Newsletter
Stay up to date with our monthly newsletter.
Covering the latest thought leadership, events, and news about identity security
What We Do
Partners
© MajorKey 2026

At a recent Bourbon and Banter event, Rob Sebaugh, Identity Strategist & Principal Solutions Consultant for SailPoint Technologies, and I hosted a group of senior healthcare leaders for a conversation about AI. What began as a discussion about boardroom pressure, clinical interruptions, shadow AI, and security controls quickly evolved into a broader conversation about ethics, built-in bias, trust, accountability, and the responsibility leaders carry when technology starts moving faster than the organization around it. We shared points of view, listened, challenged each other, and tried to understand the different realities sitting across the table.
Within that exchange, one phrase stuck with me: “Make AI Boring.”
I want to give Rob credit for inspiring the title, because it captures something I think many leaders are trying to get their hands around right now.
AI is exciting. AI is powerful. AI is disruptive.
But hot damn, it is noisy right now.
Every major technology goes through a period when expectations outpace reality. Interest surges, opinions multiply, vendors compete to shape the narrative, and boards want to understand both the opportunity and the risk. Executive teams feel pressure to move quickly, while risk leaders are often asked to explain what could go wrong even as the business is already testing new ideas.
But if you fast-forward five years, the picture usually looks very different.
When the hype has faded, the technology becomes less of a headline as capabilities are embedded in everyday workflows and accepted as part of how the organization functions. That is what I mean when I say we should make AI boring. When governance and controls are in place, outcomes are measurable, and people trust how AI is being used. It becomes another well-managed business capability rather than a constant source of debate, uncertainty, and noise. It’s a future state worth aiming for.
What do you want AI to look like five years from now, after the hype has faded?
This question shifts the conversation away from chasing every new use case and toward defining what “normal” should look like. In other words, how AI is trusted, governed, measured, secured, and used daily.
In five years:
These questions can help ground leaders in practical AI concerns like durability, scalability, and trust. By making AI boring, organizations can start treating it as an operating model instead of a series of disconnected pilots.
AI is everywhere. It’s in identity, data, security, compliance, and in board-level conversations about growth, risk, and productivity. AI’s presence across nearly every part of the organization is creating tension and fragmented discussions as CIOs focus on innovation, CISOs on risk reduction, and business leaders on operational outcomes.
AI can increase the tension between CIOs and CISOs because it doesn’t sit neatly in one lane. One side is often measured by how quickly and reliably the organization can deliver new digital capability. The other is measured by how effectively risk is reduced, controls are enforced, and obligations are met.
To lower the volume on AI, leaders need to have a shared model for:
Without agreement and alignment on these core actions, AI discussions and results will continue to be fragmented.
Trust is fragile. If AI feels like another tool being pushed into already strained workflows, adoption will suffer. If security decisions are made without input from the people expected to use AI, resistance will grow and value will be harder to realize.
To build trust, business leaders operational stakeholders need a seat at the table early and help to shape the boundaries and use cases for AI within the organization. Big AI promises are easy to make, but trust is built when leaders can point to practical use cases that reduce friction, improve speed, protect data, or help employees focus on higher-value work.
Leaders are right to ask direct questions:
Making AI boring means replacing broad promises with trusted, well-governed use cases that deliver value and fade into the background of everyday work, defining, “AI can help here, under these conditions, with these controls, for this purpose.”
As AI adoption grows, so does the challenge of identity management. Along with governing employees, vendors, and partners, organizations have a host of non-human identities to contend with, including AI agents, service accounts, bots, and connectors that may act on behalf of people, teams, or business processes.
Accountability cannot disappear because an action was performed by an AI-enabled agent or automation. As autonomous systems gain access to more data and business processes, understanding who, or what, is acting on behalf of the organization becomes increasingly important. So, how do we connect those actions back to an accountable owner?
Organizations need processes and policies for the creation, management, and governance of AI-enabled agents. Accountability requires:
As expectations around AI continue to adjust, boards, regulators, customers, and employees will increasingly expect organizations to explain not only what AI is being used for, but how it is governed. Organizations will need to demonstrate controls, explain decision paths, and prove that AI is not just being adopted, but responsibly managed. Without that confidence, AI stays loud.
Organizations need to move beyond experimentation and start treating AI like any other business capability: one that is governed, measured, secured, and aligned with organizational objectives. As AI becomes more deeply embedded across the enterprise, leaders must focus on the decisions, tradeoffs, and accountability required to scale responsibly.
This is where the idea of making AI boring starts to take shape. As innovation continues, the organization develops the structure and confidence needed to use it responsibly at scale. Leaders ultimately must answer practical questions like:
Those are the questions that move AI from concept to capability, and ultimately from a source of uncertainty to a trusted part of how the organization operates.
For organizations trying to answer these questions, a structured assessment can help separate practical next steps from industry noise.
MajorKey created MosaicStack to help organizations move from AI experimentation and uncertainty toward operational readiness and responsible adoption.
A MosaicStack workshop provides:
The outcome is simple: clarity, alignment, and a practical path forward your leadership team can trust.
Making AI boring doesn’t happen by accident. The MosaicStack Readiness Workshop helps organizations establish the governance, visibility, and accountability needed to use AI responsibly at scale.