Boards Can't Stay at 30,000 Feet Anymore

Show Notes

AI is collapsing the space between oversight and ownership.

In this episode of the AI Proving Ground Podcast, NASDAQ Global Head of Board Advisory Byron Loflin and WWT Global Head of Cyber Advocacy Kate Kuehn break down why boards are entering an age of accountability and what happens when AI moves faster than governance can keep up.

As AI moves deeper into the enterprise, the challenge is no longer adopting the technology. It's knowing who owns the consequences. Byron and Kate unpack what happens when innovation moves faster than governance, and what leadership accountability looks like in an AI-driven world.

Because the question is no longer whether AI changes the business. It's whether leadership changes with it.

Support for this episode provided by: Rubrik

More about this week's guests: 

Byron Loflin is Global Head of Board Advisory at Nasdaq, where he leads board assessments and boardroom training for Nasdaq Governance Solutions. Founder and former CEO of the Center for Board Excellence, acquired by Nasdaq in 2019, Byron is known for his work in board performance, governance, accountability and corporate strategy. He advises boards and executive teams on governance practices, board effectiveness and organizational leadership.

Kate Kuehn is Global Head of Cyber Advocacy at WWT and brings more than 25 years of experience leading cybersecurity, technology and AI strategy across the industry. Having served in executive leadership roles including CISO, CEO, Chief Trust Officer and board advisor, Kate is known for helping organizations navigate the intersection of security, risk and emerging technologies. She advises leaders and boards on cyber resilience, AI adoption and integrated risk management strategies.

The AI Proving Ground Podcast leverages the deep AI technical and business expertise from within World Wide Technology's one-of-a-kind AI Proving Ground, which provides unrivaled access to the world's leading AI technologies. This unique lab environment accelerates your ability to learn about, test, train and implement AI solutions. 

Learn more about WWT's AI Proving Ground.

The AI Proving Ground is a composable lab environment that features the latest high-performance infrastructure and reference architectures from the world's leading AI companies, such as NVIDIA, Cisco, Dell, F5, AMD, Intel and others.

Developed within our Advanced Technology Center (ATC), this one-of-a-kind lab environment empowers IT teams to evaluate and test AI infrastructure, software and solutions for efficacy, scalability and flexibility — all under one roof. The AI Proving Ground provides visibility into data flows across the entire development pipeline, enabling more informed decision-making while safeguarding production environments. 

Chapters

• 0:00: The Age Of Accountability Starts Now
• 1:52: Boards Get Closer To The Controls
• 7:07: AI Killed The Silos
• 9:26: The Report Boards Aren't Asking For
• 14:09: When AI Becomes A Fiduciary Risk
• 17:41: Boards Need A New Operating System
• 23:29: Kill Switches And Keeping The Lights On
• 26:47: Your Supply Chain Has A Blind Spot
• 30:09: Productive Paranoia Wins
• 35:22: Leadership Changed Too

Transcript

AI Pushes Boards Into Accountability

SPEAKER_03 0:00

As you're thinking about, you know, this age of accountability, you have to, you know, you can't be an expert in everything, like, you know, between quantum, AI, all the different things, there's no way. You have to be a novice in everything, but you have to be able to trust that the steering committees and the people that you're bringing in are giving you enough information to make those responsible decisions. And if you're not willing to understand the actual material now, you know, fiduciary impact that your decisions can have both on the company and on you as a member, then maybe it's not the right retirement job for you.

SPEAKER_00 0:32

When boards talk about artificial intelligence, the conversation often starts at a very high altitude. Things like strategy, opportunity, transformation, competitive advantage. But the reality of AI inside an enterprise is much messier than that. AI can be a fast-moving system that can influence decisions, reshape workflows, move information at speed, and introduce new kinds of risk, sometimes all at once. And for boards, that creates a difficult challenge. They're responsible for oversight, but they're naturally removed from day-to-day implementation, which means the technology may be moving faster than the governance designed to understand it. So on today's episode, we're talking with NASDAQ's global head of board advisory, Byron Laughlin, and WWT's global head of cyber advocacy, Kate Keene, about whether the board and the C-suite are prepared to steward all of this together. Byron and Kate, who are both working with the boards and C-suites of the world's largest organizations, will explore what this new leadership model looks like, what boards actually need to understand about AI, where trust between the board and management can break down, and why stewardship may be the real job in the age of AI. So let's get to it.

