惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

大猫的无限游戏
大猫的无限游戏
博客园 - 【当耐特】
Cloudbric
Cloudbric
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Attack and Defense Labs
Attack and Defense Labs
爱范儿
爱范儿
The Cloudflare Blog
腾讯CDC
Security Archives - TechRepublic
Security Archives - TechRepublic
TaoSecurity Blog
TaoSecurity Blog
云风的 BLOG
云风的 BLOG
Recent Announcements
Recent Announcements
C
Check Point Blog
Schneier on Security
Schneier on Security
S
Schneier on Security
J
Java Code Geeks
B
Blog RSS Feed
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
A
About on SuperTechFans
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Google DeepMind News
Google DeepMind News
阮一峰的网络日志
阮一峰的网络日志
罗磊的独立博客
A
Arctic Wolf
S
Secure Thoughts
P
Palo Alto Networks Blog
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
博客园 - 三生石上(FineUI控件)
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
U
Unit 42
I
InfoQ
D
DataBreaches.Net
P
Privacy International News Feed
T
Troy Hunt's Blog
博客园 - 叶小钗
T
Threatpost
博客园 - Franky
K
Kaspersky official blog
Hugging Face - Blog
Hugging Face - Blog
IT之家
IT之家
www.infosecurity-magazine.com
www.infosecurity-magazine.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cisco Blogs

Lohrmann on Cybersecurity

On AI Ethics: Why Prompt Engineering Needs a Moral Compass Navigating NIST’s New Cybersecurity AI Frontier AI at Work: Employees Aren’t Waiting for Permission AI, Mind Reading and Microchip Brain Implants The Mythos Race: Trump’s New EO and Glasswing’s Expansion No Longer Invisible: When Cyber Attacks Go Physical How New College Grads Can Succeed in an AI Economy Protecting People and Infrastructure: A 2026 World Cup Security Preview ‘CI Fortify’ Is the New Road Map for State and Local Resilience A Tale of Two States: The 2026 Cybersecurity Paradox The Great Stay: Why Tech Talent Is Choosing Stability Over Salary A History of Global Hacking — and Where It’s Going Next Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity Post-Quantum Cryptography: Moving From Awareness to Execution RSAC 2026 Highlights: From Agentic AI to Active Defense What Is Physical AI, and What Does It Mean for Government? New Federal Strategies, Rising Risk From Iran Top Cyber Themes Securing Critical Infrastructure in a Time of War From Michigan to Silicon Valley: A Conversation With Mohamad Yassine Defending Your Castle: Best Practices for Smart Home Security Your Smart Home Is Watching You: Privacy in the Age of AI Robots How Global Power Struggles Are Rewriting Cyber Defense After TikTok: Navigating the Complex Web of Foreign Tech Bans
The Global State of Technology Risk in 2026
https://www.govtech.com/authors/dan-lohrmann.html · 2026-06-14 · via Lohrmann on Cybersecurity

What strategies are global organizations using to transform business processes in the era of agentic AI?

Where is the new tactical boundary between innovation and risk?

How are leaders managing staff differently now, as AI tools enhance efficiency?


Who can we emulate to try and keep up with radical change?

When will this craziness end — if ever?

These are just a few of the questions I have been asked over the past few months as I travel around the country when talking with CISOs, CIOs, CTOs, CFOs and others in government leadership.


ADDRESSING GOVERNMENT RISK IN 2026

As we head into the second half of the year, global trends in cybersecurity are changing rapidly as artificial intelligence tools take center stage. We are witnessing unprecedented transformations to public- and private-sector organizations as people, process and technology changes become the new normal.

For more background, just in the past month, some of the top cyber themes that this blog has covered include pieces of these themes:

In order to examine a few of these topics and questions from a wider, fresh perspective, I try and take a big step back at least once a year to examine what is being published about IT strategies internationally. No doubt, these best practices may not apply in your situation. Nevertheless, my hope is that these examples will motivate and encourage risk mitigation in innovative ways.

First, a new report that came from Global Government Forum in Australia that explores how government organizations can ensure they have the right people, skills and partners to deliver on their digital visions. The report identifies six common foundations that underpin digital capability across governments, and how to make sure these foundations are resilient in a fast-changing environment.

global government forum.png

Here’s a brief excerpt:

“Introduction: Progress, persistent challenges and a widening gap

  1. Visibility of workforce, services and suppliers
  2. In-house technical capability for strategic control
  3. Broad digital capability across the civil service
  4. Digitally confident leadership
  5. Effective engagement with the private sector
  6. Citizen capability and trust

Conclusion: Building capability that evolves with change.” Some of their top takeaways include:
■ “Internal capability to act as a ‘smart customer.’ Governments will need sufficient technical, commercial and delivery expertise to define requirements, assess options and manage suppliers effectively, rather than relying on external providers to shape solutions.
■ Clear frameworks for what to build or buy. As digital becomes central to public services, governments will need more consistent frameworks and guidelines to decide which capabilities must be held internally and where external support adds value.
■ Visibility of the supplier landscape. A clear, system-wide view of suppliers, contracts and dependencies will be essential to manage risk, avoid fragmentation and support more strategic engagement with the market.
■ Active market shaping. Governments will increasingly need to engage the market proactively – outlining priorities and plans, fostering competition and supporting innovation.”

