

#1 Kayne McGladrey, CISSP

"As organizations push return-to-office (RTO) mandates and chase efficiency, many security teams are quietly accumulating debt they don’t know how to unwind.In this episode, we are joined by Lea Cure Thorpe and Kayne McGladrey to unpack the less-discussed consequences of recent security decisions: RTO exposure, endpoint blind spots, tooling overload, analyst burnout, and the slow erosion of junior talent (thanks AI)."

One problem is that agentic AI reads all the text that it encounters and retains the data it absorbs, McGladrey adds. Embedded text, contained in website code but not visible to the human user, can trick agents into purchasing unwanted products while clones of legitimate retail websites can extract customer payment credentials.

Here’s the Thinkers360 annual leaderboard for our top 100 B2B thought leaders, analysts and influencers you should work with in 2026 (North America). Congratulations to all who participated!

In this conversation, Matthew Webster and Kayne McGladrey delve into the complexities of cybersecurity governance, focusing on the role of CISOs in al...

We know there are problems in our security systems, but we can't and shouldn't fix everything. What do we fix? Who decides? How do we explain what's reasonable to people who do decide? Kayne McGladrey, CISO in Residence at Hyperproof, joins us to explore risk, communication, and a surprising role for insurance.

“The technology is too immature to actually use its scale successfully and securely right now,” tech expert says.

Cloudflare was behind the latest in a series of outages this year. The big question now is: Why does this keep happening and how do we stop it?