New AI Initiative
The organisation rolls out generative AI, autonomous agents, or model-based features. Data goes into models the security team did not approve. Agents act with permissions nobody mapped.
The CISO discovers the security architecture has new surfaces with no controls. The CIO / CTO / Chief AI Officer becomes a co-buyer. Risk and legal join early.
Augmentation. The AI deployment is happening; security is being asked to make it safe, not stop it. Vendors who frame as 'safe AI velocity' win over 'stop the AI rollout'.
Tied to the AI rollout schedule — usually weeks to one quarter.
Talking to the security team only. The AI initiative has its own sponsor (often a CTO or CDO); they hold the budget. Security gets pulled in; AI security tooling that requires AI-team buy-in needs both buyers in the room.