Second, I'll highlight findings from McKinsey’s 2026 AI Trust Maturity Survey, which reveal progress in trust maturity, alongside persistent gaps in strategy, governance, and risk management.

The report is called State of AI trust in 2026: Shifting to the agentic era:

“AI adoption is accelerating rapidly, with organizations moving beyond experimentation toward scaled deployment of gen AI and, increasingly, agentic AI across core business functions. But as AI systems take on greater autonomy—making recommendations, triggering actions, and interacting with other systems—the consequences of failure grow materially. In this environment, AI trust and the responsible AI (RAI) practices that enable trust are no longer a tangential concern but a foundational requirement for realizing the full potential of the technology.”

Here are more key insights from the report:

"The survey uncovers 10 key insights about AI trust, which fall across three themes: the current state of AI trust, emerging risks and challenges, and how organizations are responding to close gaps and enable scale.

"Despite improved maturity on the whole, significant variance still exists, but companies are increasingly recognizing the importance of RAI investment:

  1. RAI maturity continues to improve, yet strategy, governance, and agentic AI controls lag behind, with only about 30 percent of organizations reaching a maturity level of three or higher in these dimensions.
  2. RAI maturity varies by industry and region: Asia–Pacific leads globally, and technology, media, and telecommunications and financial services outperform other sectors.
  3. Investment in RAI is strongly associated with higher RAI maturity and realized value.
  4. Security and risk concerns are the top barrier to scaling agentic AI.
  5. Inaccuracy and cybersecurity remain the most frequently cited AI risks as adoption expands.
  6. Active mitigation lags behind risk awareness across nearly every AI risk category.
  7. AI incident frequency remains stable, but confidence in organizational response has declined.
  8. Knowledge and training gaps are the leading barrier to RAI implementation.
  9. Organizations with explicit accountability for RAI achieve higher maturity scores than those without clear accountability.
  10. AI trust is increasingly viewed as a business enabler rather than a compliance exercise.”

OTHER PERSPECTIVES

An AI and risk management report from the Centre for Regulatory Strategy, which was authored by Deloitte, was released earlier this year and can be downloaded here.

This report covers AI adoption and risk management in financial services:

  • "Strategic Benefits vs. Core Barriers - While AI offers significant operational efficiencies and enhanced customer engagement, its adoption is heavily restricted by data quality scarcity, regulatory hurdles, and corporate culture resistance.
  • Nature of Evolving Risks - The primary governance challenge is not entirely new risk categories, but rather existing enterprise risks manifesting in unfamiliar, fast-evolving, and harder-to-identify ways.
  • Auditability and the 'Black Box' - Advanced techniques like deep learning introduce hidden decision layers that create severe transparency, auditability, and traceability challenges, making compliance with regulations like GDPR difficult.
  • Adapting Risk Frameworks - Organizations must transition to dynamic, shorter-interval Risk Management Frameworks (RMF) spanning continuous identification, assessment, control, and monitoring to counter rapid algorithmic errors.
  • Proactive Governance and Compliance: Regulators are increasingly scrutinizing AI uses; successful innovation requires boards and stakeholders to comprehensively understand algorithmic bias, establish clear accountabilities, and maintain robust human-in-the-loop oversight."

One more from a very different vantage point. The Carnegie Endowment for International Peace produced this report late last year: How China Views AI Risks and What to Do About Them. Their new standards road map revealed growing concern over risks from abuse of open-source models and loss of control over AI.

“China’s most influential AI standards body released a comprehensive articulation of how technical experts and policy advisers in China understand AI risks and how to mitigate them.

The AI Safety Governance Framework 2.0,1 released in September, builds on an earlier version of the framework released a year prior. Alongside the Chinese Communist Party’s (CCP) unwavering focus on “information content risks” from AI, Framework 2.0 responds to the advances of AI over the past year, such as the global proliferation of open-source models and the advent of reasoning models. It represents a significant evolution in risks covered, including those tied to labor market impacts and chemical, biological, radiological, and nuclear (CBRN) weapon misuse. And it introduces more sophisticated risk mitigation measures, establishing a rubric to categorize and grade AI risks that sector-specific regulators should adapt to their domain.

“The framework is not a binding regulatory document. But it offers a useful datapoint on how China’s AI policy community is thinking about AI risks. It could also preview what technical AI standards—and possibly regulations—are around the corner. Given China’s massive footprint in AI development, the impact of those standards will ripple out across the world, affecting the trajectory of the technology itself.”

Here is another great perspective on leading with agentic AI from Cisco Live Keynotes:

FINAL THOUGHTS

I have found that taking a step back and reading relevant surveys and reports from around the world can often lead to new insights on innovative opportunities in the U.S. State and local governments typically examine similar public-sector entities to learn best practices, but in 2026 we need to be looking globally for the practices of the best international projects and solutions.

I challenge government leaders to rethink technology risk from a global perspective in our new AI era.