From High Altitude To Hands-On

SPEAKER_00 1:52

Typically, you know, we we find ourselves talking about, you know, hardware, infrastructure, you know, real technology, also, you know, business outcomes too. But today we're talking about boards. Byron certainly that you know lends itself to your position with NASDAQ. You know, boards, at least as I think of them, designed to be, you know, 30,000, 50,000 feet up in the air and and and and driving stewardship that way, that's kind of conflicting with AI, which is compressing that day-to-day all the time. So what types of tension is that creating, you know, Byron within the boards?

SPEAKER_01 2:23

You know, let me use this analogy. Yes, it used to be 50,000 feet, let's say, if you're flying around the world. But now, with with Wi-Fi on planes, they're connected. And they're connected to and responsible for at the stewardship level, everything that happens in a company. And so AI being the culmination of significant tele technology over the last 40 years, suddenly it's headed towards this new thinking way and they need to be in touch with it.

SPEAKER_03 2:58

You know, it's interesting because we're seeing the shift right now. So it had been autonomous systems, AI, you know, there was this age of innovation, and we're still in that age, but we're now entering, from a board perspective, the age of accountability, where boards are looking for to ensure that the ROI that you're expecting from AI is coming in on one side, but the risk that's coming in on the other side as AI kind of normalizes out into environments, we're now seeing kind of two things happen. One is as the pace of innovation doesn't slow down, we've had to create kind of new governance models, new ways of thinking to address the physical pace that we're looking at the changes at, and how do we keep risk in line with that? So there's some new frameworks that have come out. There's been some regulation, we could talk more about that. On the other side of the fence, it's created from a board perspective the necessity, and we were talking about this at lunch a little bit, the the silos are coming down. So you can't look at cyber in one silo, traditional technology another, AI in another. You have to think about how technology holistically and cyber holistically, because cyber is still, and you've heard me say this before, anything with the computer, computer transmission, how they're impacting across an entire organization. And that's been a huge shift for boards.

SPEAKER_01 4:17

It is a it's a significant shift. And they're in touch, therefore, more with workforce, with technology development and how it's going to deliver on ROI. But is it going to injure and who is it going to injure if it is anyone outside the organization or inside the organization? What are the implications of this rapidly moving technology? And we we honestly don't know. A part of this discussion is to admit we're seeing it unfold. So be in touch with the unfolding is the charge I would offer to boards to think about more holistically.

SPEAKER_00 4:52

So, Byron, I mean, accurate to say it's shifting from a board or maybe even an executive mindset as well of are we using AI safely and shifting more towards really having to understand those dependencies, the different systems that are being used, and really any types of levers and knobs that are associated with those tools?

SPEAKER_01 5:08

Yeah, and I don't think we should get caught up in the silo, if you will, of are we using it safely? As you indicate, sure. It's more let's understand it, understand the opportunities and risks and working with you know, ERM for the board is enterprise risk monitoring. So, how well is the management team managing it? And AI is just one of the things that they're managing. It happens to be touching every butt part of the company today. Yeah.

SPEAKER_03 5:36

Yeah. Organizations, I mean, at its core, people forget AI has been around for 70 plus years. So we watched this transformation from a board perspective with the first iteration, if you think about robotics, and we saw it again with you know algorithms, and now we're seeing it again with generative and now agentic. So we've been through this pace before. It's the speed of change that I think is different with this iteration of AI. But organizations only use AI for two reasons. One is brand differentiation, or the other is some type of cost efficiency where you're going to get more productivity. And so to Byron's point, understanding the opportunity and the risk and looking at that from a ledger perspective and what the ROI is, is where we're starting to see boards really have to think about how do you create the accountability on that. And when you look at holistically on the accountability piece, it comes down to the leveraging of AI impacts, to your point, the traditional technology stack, the digital experience. Are your customers internally or externally going to use it? And your cyber stance. So there has to be a knowledge share across those different risk groups in order to create the right type of enterprise monitoring controls to make sure AI is doing what it needs to be doing in an organization.

