惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

Fastly Blog

Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Fastly Six Common Live Streaming Mistakes (And How to Avoid Them) How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy AI Traffic Grew 6.5x Faster Than Human Traffic This Year Python SDK Beta: How the Language of AI Runs Faster and Safer with Fastly Give AI Agents the Markdown They Actually Want How to Configure Local Logging for an On-Prem Next-Gen WAF Agent Fastly Joins the Agentic AI Foundation (AAIF) to Guide Edge AI Interoperability The E-commerce Industry in the AI Era: Has the Agentic Flood Hit? No Margin for Error: What the FIFA World Cup Teaches Us About Performance at the Edge Why iGaming Infrastructure is Breaking and What Comes Next The Publishing Industry in the AI Era: Why Bot Strategy is Now a Business Strategy Bad Performance Kills SaaS/PaaS Growth — Why Your CDN Matters Why your code is safe from Copy Fail on Fastly Compute Myth or Marvel: Claude Mythos and What it Means for Security Introducing Compliance Audit Reports Supporting Google Private AI Compute with Privacy-Preserving Edge Infrastructure Fastly Nearly Half the Web Isn’t Human: Inside Fastly’s Threat Insight Report Media over QUIC: Can Streaming Finally Have Both Scale and Low Latency? Introducing Fastly’s Redesigned Homepage: Your Central Hub for Actionable Insights The False Choice of Indiscriminate Blocking: Why Technical Precision is the New Standard for an Open Internet What is CVE-2026-23869? React Server Components Security Alert Fastly enables first-party tagging for Google Advertisers Shrink Your Bill With Efficient Software Your AI coding agent just got better at Fastly Fastly Ranked as a Leader in the 2026 Forrester Wave™ for Edge Development Platforms Fastly at RSAC 2026: New Advances in AppSec, Bot Management, and Deception Mastering the Edge: What Golf Can Teach Us About Speed, Precision, and Performance Real-Time CDN Monitoring for Live Events with Bronto Imperva Alternatives Fastly + Scalepost: Extending the Fastly platform to manage AI Crawlers Best content delivery networks for bot management Vibe Shift? Senior Developers Ship nearly 2.5x more AI Code than Junior Counterparts Maximizing Compute Performance with Log Explorer & Insights Fastly CDN Expands Scaling Fastly Network: Balancing Requests | Fastly Best Practices for Multi-CDN Implementations | Fastly Compute@Edge: Serverless Insights by Company | Fastly Fastly can teach you about the Wasm future in just 6 talks Fastly's Observability Unleashed: New Updates and Insights Optimizing your multi-CDN infrastructure to improve performance Stay ahead of attackers by pushing your security perimeter to the edge Are APIs the Key to Digital Innovation or a Trojan Horse? Fastly Academy: on-demand learning at your fingertips. | Fastly 30 Years of Web: Building for Tomorrow 4 Ways Legacy WAF Fails to Protect Your Apps Adobe boosts performance and MTTR with Epsagon and Fastly logs | Fastly Beta" A New Serverless Compute Environment Early TLS at Fastly Technical trainings & the future of edge delivery at Altitude 2016: a year in review Innovation Capacity Defined: Tech Stack Values | Fastly Deep Log Visibility Offered by Logentries | Fastly Caching the Uncacheable: CSRF Security Increase Your Hit Ratio With This Simple Tip
Accountability Without Control Is Breaking Security Leadership
Marshall Erwin · 2026-05-20 · via Fastly Blog

The CISO has always been accountable for incidents. That hasn’t changed, and it shouldn’t. What has changed is this: we’ve increased accountability without giving CISOs more control.

The role has moved closer to the center of the business. CISOs are more involved in incident response, more exposed to board-level scrutiny, and more tied to regulatory outcomes.

On the surface, that looks like progress. Security is now treated as a business issue, not just a technical one. But a seat at the table doesn’t mean control. 

