What strategies are global organizations using to transform business processes in the era of agentic AI?
Where is the new tactical boundary between innovation and risk?
How are leaders managing staff differently now, as AI tools enhance efficiency?
Who can we emulate to try and keep up with radical change?
When will this craziness end — if ever?
These are just a few of the questions I have been asked over the past few months as I travel around the country when talking with CISOs, CIOs, CTOs, CFOs and others in government leadership.
ADDRESSING GOVERNMENT RISK IN 2026
As we head into the second half of the year, global trends in cybersecurity are changing rapidly as artificial intelligence tools take center stage. We are witnessing unprecedented transformations to public- and private-sector organizations as people, process and technology changes become the new normal.
For more background, just in the past month, some of the top cyber themes that this blog has covered include pieces of these themes:
First, a new report that came from Global Government Forum in Australia that explores how government organizations can ensure they have the right people, skills and partners to deliver on their digital visions. The report identifies six common foundations that underpin digital capability across governments, and how to make sure these foundations are resilient in a fast-changing environment.
Here’s a brief excerpt:
“Introduction: Progress, persistent challenges and a widening gap
Visibility of workforce, services and suppliers
In-house technical capability for strategic control
Broad digital capability across the civil service
Digitally confident leadership
Effective engagement with the private sector
Citizen capability and trust
Conclusion: Building capability that evolves with change.” Some of their top takeaways include:
■ “Internal capability to act as a ‘smart customer.’ Governments will need sufficient technical, commercial and delivery expertise to define requirements, assess options and manage suppliers effectively, rather than relying on external providers to shape solutions.
■ Clear frameworks for what to build or buy. As digital becomes central to public services, governments will need more consistent frameworks and guidelines to decide which capabilities must be held internally and where external support adds value.
■ Visibility of the supplier landscape. A clear, system-wide view of suppliers, contracts and dependencies will be essential to manage risk, avoid fragmentation and support more strategic engagement with the market.
■ Active market shaping. Governments will increasingly need to engage the market proactively – outlining priorities and plans, fostering competition and supporting innovation.”
Second, I’ll highlight findings from McKinsey’s 2026 AI Trust Maturity Survey, which reveal progress in trust maturity, alongside persistent gaps in strategy, governance, and risk management.
“AI adoption is accelerating rapidly, with organizations moving beyond experimentation toward scaled deployment of gen AI and, increasingly, agentic AI across core business functions. But as AI systems take on greater autonomy—making recommendations, triggering actions, and interacting with other systems—the consequences of failure grow materially. In this environment, AI trust and the responsible AI (RAI) practices that enable trust are no longer a tangential concern but a foundational requirement for realizing the full potential of the technology.”
Here are more key insights from the report:
“The survey uncovers 10 key insights about AI trust, which fall across three themes: the current state of AI trust, emerging risks and challenges, and how organizations are responding to close gaps and enable scale.
“Despite improved maturity on the whole, significant variance still exists, but companies are increasingly recognizing the importance of RAI investment:
RAI maturity continues to improve, yet strategy, governance, and agentic AI controls lag behind, with only about 30 percent of organizations reaching a maturity level of three or higher in these dimensions.
RAI maturity varies by industry and region: Asia–Pacific leads globally, and technology, media, and telecommunications and financial services outperform other sectors.
Investment in RAI is strongly associated with higher RAI maturity and realized value.
Security and risk concerns are the top barrier to scaling agentic AI.
Inaccuracy and cybersecurity remain the most frequently cited AI risks as adoption expands.
Active mitigation lags behind risk awareness across nearly every AI risk category.
AI incident frequency remains stable, but confidence in organizational response has declined.
Knowledge and training gaps are the leading barrier to RAI implementation.
Organizations with explicit accountability for RAI achieve higher maturity scores than those without clear accountability.
AI trust is increasingly viewed as a business enabler rather than a compliance exercise.”
OTHER PERSPECTIVES
An AI and risk management report from the Centre for Regulatory Strategy, which was authored by Deloitte, was released earlier this year and can be downloaded here.
This report covers AI adoption and risk management in financial services:
“Strategic Benefits vs. Core Barriers – While AI offers significant operational efficiencies and enhanced customer engagement, its adoption is heavily restricted by data quality scarcity, regulatory hurdles, and corporate culture resistance.
Nature of Evolving Risks – The primary governance challenge is not entirely new risk categories, but rather existing enterprise risks manifesting in unfamiliar, fast-evolving, and harder-to-identify ways.
Auditability and the ‘Black Box’ – Advanced techniques like deep learning introduce hidden decision layers that create severe transparency, auditability, and traceability challenges, making compliance with regulations like GDPR difficult.
Adapting Risk Frameworks – Organizations must transition to dynamic, shorter-interval Risk Management Frameworks (RMF) spanning continuous identification, assessment, control, and monitoring to counter rapid algorithmic errors.
Proactive Governance and Compliance: Regulators are increasingly scrutinizing AI uses; successful innovation requires boards and stakeholders to comprehensively understand algorithmic bias, establish clear accountabilities, and maintain robust human-in-the-loop oversight.”
One more from a very different vantage point. The Carnegie Endowment for International Peace produced this report late last year: How China Views AI Risks and What to Do About Them. Their new standards road map revealed growing concern over risks from abuse of open-source models and loss of control over AI.
“China’s most influential AI standards body released a comprehensive articulation of how technical experts and policy advisers in China understand AI risks and how to mitigate them.
“The AI Safety Governance Framework 2.0,1 released in September, builds on an earlier version of the framework released a year prior. Alongside the Chinese Communist Party’s (CCP) unwavering focus on “information content risks” from AI, Framework 2.0 responds to the advances of AI over the past year, such as the global proliferation of open-source models and the advent of reasoning models. It represents a significant evolution in risks covered, including those tied to labor market impacts and chemical, biological, radiological, and nuclear (CBRN) weapon misuse. And it introduces more sophisticated risk mitigation measures, establishing a rubric to categorize and grade AI risks that sector-specific regulators should adapt to their domain.
“The framework is not a binding regulatory document. But it offers a useful datapoint on how China’s AI policy community is thinking about AI risks. It could also preview what technical AI standards—and possibly regulations—are around the corner. Given China’s massive footprint in AI development, the impact of those standards will ripple out across the world, affecting the trajectory of the technology itself.”
Here is another great perspective on leading with agentic AI from Cisco Live Keynotes:
FINAL THOUGHTS
I have found that taking a step back and reading relevant surveys and reports from around the world can often lead to new insights on innovative opportunities in the U.S. State and local governments typically examine similar public-sector entities to learn best practices, but in 2026 we need to be looking globally for the practices of the best international projects and solutions.
I challenge government leaders to rethink technology risk from a global perspective in our new AI era.