SPEAKER_01 6:50

And it's a capability layer that runs across the organization. And I would emphasize that to board members, understand the your various divisions and how that capability layer is impacting each one of them at the board level.

AI Oversight Means No More Silos

SPEAKER_00 7:07

So the board's relationship with technology has fundamentally changed. They're not observers anymore, they're now accountable. And that shifts what management needs to provide and what boards need to be asking for. Byron and Kate have been pretty specific about what that looks like in practice, starting with something almost no board is routinely asking for right now. So how is that changing the math for C-suite and executives who have to interact with the board? If the board's kind of coming down and being maybe a little bit more hands-on, how is that shifting the role of, you know, an exec pick your pick your C-suite?

SPEAKER_01 7:41

More mind in. Okay. Deeper mind in. They don't need to be hands-on, but the challenge for management today is to be more to utilize the board more effectively. And a part of that that I would suggest is seeing more boards come with their management teams to places like WWT and your innovation center and these kinds of places. So they see, they get bits and pieces of what's actually happening on the ground at the AI layer level and how that relates back to their organization as they see these dots connected by folks like WWT.

SPEAKER_03 8:21

We're seeing some friction, you know, as these new technologies come in, you know, and we not only have AI, but we also have quantum on the horizon as well, where the CEO is tasked with really heavy pressure to innovate. And you have the risk teams, whether that's the CISO or the CTO or the CIO, having to kind of temper and balance that CEO need of innovation, and then the question and risk on the other side. And so we're seeing some unique things come out about how do you kind of create that balance of either a security debt, you know, kind of a scenario, a risk ledger. How do you look at that holistically so that you're not, as a from a board perspective, putting your company in fiduciary jeopardy or any type of regulatory jeopardy by allowing that innovation, but also being cognizant of the risk or the security debt that you could have by letting innovation go faster than potentially the security posture is.

SPEAKER_00 9:13

Yeah. And Byron, that was that's connecting the dots for me here in my head about, you know, one of the things that you were pretty bullish on in the prep call that we had a few days ago, just about the board needing to see more consistent and accurate error

Why Boards Need AI Error Reports

SPEAKER_00 9:26

reports. Is that is that the right kind of bridge to make there?

SPEAKER_01 9:28

Yeah, that is that's something that that every board should be expecting now. Every management team should be providing. And that is what is the what are the errors that are occurring? And I would start with all errors, so that the board's training themselves up to because when you see an error report and you see what the errors were at this early stage of AI, you can start to say, okay, now I'm gonna imagine what's possible in the error, in the errors that could downstream have a have a reputation impact that's particularly if it's very negative. So an error report would be listing the things like a threat report in cyber. It's not meant to for in in a sense, it's probably not even it doesn't even need to be debated. It's just a report that they review and what are the trends we're seeing would be a nice addition that that uh the management team could provide as to what do these errors mean and what why do we think they're occurring? Because if they change next month and they fix them, that's a part of the progress. If they don't, then we're looking for ways to improve.

SPEAKER_00 10:40

Yeah, maybe just to push to get a little bit more specific, what are these errors? Are we talking about errors in you know model choices, errors in uh usage of AI or something that I'm not even thinking of?

SPEAKER_01 10:50

Well, errors in reporting of any sort. So it could be errors in their in their product specifications, got it, and things that they've put out could be error in a news release. It's like it's like miss uh missing guidance and not reporting it accurately. Yeah, that happens from time to time, and what happens is the the street spanks that company for doing that, yeah, and then they have to correct it and re and re-report. Right. It's so it's very important that they are upfront and aggressively reporting to the board. The the the board should be their ally in this, though. This is an adversarial. The errors are going to occur. We're moving very quickly. The the quicker you move, the more possibility of errors occur.

