NextFin News - The rapid proliferation of "Shadow AI"—the unsanctioned use of artificial intelligence tools by employees—has surpassed traditional shadow IT as the primary security risk for global enterprises, according to data and industry warnings presented at the RSAC 2026 Conference on Monday. As the European Union’s AI Act begins enforcing non-compliance fines of up to 35 million euros, cybersecurity leaders are calling for a shift from fragmented toolsets to unified security platforms capable of countering machine-speed threats.
Russ Schafer, Executive Vice President of Marketing at Fortinet, told theCUBE at the conference that the window for defending against automated attacks has shrunk to a matter of seconds. Schafer, a veteran marketing executive who has long advocated for the convergence of networking and security, noted that while it takes approximately four minutes for a ransomware incident to deploy, the average IT organization currently takes 168 hours to discover the breach. By moving to a unified platform that utilizes agentic AI for defense, Schafer argues that resolution timelines can be reduced to roughly 38 seconds.
The shift toward "agentic AI"—autonomous systems that can perform tasks and make decisions without constant human intervention—is the central theme of this year's security summit. Microsoft, Cisco, and CrowdStrike have all unveiled competing frameworks to govern these autonomous agents. Microsoft announced the general availability of Agent 365 for May 1, while Cisco launched "DefenseClaw," an open-source framework built on Nvidia’s OpenShell. These developments reflect a broader industry push to secure the entire AI lifecycle, from data ingestion to agent behavior.
However, the push for unified platforms is not without its skeptics. While large vendors like Fortinet and Microsoft promote "all-in-one" ecosystems, some security practitioners argue that such consolidation creates a single point of failure and may lead to vendor lock-in. Smaller specialized firms, such as AppOmni and Tanium, suggest that "unified" should refer to visibility across diverse environments rather than a single-vendor stack. They point out that existing tools often lack the depth needed to manage risks in complex SaaS layers where AI is now deeply interwoven.
The financial stakes of failing to govern Shadow AI are becoming concrete. Beyond the EU's regulatory penalties, the "dwell time"—the period attackers spend gathering information before making a ransomware demand—remains a critical vulnerability. Mimecast recently expanded its Incydr technology to include adaptive risk scoring for both human users and AI agents, highlighting that traditional security tools were never designed to monitor the pathways through which autonomous agents now share sensitive data.
The current market landscape suggests a transition from the "AI hype" of 2024 and 2025 toward a more pragmatic, albeit high-stakes, focus on governance and automated remediation. As organizations integrate local Large Language Models (LLMs) and user-built automations, the distinction between IT operations and security is blurring. The success of these unified approaches will likely depend on whether they can truly operate at "machine speed" without compromising the flexibility that led employees to adopt unsanctioned AI tools in the first place.
Explore more exclusive insights at nextfin.ai.
