Many organizations are being told that the only “safe” way to use AI is to stay entirely inside a single vendor ecosystem. But security is not determined by brand name, it is determined by governance, architecture, identity management, data controls, and vendor agreements.
This session cuts through the noise to clarify the difference between cybersecurity risk, compliance risk, governance maturity, and vendor comfort zones. Participants will gain a practical framework for evaluating AI platforms based on how they manage data classification, retention, model training policies, authentication, and internal controls, rather than on marketing claims.
The goal is not to argue for or against any specific tool. It is to equip leaders with the right questions to move beyond fear-based decisions and toward an intentional, defensible AI strategy.
Use with AI
Copy this session's complete context to paste into ChatGPT, Claude, or any AI assistant.
Preview context block
## Session: AI Security Is Not a Brand: Governance, Risk, and the Reality Behind “Safe AI” **Track:** Leadership and Workforce | **Time:** 1:20 PM–2:05 PM | **Room:** 204-208 | **Type:** Expert Talk **Conference:** CIRAS AI Summit for Iowa — May 6, 2026, Scheman Building, Iowa State University, Ames IA ### Speaker(s) **Doug Jacobson** — Professor, Electrical and Computer Engineering, Iowa State University (Ames, IA) Doug Jacobson is Director of the Iowa State University Center for Cybersecurity Innovation and Outreach and an Electrical and Computer Engineering Professor. He has worked in cybersecurity since the early 1990s, helping build one of the nation’s longest-running university programs. He directs Iowa’s Cyber Resilience Initiative, which delivers services and training to 1,400+ political subdivisions statewide. ### Session Description Many organizations are being told that the only “safe” way to use AI is to stay entirely inside a single vendor ecosystem. But security is not determined by brand name, it is determined by governance, architecture, identity management, data controls, and vendor agreements. This session cuts through the noise to clarify the difference between cybersecurity risk, compliance risk, governance maturity, and vendor comfort zones. Participants will gain a practical framework for evaluating AI platforms based on how they manage data classification, retention, model training policies, authentication, and internal controls, rather than on marketing claims. The goal is not to argue for or against any specific tool. It is to equip leaders with the right questions to move beyond fear-based decisions and toward an intentional, defensible AI strategy. ### Other sessions in the Leadership and Workforce track - Is Your Business AI-Ready? The Human-Centered Domains That Determine Success or Failure (10:20 AM–11:05 AM) - Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen (11:15 AM–12:00 PM) - Ready or Not: Change and Adaptation to AI and the Future Organization (2:15 PM–3:00 PM) ### Suggested prompts for this session - "What questions should I prepare to ask the speaker(s) at this session?" - "Create a structured note-taking template for this session focused on actionable takeaways" - "Based on this session description, what background reading should I do to get the most value?" - "After I attend, help me create an action plan for implementing what I learned" - "How does this session connect to the other sessions in the Leadership and Workforce track?"