SPEAKER_03 11:38

It it's it's there's kind of two things when we talk about error reports. So we're starting to see the regulators, and on the 20th of last month, actually the White House released the national AI, in a sense, policy framework of what's coming from a legislative perspective. And to Byron's point, there's kind of two areas that we are gonna have to get even better from an error report perspective. One is, you know, around algorithmic fiduciary duty. And what that means is the ability to really understand, measure, quantify, document how your autonomous systems are working and when there's failure, what was your remediation? How did you execute? What was the time? You know, those kinds of things. The second piece, which is going to be really interesting, I think, as we go forward, is the materiality piece of it. So we're used to hearing about materiality and cyber breach, you know, what was the impact to the organization, the financial exposure. We're now seeing, you know, a push towards materiality around AI and AI failure specifically. So that error report and being able to translate that into kind of, I think, a more mature model around materiality, around fiduciary reporting is going to be a big trend over the next year or two as we start to refine that process.

SPEAKER_01 12:50

And and companies will quickly find that threshold of materiality in a year or so. Or I don't even want to put it necessarily a time, whatever's appropriate. But starting early to show the the errors at a more rudimentary level and even at a lower level, smaller level, I would recommend that that those reports are being produced for at least the next few years or the few years of the life cycle of AI in a given company. Yeah.

SPEAKER_03 13:18

And we're starting to see with AI being leveraged in security. So you have both sides of it, you have AI being used to innovate organizations, you also have AI being used to secure innovation or secure organizations. And we're starting to see push in some of the policies and frameworks that are coming out for boards to have a really deep understanding and an ability to measure things like continuous monitoring for model drift, looking at data lineage and training, those types of things. And then also thinking about like adversarial and red team logging and zero trust evidence that you have to be able to document. And while the board doesn't need to know everything about a zero trust documentation or a red team log, the ability to procure that information for a board as part of the what's being reported out from a material perspective is becoming more critical that we're able to do that in an articulate manner around your autonomous systems.

Fiduciary Duty And AI Materiality

SPEAKER_03 14:09

That's really new.

SPEAKER_00 14:10

That's the internal picture: error reports, algorithmic fiduciary duty, materiality thresholds, continuous model monitoring. Boards building these practices now are building ahead of the mandate because the regulatory environment is moving. And the question isn't whether national AI policy arrives, it's whether your board is positioned when it does. Are boards becoming more savvy than maybe security executives are giving them credit for, meaning that they can deliver some of this messaging and they would be open to receiving it?

SPEAKER_01 14:39

I I think they are. And and I I think that there is a lot of pressure in the marketplace of ideas and of board members. Yeah. That to be a an effective board member today, one needs to be attending and engaging with AI actively. So attending conferences and things that probably all of us attend, and but then engaging in various, you know, buy one for a year or six months, or buy all of them, depending on what you want to do and how much you want to interact. But but being involved, being engaged with it actively.

SPEAKER_00 15:15

How in tune do you would we advise a board member has to be with some of these emerging AI regulations, knowing that they're all kind of unfolding in front of us in real time?

SPEAKER_03 15:25

At this point, I think you know, you agree with me, it's a watch and monitor scenario. So the intentionality, the frameworks are out of what the ask is from a legislative perspective, but we're not quite there yet. The trends that we're seeing that are going to really impact the board is at the, you know, the the administration, this current administration, had kind of looked at a push of pushing some of the AI policy on a state level, and that's now been pulled back. And the request is to really look at national superseding states. So understanding and keeping an eye on what's going on from a state level, but understanding there's going to be national policy around AI is one thing. The second thing from a policy perspective is there's this concept of reasonable security and that boards are going to be responsible for maintaining on their autonomous systems this concept of reasonable security. It's interesting because it reminds me of when cyber was starting to get regulated a few years ago, there was a term out there of cyber negligence. And there was always never really a definition around what true negligence meant. We're seeing kind of the same thing with reasonable. And so boards are starting to have to really understand and think about what does a reasonable baseline from autonomous system security mean? How does it impact, again, materiality? So as policy unfolds, you know, we saw the AI action plan last year. It's a bit delayed. We have what's called Circia that's coming out, which is the reporting mechanism for critical national infrastructure. And now we have the AI policy framework. So you're going to see all this kind of evolve over the next year. And so from a board perspective, monitoring it and not necessarily reacting at this moment, I think is the advice. Would you agree?

SPEAKER_01 17:03

Yeah, I agree. And and that's where busm the business judgment rule and prudent person come into play. What is reasonable? And using those as a backdrop of your thinking uh about am I educated enough? You know, it's got to pass the smell test ultimately.

