Maryanne Baines is a distinguished authority in cloud technology with an extensive background in evaluating tech stacks, cloud provider ecosystems, and industrial product applications. Her expertise lies at the intersection of operational efficiency and enterprise security, making her a vital voice in the current conversation regarding artificial intelligence integration. As IT departments navigate a landscape increasingly defined by rapid automation and evolving threats, Maryanne provides the strategic oversight necessary to distinguish between genuine productivity gains and dangerous architectural vulnerabilities.
This discussion explores the dual nature of AI adoption, where tools like ChatGPT and Microsoft Copilot are saving IT teams nearly a quarter of their workweek by automating repetitive, low-value tasks. While optimism remains high, with over half of US and UK teams expecting AI to alleviate operational pressure, a significant security gap has emerged. We delve into the risks of data leakage and the phenomenon of “shadow AI,” exemplified by the high-profile Salesloft Drift breach of 2025. Finally, the interview addresses the alarming disconnect between executive confidence and the lived reality of frontline practitioners who feel significantly less secure.
The recent surge in AI adoption across UK and US IT environments seems driven by a desperate need for efficiency. How are these tools specifically reshaping the daily grind for teams that previously felt buried under manual tasks?
The transformation we are seeing is nothing short of a seismic shift in how IT professionals manage their time. Currently, nearly three-quarters of IT and security teams report losing about a quarter of their week—roughly ten hours—to repetitive, low-value work that drains their creative energy. By integrating tools like ChatGPT, which is now present in 71% of UK IT environments, or Microsoft Copilot, found in 68%, teams are finally clawing back that lost time. There is a palpable sense of relief among the workforce, with 59% of US teams and 55% of UK teams expressing deep optimism that AI will permanently alleviate their operational burdens. It feels like the first time in years that these professionals can breathe, shifting their focus from manual toil to higher-level strategic initiatives.
Despite the optimism surrounding these productivity gains, there is a chilling realization that security protocols are trailing behind. Why do you think only a minority of organizations feel truly equipped to handle the unique risks introduced by AI?
The speed of adoption has simply outpaced the ability of internal security teams to build robust guardrails. We are in a situation where only four-in-ten teams rate their current security stack as being truly “ready for AI-related risk,” leaving a massive 60% of organizations in a state of vulnerability. This creates an anxious tension in the server room because while the productivity numbers look great on a spreadsheet, the underlying infrastructure feels fragile. Security teams are running at full tilt just to keep the lights on, often without the specialized tools or training required to vet these new AI integrations. It is a classic case of the “move fast and break things” mentality colliding with the rigid, high-stakes requirements of enterprise data protection.
It is fascinating that teams with the most visibility into their AI usage are actually more worried about data leakage than those operating in the dark. What does this reveal about the hidden vulnerabilities that come with knowing exactly how data flows through these systems?
This paradox highlights a “ignorance is bliss” scenario that is incredibly dangerous in cybersecurity. In the UK, 56% of respondents identified data leakage as a primary concern, but when you look closer, the teams with full visibility are far more likely to flag this as a risk compared to the 27% of teams who have no visibility at all. In the US, that figure jumps to 59% for those with full visibility, suggesting that the more you see of the AI “black box,” the more you realize how easily sensitive information can slip through the cracks. It’s a sobering realization that once you turn the lights on, you see all the structural cracks you were previously stepping over. True visibility doesn’t just provide peace of mind; it often provides a grim inventory of everything that could go wrong.
The concept of “shadow AI” became a harsh reality with the Salesloft Drift breach in late 2025. Could you walk us through how unauthorized or unreviewed integrations can lead to such a massive compromise of sensitive data?
The Salesloft Drift breach in August 2025 serves as a haunting cautionary tale for the industry because it exploited the very “shadow AI” that many leaders ignore. In that incident, threat actors managed to steal OAuth tokens for a chatbot integration that connected directly to Salesforce, allowing them to extract data from several hundred instances. What makes this particularly gut-wrenching is that most of the affected teams had never even personally provisioned the tool; it was a third-party plug-in with an unreviewed grant that became the “way in.” Major players like Cloudflare, Palo Alto Networks, and Zscaler found themselves impacted by this single point of failure. It proves that a single unmonitored AI tool, tucked away in an employee’s workflow, can bypass the most sophisticated perimeter defenses.
The gap between executive confidence and practitioner skepticism is startling, particularly in the US where only a tiny fraction of frontline workers feel the situation is under control. How can organizations bridge this divide before this “misplaced confidence” leads to a catastrophic failure?
This perception gap is one of the most dangerous friction points in modern governance, as it prevents necessary resources from reaching the front lines. In the United States, 29% of executives believe AI risk is firmly under control, yet a staggering only 7% of the practitioners actually doing the work agree with them. The UK shows a similar, though slightly narrower, divide with 18% of executives feeling confident versus 11% of practitioners. As Adam Pilton correctly noted, misplaced confidence is a security nightmare because it focuses the conversation on productivity while ignoring how AI can be turned against the business. Bridging this gap requires executives to stop looking at AI as a magic wand for ROI and start listening to the technical evidence provided by their security leads.
What is your forecast for AI risk management?
I predict that the next eighteen months will see a forced “rebalancing” where the frantic rush toward AI adoption is met with a much-needed, and perhaps painful, regulatory and security crackdown. Organizations will likely shift away from the current “Wild West” approach to a model centered on zero-trust AI architectures, where every OAuth token and third-party chatbot integration is audited with the same rigor as a core database. We will see a decline in the use of unmanaged “shadow” tools as enterprises realize that the 25% time savings isn’t worth the risk of a total data breach. Eventually, the confidence levels of executives and practitioners will converge, but only after more organizations experience the harsh consequences of prioritizing speed over visibility. The focus will move from “what can AI do for us” to “how can we stop AI from being used against us.”
