Gartner urges CISOs to modernize identity, prioritize resilience, and embrace AI-driven innovation to counter evolving threats.
Chief information security officers (CISOs) need to rethink identity management, redefine success, and lower barriers to innovation as AI transforms both threats and opportunities, according to Gartner. The insights came from the Gartner Security & Risk Management Summit held June 1-3 in National Harbor, Maryland.
Identity needs a rethink
The explosion of AI agents and machine-to-machine interactions is straining traditional identity and access management systems. Old models built for human users with fixed roles can’t keep up with millions of machine identities operating at once. Gartner predicts that by 2028, 25% of breaches will happen through poorly managed AI agent systems. Organizations that modernize identity now, Gartner says, can turn this challenge into a competitive edge.
Resilience over prevention
Cyberattacks are now seen as a normal part of doing business, not a sign of failure. Gartner analyst Leigh McMullen argued that chasing “prevention” as the only measure of success is unrealistic in the AI era. Instead, organizations should focus on resilience — limiting damage, keeping critical operations running, and recovering fast. This requires setting clear thresholds for acceptable disruption tied to what matters most to the business.
Innovation is already happening
Gartner says innovation doesn’t need big new projects; it’s already happening through daily fixes, workarounds, and improvements that go unnoticed. With AI-assisted tools, teams can now test defenses, simulate attacks, and refine responses without major planning cycles. By 2028, AI-driven security operations centers could cut human-handled incidents by 30%, shifting analysts from “responders” to “supervisors.” Leaders, Gartner adds, must protect time for this experimentation to pay off.