SPEAKER_00 17:23

I mean, are are are boards open to that watch and monitor, or is that the preferred state? And then how do you deal with the business thinking about like in our case, like you know, we want to move fast with AI, we want to do it with guardrails, but we want to certainly, you know, carve out as much of a position as we can. So how do how do you grapple with

Tech Committees And New Board Skills

SPEAKER_00 17:41

that?

SPEAKER_01 17:41

Yeah, and that that reiterating the enterprise risk monitoring responsibility versus managing and working together well, that's where and and this brings up this brings to the forefront really, should be debating actively. Do you need a technology committee that's helping augment this monitoring role? And if if audit can handle it, then maybe not. But I would I would recommend thinking holistically about it because there's a tendency for audit to look at today and what has happened in the last quarter of the last year. What this committee we're talking about would be needing to imagine what's possible good and bad into the future with our technology.

SPEAKER_00 18:28

So you're you're advocating for technology committees.

SPEAKER_01 18:31

I lean towards it. It's not a one-size-fits-all for every company because some aren't using that much AI. But I would lean towards it for companies that want to be innovative forward.

SPEAKER_00 18:42

Does that require a new skill set from a board member, or do those skills or mindsets generally already exist on most boards?

SPEAKER_01 18:49

Well, one thing I'll disclose is I'm having quite a few boards reach out to me looking for our next board member would be someone who's in an AI company or a very active business that's utilizing AI and someone in the C-suite that has general business knowledge too. So that's someone that's quite adept, relatively speaking, in the AI world.

SPEAKER_03 19:11

Byron's right. What we're advising a lot is the creation of a steering committee, a technology steering committee. And that committee can help, in essence, a board can't learn, like we talked about, every aspect of what we're discussing today. We end up like I've said a million times, sounding like a Snoopy teacher. So the steering committee needs to sit across all areas of the business, you know, HR, your sales team, what are the business objectives that you're trying to bring the technology in from? The steering committee can help advise the board on the first concept that I think is super critical when you talk about autonomous systems, and that's what to achieve what's called minimum viable company. Meaning if AI were to fail, if there was malicious mistake, malfunction, you've heard me use the three M's on risk a thousand times. How do we make sure the lights stay on and we're still making money? So, what is that definition of MVC? When the steering committee and board are aligned on MVC, it allows, you know, the CEO and executives to then start to think about that risk ledger. If you're gonna execute something from an innovation standpoint, you can create that error report, that ledger to understand what is the security debt, what is the risk debt you're creating by accelerating that innovation. It also then gives the ability for that evaluation of how long is it gonna take for that debt to go back up to MVC, what's the impact if something goes wrong? You know, are we talking six months before we're back to stateable MVC? Is it longer? But then the thing I always recommend is that the board empower your CISO or whoever your chief technology risk officer is, that they are allowed a kill switch, that if something really goes off the rails, if the innovation isn't going right, that they have the authority, now they're gonna have to report it to the board, but to say, nope, we're done, we're not doing it, whatever else, the risk is too great. But that gives the ability to have a steering committee that's looking holistically the opportunity for the C-suite to accelerate innovation with an understanding of how the impact to the business is, and ultimately to have that risk decision maker have a final say if something goes off.

SPEAKER_02 21:18

Yeah.

SPEAKER_01 21:18

And if that relationship's at the right place, then that steering committee is naturally the one of the right groups to be conducting the reporting up to the board through possibly through one of the management members. But they're they're the ones observing and providing information that's vital to the board's understanding of AI utilization.

SPEAKER_00 21:38

Are these new motions needed from the board, or are these just the same motions that we've seen need it for a while, but with maybe with just a little bit of a different tone or or ripple to it?

SPEAKER_01 21:49

The the it's it's a different tone in that it's elevated. If if what we're talking about is not of interest to you as a board member today or as an aspiring board member, Then the board job may not be for you. The expectation of board members to know more, to be more knowledgeable about subjects like this, particularly that are vital to the PL of their company, then they're ready to advance their board career. But if not, think about another way to retire.

