Ivanti's Brooke Johnson Weighs in on AI Adoption & Risks

As enterprise AI adoption accelerates, organisations face mounting pressure to balance innovation with robust security protocols. 

The integration of AI into business operations introduces new vulnerabilities and challenges that security leaders must address head on.

Brooke Johnson, Chief Legal Counsel and SVP of HR and Security at Ivanti, speaks with Cyber Magazine about navigating the security implications of this technological shift.

Brooke says that building trust around AI is predicated on complete transparency regarding its use and a commitment to educating staff on the technology.

By fostering AI fluency and treating every AI tool like a new hire – evaluated, supervised and developed over time – security leaders can mitigate risks, address employee concerns and ensure AI serves as a secure enabler of business operations.

How would you describe the current state of enterprise AI adoption?

Enterprise AI adoption is moving out of its hype phase and into a moment of reckoning. 

Many organisations rushed to deploy AI to keep pace with competitors, but speed often outpaced strategy and governance. The result has been a proliferation of underwhelming tools, siloed systems and poorly integrated systems – which leads to AI slop.

These early efforts frequently prioritised rapid implementation over clear business alignment, governance or employee readiness. As expectations collided with reality, organisations began to see that AI alone doesn’t create advantage – how it’s deployed does.

Today, we’re seeing a necessary recalibration. Companies are stepping back to take a more deliberate approach, aligning AI investments to real business outcomes, strengthening governance and employee training, and focusing on sustainable impact rather than novelty. 

The current state of enterprise AI adoption is not retreat, but maturation – shifting from hype-driven experimentation to thoughtful, integrated and outcome-focused execution.

Ivanti’s research highlights growing employee anxiety around AI. 

How should leaders respond?

Leaders need to address AI anxiety as a strategic priority, not a side effect that will resolve itself. Employee concern isn’t resistance, it’s a signal that people want clarity, guardrails and confidence that AI is being introduced responsibly.

The most effective response is empowerment through thoughtful governance.  

At Ivanti, we’ve focused on balancing security with enablement by establishing an AI Governance Council – a cross‑functional group designed to clearly define acceptable and prohibited use cases. 

This gives employees a transparent path to submit AI tools for review, along with clear, practical guidelines. The goal isn’t to slow innovation, but to enable it safely and responsibly.

Additionally, education is critical. Employees need specific, actionable training on AI risks and security implications – not vague warnings. 

When people understand why guardrails exist and how they protect both the business and their work, anxiety decreases. One useful mindset shift is to treat AI like a new hire: every tool should be evaluated, supervised and developed over time. 

This human-centred approach helps ensure AI supports employees, rather than creating uncertainty around them.

Why is transparency critical to responsible AI?

Transparency is foundational to responsible AI because without it, risk multiplies silently. We recently found that among people who use Gen AI tools at work, nearly a third (32%) keep their AI use completely hidden from management.

Employees could be sharing company data or intellectual property with systems nobody vetted, running requests through platforms with unclear data policies and potentially exposing sensitive information – often without malicious intent, but with real consequences. 

Although the instinctive response for some leaders is to ban AI tools altogether, that approach is ultimately counterproductive. You don’t want employees to get better at hiding AI use; you want them to be transparent so it can be monitored and regulated.

This requires leaders to be realistic. AI use is already happening in most organisations, regardless of policy. High-performing employees, in particular, are actively seeking tools that help them work smarter and faster. 

Rather than trying to prohibit that behaviour, leaders should assess which platforms meet security standards and provide sanctioned options both employers and employees can trust.

What does a genuine culture of trust around AI look like inside an organisation?

A genuine culture of trust around AI starts with clarity and safety, not control.

Employees need to understand the real risks of AI, explained in specific, practical terms, rather than vague warnings or blanket restrictions. 

When leaders clearly explain why guardrails exist and how they protect both the business and employees’ work, AI governance is no longer perceived as punitive – it becomes an enabler of safer, more effective innovation.

Trust is also built by investing in people, not just technology. Organisations must treat AI fluency as a core competency, particularly for the next generation of leaders.

Increasingly, the ability to use AI thoughtfully to solve problems, innovate and make better decisions will be a defining advantage in the job market. Building that fluency early signals confidence in employees’ growth, not fear of their experimentation.

That investment needs to be tangible. Apprenticeships, mentorship programmes and hands-on learning pathways help employees build real-world experience with AI, not just theoretical knowledge. 

Creating opportunities for role exploration and internal mobility – especially into emerging areas like cybersecurity – demonstrates long-term commitment to talent development.

No single programme will solve this alone, but collective, intentional action can.

What does ‘treating AI like an employee’ mean in practice for governance and accountability?

Treating AI like an employee means every AI tool should be formally evaluated before it’s introduced, clearly assigned a manager and continuously monitored once it’s in use, similar to how a new employee is handled. 

Just as employees don’t operate without role clarity, supervision, or performance expectations, AI systems shouldn’t either.

In practice, this means defining what each AI tool is allowed to do, where it can and cannot be used, and who is accountable for its outcomes. It also means ongoing review – ensuring tools evolve alongside business needs, security requirements and ethical standards, rather than being deployed once and forgotten.

Just as we create an employee handbook, there’s a need to create guardrails that protect the organisation while giving employees the confidence to innovate responsibly. 

When AI is governed like part of the workforce, it becomes easier to hold it accountable, integrate it safely and ensure it’s truly supporting the people it’s meant to help.