We’ve entered a workplace era defined by speed, decentralisation, and artificial intelligence (AI)-first thinking. Every function, from customer service to content creation, now leans on digital tools powered by machine learning and natural language processing. As a CMO, I’ve never had more tools to engage customers. But I’ve also never had to think so carefully about risk, writes Lisa Sim, VP marketing Asia-Pacific and Japan, Palo Alto Networks.

The growing dependence on AI, especially generative AI (GenAI) tools, has quietly introduced a new kind of threat – shadow AI. Much like the earlier trend of shadow IT, it describes technology being adopted by individuals or teams without formal approval, oversight, or security governance.

A marketer might install a copy-editing assistant, for instance, a designer might trial an AI-driven image tool, or a team might automate email responses. All without considering where that data is going or how it’s being processed. This is shadow AI.

AI risk is a real and present security threat

These tools are often intuitive, helpful, and faster than legacy systems. But here’s the catch – they’re also opaque. Unless there’s intentional collaboration between IT and business functions, risks can go undetected until it’s too late. Sensitive information might be used to train third-party AI models. Customer data might be mishandled. Intellectual property might inadvertently leak.

And this isn’t just hypothetical. According to Gartner’s AI Trust, Risk and Security Management (TRiSM) report, through 2026, at least 80 per cent of unauthorised AI transactions will stem from internal violations, not malicious attacks. That means the greatest AI threat is not necessarily cybercrime. It’s the well-meaning employee using the wrong tool in the wrong way.

As AI becomes increasingly embedded into daily workflows, the responsibility for managing this risk cannot rest with IT alone. That’s why CMOs and CIOs need to act in concert. When my marketing team experiments with AI, it affects the business holistically. From customer privacy to data storage to reputational impact, these choices carry weight far beyond marketing KPIs.

Modern workforces create new and more complex challenges

The rise of AI isn’t the only force changing the game, it’s also the shape of the modern workforce. Today, contractors, freelancers, and agency partners make up a significant share of marketing’s execution muscle. They help us scale quickly, fill capability gaps, and respond to fast-changing market demands. But many organisations still rely on legacy onboarding methods – shipping laptops across time zones, sharing temporary credentials, or managing access in spreadsheets. I’ve lived that friction. It’s inefficient, hard to secure, and impossible to scale. Worse, it creates major blind spots when it comes to governance.

In fact, 98 per cent of organisations report some level of BYOD (Bring Your Own Device) violation. Now, layer on top of that the AI tools these contributors might be using without oversight. Imagine a freelancer working on an executive presentation copying internal data into their personal AI writing tool. It’s not hard to see how brand damage, compliance violations, or reputational fallout could follow.

This is where CMO-CIO collaboration becomes a strategic differentiator. At my organisation, we’ve shifted away from the idea of “ownership” and toward shared enablement. That means working together to build smarter, safer environments.

We now use browser-based workspaces to grant precise, screen-level access to contractors. It’s quick, secure, and reduces the need for issuing hardware or juggling credentials.

Ask the tough questions prior to enablement

Beyond tooling, we’ve developed an AI enablement framework jointly with our IT team. This includes an approved list of AI tools, documented usage policies, training sessions, and a vendor review process. For every new tool we onboard, we ask the tough questions:

What data is collected, and where is it stored?

Who owns the model, and how is it trained?

Can we audit the system’s outputs or performance?

The same goes for governance around content creation. With AI tools now assisting in everything from blog writing, to product naming, to personalised ads, CMOs must partner with CIOs to ensure responsible use. That includes everything from bias mitigation in training data to ensuring that output meets brand tone and legal requirements.

Marketing speed sustainability is linked to tech resilience

I’ve come to see that marketing speed is only sustainable when matched with technology resilience. A campaign launch is only as strong as the system it runs on. An outage, a permissions error, or a data breach, can unravel weeks of hard work. That’s why we plan campaign and infrastructure roadmaps side by side. It’s not just about avoiding disruptions, it’s about building muscle memory for collaboration across teams.

In this AI-powered world, CMOs and CIOs must go beyond coexistence. We must lead together – anticipating risks, aligning on roadmaps, and reinforcing our shared commitment to customer trust.

After all, you can spend an hour with your CIO shaping a policy, or spend weeks cleaning up the mess. I know which I prefer.