SPEAKER_03 22:22

There's he you're exactly right. I mean, I think 20% of the job I do is, you know, there's aspiring technologists, as so is others, that want to be on boards. And I always counsel, you have to think about like even with the policy shifts we were just talking about, congrats, we're now in the age of accountability. And, you know, when you're in a board seat, there is fiduciary concerns from a materiality perspective. There's also DNO. You're responsible. It's your name, your, you know, your own persona that's helping this company. And you have to take that very seriously. And so as you're thinking about, you know, this age of accountability, you have to, you know, you can't be an expert in everything. Like, you know, between quantum, AI, all the different things, there's no way. You have to be a novice in everything, but you have to be able to trust that the steering committees and the people that you're bringing in are giving you enough information to make those responsible decisions. And if you're not willing to understand the actual material now, you know, fiduciary impact that your decisions can have both on the company and on you as a member, then maybe it's not the right retirement job

Minimum Viable Company And Kill Switch

SPEAKER_03 23:29

for you. Yeah. No, I carry a very, very, very large GNO policy, one from my years as a CISO and the other from my board work.

SPEAKER_00 23:38

But Kate, I'm glad you I'm glad you brought up the word trust. And Byron, I know this has definitely been a key word that I've seen you use on other podcasts or within articles that I've seen you write for for NASDAQ. You've talked about how trust is the core. Is that is that trust between boards and senior leadership? Is it between boards and the AI? Is it just trust all over the place? Maybe give me a little bit of sense of it.

SPEAKER_01 24:00

Yeah, at a grant at a more granular and practical level, it's building the trust between the board. And that's going to extend, therefore, for the board to understand bits enough of things like third party risk.

SPEAKER_02 24:12

Yeah.

SPEAKER_01 24:12

And where management is addressing third-party risk all the time, or should be all the time. The the board members, the SEC is not going to expect the board to know everything about third-party risk, but are you monitoring it effectively? That would be a question that board members should answer for themselves.

SPEAKER_03 24:31

And to your point, there's been a traditional friction between the technology teams and the board. You know, one of the reasons we created a global advocacy program from a cyber and AI perspective here was the friction that we saw of trust. You know, every time we were in front of a board, it was how do I know I have a good society? You know, how do I know I can trust the decisions that are coming from a technology perspective? And I'd say almost half the work we do from an advocacy perspective, either AI or cyber, is how do I effectively communicate to the board? So Byron's right, being having that trust between the two and making sure you're speaking a common language around the business risk and the impact technology has on it is super critical if you're going to innovate effectively and in a timely manner.

SPEAKER_00 25:19

We've covered the structural answer, steering committees, kill switches, MVC definitions, clear reporting chains up to the board. But structure only gets you so far. Governance is relational. And at the relationship level, it comes down to whether a board member can hold an intelligent conversation about the technology they're responsible for overseeing. Kate has a take on what that literacy actually requires, and it's not what most people assume.

SPEAKER_03 25:44

So it's not a question of, you know, I always choke that you should never be an expert in anything, novice and everything. You won't know a little bit about everything. And from a board perspective, getting deep in the technology is not where, you know, I think we need to go at this moment. What it is is the impact of the technology onto the business. How is it impacting? And I think to Byron's point, having a base understanding, getting to feel and touch and see what makes the AI work, the technology behind it, the supply chain, all the different bits and pieces is really important just to get a base level understanding of all the complexities that the technology teams that are putting it together are dealing with. Because, you know, it's great to have Chat GPT that can come and you know all of a sudden solve world hunger and peace and everything else in a click of a button. But if that, you know, if there's a model leak or if something goes off, not understanding the complexity around it, it's hard to grasp just how massive some of these systems and these programs are and the underlying, you know, in essence, risk that's associated with those.

SPEAKER_00 26:46

If

Supply Chain Risk And Data Exposure

SPEAKER_00 26:47

boards are going to be expected to be more accountable for, you know, some of these AI systems that are put in place, how much visibility into the supply chain do they how much visibility are they reasonably expected to have? I mean, how far can you go up or downstream to understand where the risk is?