In most organizations, CISOs don’t own the systems they’re securing or the decisions that shape risk. Accountability sits with the CISO. Control sits across the organization. 

That mismatch is starting to make the role unsustainable.

Accountability Alone Isn’t Improving Security

If accountability alone led to better security outcomes, this would be a different conversation. But that’s not what’s happening. Cyberattacks continue to grow in frequency and impact.

Organizations are reacting. Our research shows that 94% have made changes in response to rising CISO accountability. The issue isn’t whether they’re acting — it’s how. Many of the changes focus on managing exposure: more documentation, more scrutiny, more legal protection. Accountability is often driving defensive behavior — protecting the organization after the fact, rather than reducing the likelihood of an incident in the first place. 

Instead, accountability should drive alignment. It should force clear conversations with the executive team about what the real risks are. It should lead to better ownership and ensure that budgets and resources match the threat landscape. In many cases, they don’t, which makes it harder to act on the risks that have already been identified.

Why the Gap Keeps Growing

This model — where accountability is centralized and control is distributed — only works when the organization moves as one. In practice, that rarely happens.

And as organizations move faster, that misalignment becomes harder to manage. Security teams can identify risk, but addressing it depends on decisions made by other teams. So the gap grows, not because security leaders aren’t doing their job, but because the system around them isn’t set up to support it.

What’s missing isn’t the ability to act when incidents arise. It’s visibility and enforcement. At a basic level, many organizations still struggle to know what’s running in their environment — what tools are in use, where data is flowing, or how widely something is deployed. 

Even when risks are visible, acting on them depends on coordination, ownership, and the ability to enforce change across teams, and that’s where many organizations fall short. 

In a breach, CISOs aren’t just judged on what happened, but whether they had the visibility and authority to act. In practice, that means demonstrating that risks were understood and that the organization was in a position to act, even if execution depended on other teams.

This isn’t new, but it becomes harder as environments grow and change faster. 

Just as Security Caught Up, AI Reset the Playing Field

For a while, it felt like security teams were getting on top of things. Controls were maturing, the fundamentals were improving, and there was a sense that the gap between attackers and defenders was narrowing.

Then the ground shifted again. AI has changed the shape of the environment almost overnight. New tools are being adopted quickly, and the attack surface is expanding. Usage spreads before policies catch up. In some cases, security teams don’t fully understand the risk until it’s already present. And even when visibility improves, enforcement is not guaranteed. 

Many security teams are back in a familiar position: trying to catch up. At the same time, expectations haven’t reset. If anything, they’ve increased.

This is even more visible in AI-first organizations, where ownership of incident response is often unclear and the pace of change is higher. More than half of AI-first organizations report confusion over ownership — more than double the rate of traditional organizations.

What Needs to Change

The answer isn’t to reduce accountability. CISOs should be accountable. That’s not in question.

But accountability without control doesn’t improve security, it creates friction. Organizations are holding one function responsible for outcomes that depend on the entire system. 

Security needs to be built into how decisions are made, not layered on afterward. If the business is moving quickly — especially with AI — security needs to move with it.

That requires alignment at the leadership level. It requires clarity on ownership and resources that reflect the actual level of risk. And until control matches accountability, the gap will keep growing.

How Fastly Helps

Security teams need visibility into what tools are being used and whether they’re introducing risk into the environment.

Fastly’s Web Application and API Protection products help teams understand the traffic hitting their applications and identify malicious activity faster. The tooling is designed to reduce false positives, so teams spend less time chasing harmless activity and more time responding to real threats.

As AI tools spread across organizations, operational complexity increases too. Fastly brings capabilities like WAF, bot management, and DDoS protection together in one platform, which helps reduce operational overhead and makes incident response easier to coordinate.

If your security team is trying to keep pace with AI adoption, growing attack surfaces, and rising accountability pressure, learn how Fastly’s security products can help reduce noise, improve visibility, and speed up response times.