TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Application Security CISOs Debate Human Role in AI-Powered Security CISOs Debate Human Role in AI-Powered Security by Alexander Culafi Mar 23, 2026 5 Min Read Vulnerabilities & Threats Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw by Nate Nelson Mar 20, 2026 4 Min Read World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Application Security Сloud Security Cybersecurity Operations Cyber Risk News CISOs Debate Human Role in AI-Powered Security The idea of a "human in the loop" in AI deployment was challenged during a security executive panel at the RSAC 2026 Conference this week. Alexander Culafi , Senior News Writer , Dark Reading March 23, 2026 5 Min Read Source: robert hyrons via Alamy Stock Photo RSAC 2026 CONFERENCE – San Francisco – Do AI deployments need a "human in the loop" or will people merely slow things down? That was a key question during an RSAC 2026 Conference panel in which security executives from Google Cloud, Vodafone, and PayPal discussed evolving AI use cases and how to safely deploy it in one's environment. In the panel titled "From Threat to Strategy: The CISO's Playbook for the AI Revolution," The Wall Street Journal's James Rundle asked Google Cloud chief operating officer (COO) and president of security products Francis deSouza, Vodafone global chief information security officer (CISO) Emma Smith, and PayPal senior VP and CISO Shaun Khalfan how security leaders can best adapt to the new AI landscape. The trio also discussed the role of humans in AI-powered security. For as many problems as the "AI revolution" hopes to solve, the introduction of LLM-powered security products has introduced and/or exacerbated other issues in the security landscape. Related: AI Conundrum: Why MCP Security Can't Be Patched Away Thanks to the high security standard needed to secure AI tools (lest they leak sensitive corporate documents and the like, thanks to a prompt injection), the shared data security model between AI vendor and customer remains something of a mess . AI advances outside the security organization, such as vibe coding, have also created challenges; an organization may lean too hard onto AI generated code without the right humans in the loop , making the CISO's job more complex. It must also be noted that many organizations have yet to find success in their AI security deployments, according to studies . Google's AI presence speaks for itself, as 50% of its code is AI generated with developer assistance. Vodafone security analysts are using it to automate various workflows and conduct other tasks, like making board executive summaries of technical subject matter — and Khalfan said PayPal is using AI to help detect fraud in its billion transactions per month. Smith said Vodafone began implementing AI when the company realized it was moving slower than AI would enable, and concluded that it would take a top-down approach from leadership to integrate it correctly. As in, everyone needs to be on the same page for how to implement AI technology in a safe, ethical, responsible way. Vodafone's solution has been AI Booster , a centralized machine learning platform leveraging Google's technology that's designed to help deploy AI and ML models at scale. It includes a central, reusable codebase that allows it to deploy established use cases quickly via pre-trained models and custom tools, and tracks how successful these processes have been, business-wise. Related: GlassWorm Malware Evolves to Hide in Dependencies Smith said Vodafone did that for business reasons, in part to track the value of different initiatives, but it also gives her privacy engineering team a framework to do interventions on each use case and ensure the proper guardrails are in place. Humans on vs. in the Loop One surprising note came in discussing the idea of placing a "human in the loop" — the concept that AI tools should include humans at some steps or even every step in order to ensure accuracy of an LLM's output. Although humans are part of the process, deSouza said that human-led defenses are often too slow to stop things like agent-led cyberattacks, and, as such, Google is moving toward agent-led defense. Smith agreed. "I totally agree that a human in the loop is not scalable if we think about our traditional security controls, the ones that rely on human behaviors are the ones that we don't rely on the most," she said. "Let's face it, we rely on the ones that are technical and automated and that we can prove over time. A human in the loop is not the solution for the long term, certainly on scaled operations, and I also worry that it will give a boring job to the human in the loop." Related: Real-Time Banking Trojan Strikes Brazil's Pix Users Instead, organizations should think about ways to get a human "on the loop" to get insights from AI, rather than controlling or overseeing the tools, because "it's just not going to scale," Smith said. She added that Vodafone has built a heat map that looks at the confidence in an AI's outcome and potential risk outcome. For very high risk impact use cases, Vodafone likely wouldn't pursue such an approach unless there was a big business benefit, "and then it would absolutely have a human in the loop." The Importance of Data Security and Collaboration Khalfan followed Smith by emphasizing the importance of putting everything one does in a data security wrapper. While PayPal is a proponent of the engineering and technological benefits of AI tooling, he added that "it's just as important to have a risk and compliance wrapper around it." "When we think about our key AI principles, it's data and security. It's privacy, it's transparency, it's explainability," he said. "As we wrap everything we're doing in these principles, it helps us keep this anchor of all of the efforts that we're making." An example of this is that PayPal's AI model teams rank them in tiers based on data sensitivity, establishing use cases, and then establishing what controls need to be in place to protect any sensitive data stored within. These controls are intended to protect the models against tampering and prompt injections . It means accounting for the many identities that AI agents will need. Part of this too, Khalfan said, involves collaborating with the larger ecosystem, such as the Coalition for Secure AI (CoSAI) , an industry-wide initiative that aims to facilitate collaboration between stakeholders and ensure more secure AI deployments. It offers a wide range of white papers and documentation based on multiple different workstreams. Alexandra Rose, director of government partnerships and the Counter Threat Unit at Sophos, tells Dark Reading that safe AI deployment is about encouraging curiosity and innovation while ensuring security. "I think it's important that security is not the world of no," she says. "It's how do we get to yes, and how do we get to a yes in a way that that we're protected?" RSAC Conference Mar 23, 2026 TO Mar 26, 2026 Join thousands of your peers at RSAC™ 2026 Conference in San Francisco from March 23–26. Discover new strategies, explore bold technologies, and connect with peers who share your challenges and ambitions. Don’t just attend the Conference—be part of the community that defines what’s next. Secure Your Spot Secure Your Spot About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. See more from Alexander Culafi Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: