Make AI Boring

July 14, 2026
|
Duration:
6
min READ

At a recent Bourbon and Banter event, Rob Sebaugh, Identity Strategist & Principal Solutions Consultant for SailPoint Technologies, and I hosted a group of senior healthcare leaders for a conversation about AI. What began as a discussion about boardroom pressure, clinical interruptions, shadow AI, and security controls quickly evolved into a broader conversation about ethics, built-in bias, trust, accountability, and the responsibility leaders carry when technology starts moving faster than the organization around it. We shared points of view, listened, challenged each other, and tried to understand the different realities sitting across the table.

Within that exchange, one phrase stuck with me: “Make AI Boring.”

I want to give Rob credit for inspiring the title, because it captures something I think many leaders are trying to get their hands around right now.

AI is exciting. AI is powerful. AI is disruptive.

But hot damn, it is noisy right now.

Every major technology goes through a period when expectations outpace reality. Interest surges, opinions multiply, vendors compete to shape the narrative, and boards want to understand both the opportunity and the risk. Executive teams feel pressure to move quickly, while risk leaders are often asked to explain what could go wrong even as the business is already testing new ideas.

But if you fast-forward five years, the picture usually looks very different.

When the hype has faded, the technology becomes less of a headline as capabilities are embedded in everyday workflows and accepted as part of how the organization functions. That is what I mean when I say we should make AI boring. When governance and controls are in place, outcomes are measurable, and people trust how AI is being used. It becomes another well-managed business capability rather than a constant source of debate, uncertainty, and noise. It’s a future state worth aiming for.

The Five-Year Test

What do you want AI to look like five years from now, after the hype has faded?

This question shifts the conversation away from chasing every new use case and toward defining what “normal” should look like. In other words, how AI is trusted, governed, measured, secured, and used daily.

In five years:

  • Is AI trusted by the people expected to use it?
  • Is it improving workflows and helping teams work more efficiently?
  • Does the organization know which AI tools, agents, and non-human identities have access to sensitive data?
  • Can security teams audit incidents, what data was used, and who was accountable for the outcome?
  • Is the business risk created by AI clear to leaders?
  • Are technology, security, and business leaders operating from a shared model?

These questions can help ground leaders in practical AI concerns like durability, scalability, and trust. By making AI boring, organizations can start treating it as an operating model instead of a series of disconnected pilots.

Why AI Feels So Loud Right Now

AI is everywhere. It’s in identity, data, security, compliance, and in board-level conversations about growth, risk, and productivity. AI’s presence across nearly every part of the organization is creating tension and fragmented discussions as CIOs focus on innovation, CISOs on risk reduction, and business leaders on operational outcomes.

AI can increase the tension between CIOs and CISOs because it doesn’t sit neatly in one lane. One side is often measured by how quickly and reliably the organization can deliver new digital capability. The other is measured by how effectively risk is reduced, controls are enforced, and obligations are met.

To lower the volume on AI, leaders need to have a shared model for:

  • How decisions get made
  • How risks are evaluated
  • How controls are applied
  • How accountability is assigned

Without agreement and alignment on these core actions, AI discussions and results will continue to be fragmented.

Trust is Required for AI Success

Trust is fragile. If AI feels like another tool being pushed into already strained workflows, adoption will suffer. If security decisions are made without input from the people expected to use AI, resistance will grow and value will be harder to realize.

To build trust, business leaders operational stakeholders need a seat at the table early and help to shape the boundaries and use cases for AI within the organization. Big AI promises are easy to make, but trust is built when leaders can point to practical use cases that reduce friction, improve speed, protect data, or help employees focus on higher-value work.

Leaders are right to ask direct questions:

  • Where can AI remove burden instead of adding it?
  • Which early use cases would prove value to the business?
  • Where could trust, privacy, or business risk be affected?
  • What decisions should AI support but never make alone?
  • How do we validate AI-enabled workflows before they impact customers, employees, or critical business processes?
  • How do we explain AI risk in a way that executives, business leaders, and board members can all understand?

Making AI boring means replacing broad promises with trusted, well-governed use cases that deliver value and fade into the background of everyday work, defining, “AI can help here, under these conditions, with these controls, for this purpose.”

The Governance Gap

As AI adoption grows, so does the challenge of identity management. Along with governing employees, vendors, and partners, organizations have a host of non-human identities to contend with, including AI agents, service accounts, bots, and connectors that may act on behalf of people, teams, or business processes.

Accountability cannot disappear because an action was performed by an AI-enabled agent or automation. As autonomous systems gain access to more data and business processes, understanding who, or what, is acting on behalf of the organization becomes increasingly important. So, how do we connect those actions back to an accountable owner?

Organizations need processes and policies for the creation, management, and governance of AI-enabled agents. Accountability requires:

  • Visibility into where AI is already being used
  • Standards for who can create, approve, and publish agents
  • Access controls that define what agents can see and do
  • Provenance to show where data, prompts, outputs, and decisions came from
  • Traceability to connect actions back to accountable owners
  • Auditability for regulatory, legal, security, and operational review
  • Lifecycle governance so agents are not created once and forgotten

As expectations around AI continue to adjust, boards, regulators, customers, and employees will increasingly expect organizations to explain not only what AI is being used for, but how it is governed. Organizations will need to demonstrate controls, explain decision paths, and prove that AI is not just being adopted, but responsibly managed. Without that confidence, AI stays loud.

Operationalizing AI

Organizations need to move beyond experimentation and start treating AI like any other business capability: one that is governed, measured, secured, and aligned with organizational objectives. As AI becomes more deeply embedded across the enterprise, leaders must focus on the decisions, tradeoffs, and accountability required to scale responsibly.

This is where the idea of making AI boring starts to take shape. As innovation continues, the organization develops the structure and confidence needed to use it responsibly at scale. Leaders ultimately must answer practical questions like:

  • What value can we prove?
  • Which risks need to be reduced?
  • What controls already exist?
  • Where are the security and compliance gaps?
  • What isn’t providing value?
  • What should we not allow?
  • What must be in place before we scale?

Those are the questions that move AI from concept to capability, and ultimately from a source of uncertainty to a trusted part of how the organization operates.

Cutting Through the Noise

For organizations trying to answer these questions, a structured assessment can help separate practical next steps from industry noise.

MajorKey created MosaicStack to help organizations move from AI experimentation and uncertainty toward operational readiness and responsible adoption.

A MosaicStack workshop provides:

  • A clear view of your current AI maturity across identity, data, security, and governance
  • Insight into gaps, risks, and control weaknesses
  • Practical recommendations to establish boundaries and strengthen oversight
  • A prioritized roadmap to move from experimentation to operationalization

The outcome is simple: clarity, alignment, and a practical path forward your leadership team can trust.

Making AI boring doesn’t happen by accident. The MosaicStack Readiness Workshop helps organizations establish the governance, visibility, and accountability needed to use AI responsibly at scale.

Authors

Brandon Nolan

Field CISO
linkedin logo
Connect on LinkedIn

Recent Blogs

Blog

What You Need to Know About Microsoft Entra ID’s SSPR Update and How to Mitigate its Operational Risks

Microsoft Entra ID’s SSPR Update and How to Mitigate its Operational Risks

What C-suite leaders need to know about the upcoming Microsoft Entra ID SSPR changes, its operational risks, and how to mitigate them.

Blog

Why IAM Becomes the Critical Path in Application Delivery

Why IAM Becomes the Critical Path in Application Delivery

IAM isn't why most projects start, but it's often why they stall. Learn how proactive identity governance accelerates application delivery.

Blog

TLS Certificates Are Privileged Credentials, CISOs Must Treat Them That Way

TLS Certificates Are Privileged Credentials, CISOs Must Treat Them That Way

Learn why CISOs must treat TLS certificates as machine identities to reduce outages, enforce governance, and strengthen Zero Trust.

Blog

Identity Modernization Is Dead. Long Live AI Readiness!

Identity Modernization Is Dead. Long Live AI Readiness!

AI readiness succeeds when healthcare organizations take an identity-first approach rather than a model-first one.

Blog

Evidence-Based Identity Governance for Streamlined Audits in Healthcare

Evidence-Based Identity Governance for Streamlined Audits in Healthcare

Auditors don’t just ask who has access today. Identity governance needs to be reframed as a continuous regulatory defense, not a periodic compliance exercise.

Blog

The Cost of Waiting: How Access Delays Erode Clinical Efficiency

The Cost of Waiting: How Access Delays Erode Clinical Efficiency

A modern identity strategy ensures access is there when it’s needed, protects clinical operations, and delivers measurable business value without disrupting care.

Blog

Identity Modernization: The Foundation for AI Readiness in Healthcare

Identity Modernization: The Foundation for AI Readiness in Healthcare

In a healthcare setting, AI failures can cause real harm. A strong identity foundation serves as the operational foundation for AI.

Blog

Decentralized Identity Explained: A Practical Q&A for 2026

Decentralized Identity Explained: A Practical Q&A for 2026

Explore the key concepts, benefits, challenges, and emerging trends shaping decentralized identity in 2026 and beyond.

Blog

IGA and Change Management: A Guide to Successful Engagements

IGA and Change Management: A Guide to Successful Engagements

When effective change management is integrated with IGA implementations from the start, organizations reduce resistance, increase alignment, and ensure new identity processes take root in a sustainable, scalable way.

Blog

Outcome‑Driven IAM: Why Identity Programs Win on Results, Not Tools

Outcome‑Driven IAM: Why Identity Programs Win on Results, Not Tools

Why IAM programs fail despite strong tools, and how outcome‑driven IAM delivers measurable risk reduction, audit readiness, and business value.

Blog

Breaking Down Identity Silos: Why Fragmented Systems Create Risk and Complexity

Breaking Down Identity Silos: Why Fragmented Systems Create Risk and Complexity

Learn about the challenges created by identity silos, the trade-offs between consolidation and governance, and how organizations can determine the most effective path forward.

Blog

Identity Proofing 101: A Practical Guide for Modern Organizations

Identity Proofing 101: A Practical Guide for Modern Organizations

Discover why identity proofing is a foundational security control for modern organizations.

Blog

Preparing your Organization for AI-Driven Identity Threats

Preparing your Organization for AI-Driven Identity Threats

Learn how AI‑driven identity threats are evolving and why governing AI agents as managed, privileged identities is key to secure, responsible AI adoption.

Blog

KPIs for App Onboarding: What to Measure and Why It Matters

KPIs for App Onboarding: What to Measure and Why It Matters

The most useful KPIs for app onboarding include percent of applications onboarded, time‑to‑onboard, and realized business value or ROI. These metrics give stakeholders clear visibility into progress and help keep the onboarding program accountable and predictable.

Blog

Have You Solved Your IAM Problem?

Have You Solved Your IAM Problem?

Struggling to make sense of your IAM ecosystem? Discover how to overcome tool overload, achieve continuous reliability, and align identity management with business outcomes. Learn practical strategies for visibility, observability, intelligence, and action—plus insights on AI’s impact in modern IAM.

Blog

Modernizing Identity Governance: Enabling Agility and Compliance Across the Enterprise

Modernizing Identity Governance: Enabling Agility and Compliance Across the Enterprise

Leverage automated onboarding, AI-driven access reviews, and just-in-time least-privilege controls to transform identity governance into a driver of security, compliance, and agility.

Non-Human Identity
Workforce Identity
Advisory
No items found.