Skip to main content

Information Security

Why this function belongs in the AI Operating Model

AI initiatives almost always work with corporate data, external models, and automated actions. This creates classes of risk that ordinary software didn't have: leakage of sensitive data into a third-party LLM, prompt injection, an agent performing actions beyond its authority, uncontrolled integrations.

If InfoSec only engages at the end, it is forced either to block an almost-finished initiative or to wave it through with caveats. Both scenarios are bad. The AI Operating Model embeds InfoSec as an early participant in the stage gates.

Where it engages

AI Operating Model stageRole of InfoSec
AssessmentClassifies the initiative's data, identifies prohibited scenarios
Before the pilotApproves access, environment isolation, secrets handling
Before productionReviews the threat model, checks logging and control of agent actions
In supportControls access, audit, incidents, secret rotation

InfoSec is the natural owner of routing initiatives by risk level (self-service / trust-but-verify / strategic review / prohibited), which the AI Operating Model applies at the assessment stage.

What the function receives as input

  • The list of the initiative's data and its classification (personal data, trade secret, public).
  • A map of integrations and external services (which models/APIs are used, where data goes).
  • A description of the agent's permissions and actions: what it reads, what it changes, where human-in-the-loop is required.

What the function delivers as output

  • Requirements for data and access (minimization, masking, environment isolation).
  • An opinion on the threat model and the permissibility of the scenario.
  • Approval/denial to pass the stage gate, with compensating controls where needed.

Key touchpoint artifacts

  • Initiative data classification — what the data is and what processing regime applies.
  • AI scenario threat model — risks specific to LLMs/agents and countermeasures.
  • Access and secrets register — who is allowed to do what within the initiative's environment.

Anti-patterns

  • InfoSec as a wall at the end. Requirements surface at the final review and the initiative stalls. The cure is engaging at the assessment stage.
  • Shadow AI. Teams bypass InfoSec by uploading data to public services. The cure is a clear, fast self-service track for low-risk cases.
  • "Ban everything." Without a risk matrix, InfoSec blocks even safe scenarios, and the business stops coming for approval.