SPEAKER_03 27:02

This has been a hot debate in the industry for a while now. In fact, um Pat OPED, who's the CSO JPMC, put an open call out about a year ago talking about supply chain and the need for more responsibility in supply chain. From a board perspective, you know, first and second party risk, you know, going down to your critical suppliers is really important. But then you start getting into third and fourth party and it gets a little murkier. What I always counsel is again, you have to understand and take it up to a level because there's a fatigue when you talk about risk. There's a fatigue when you talk about supply chain, there's a fatigue across all areas when it mentions cyber. And what I would say is when you start to think about it again, look at your supply chain from a critical business perspective, the MVC. And what are the suppliers that, if something goes wrong, are going to impact you materially? And then make sure they're doing the same things so that while you don't have to monitor the third and fourth party, your critical suppliers are demonstrating to you that they have the same type of controls. We saw it last year with one of the big healthcare breaches that the supply chain impact of that breach, nobody realized the ramifications. You know, literally ambulances weren't able to go, doctors weren't being able to bill, you know, and that that really was a wake-up call of understanding from a board perspective can you demonstrate at least first and second risk.

SPEAKER_01 28:28

And they need to carry that into AI supply chain risk. Who is providing who's providing the AI capabilities? And the the again back to the third party risk. The board should understand at that high level of what who are our providers and can we trust them? And that's that goes back to the relationship between the board and management. To what extent can we trust management to provide us with sufficient information that we can make decisions and debate well about that decision process?

SPEAKER_03 29:03

It also goes one step further. It's not a question, it's also a question of how are they leveraging data? How are your suppliers leveraging the data from an AI perspective? And the reason I say that is, you know, if you don't know how the data is being leveraged, is it being put into an open source model? Is it coming going outside your organization? What are your EULAs, your end user license agreements, and how are they impacting the data that you're providing? That can be a huge area of exposure for boards. There was a landmark case a couple of years ago. Samsung lost a patent that they'd been working on for almost 10 years because an engineer decided to put some of the code in an open source system unwittingly, thinking it was going to help them. And it negated the entire patent. Imagine having to report that as a technologist up to your board that you've lost 10 years' worth of work because you know someone thought they were doing something that would be good. So that's where all of a sudden, too, from an AI perspective, you know, you have the supply chain, but looking at it from a security and across the other risk towers, IP, those kinds of things, that's new for us. That's not something we've had to do before from a technology perspective.

Stewardship Mindset And Productive Paranoia

SPEAKER_00 30:09

Byron, is is the board's duty more to drive innovation, capture opportunity as it relates to AI, or is it more on the side of putting up guardrails or anticipating the risk? You might say both. I'm gonna tell you to pick one.

SPEAKER_01 30:22

I believe it's the board's responsibility to instill confidence in the management organization to where they feel like they have both the responsibility and the dual accountability to implement well to the benefit of stakeholders and particularly shareholders, because of the risk involved with spending the level of capital that's going into AI today. And are we going to see sufficient return on investment?

SPEAKER_00 30:51

And Kate, what based on what Byron just said, what do boards need in place to ensure that happens, that they can make some of those decisions, that they do have that insight?

SPEAKER_03 31:01

You know, we've talked about it a lot from a trust perspective, and that's having stewards around them that build trust and confidence around the technologies and the decision making around how they're leveraging the technologies to instill and ensure that what they're creating for their companies, what they're you know, looking at from a management perspective, are good, solid, right choices that future-proof innovation. Boards are, you know, there's there's an innovation stewardship aspect of being on a board right now in today's world that you you're responsible for helping drive companies forward at a pace that we've never seen before. So having the right advisors around that board is really critical.

SPEAKER_00 31:42

Who do you think is better positioned right now in terms of like a standard board member? A new, a newer to a board member role who might have more fresh thinking, or somebody who's been ingrained in the business for a long time, but might be stuck in in what they're what they're talking about.

SPEAKER_01 31:56

The the latter should be considering their how to learn new lessons and and to do that aggressively. And I would encourage them to attend things, you know, do a little research, ask your CISO, ask your CTO, and and find ways to learn if you want to maintain your board positioning. And and another part of this is that new board members and old board members, if they build relationships that's like a coach, like a coaching relationship, mentoring relationship, if a board's not doing that, they're missing a lot of opportunity. I I with the boards that I interact with, I don't think there's a single board that doesn't have that. And particularly if you've got a a board member who's leaving, already announced they're leaving, I'd get that new board member in so they overlap with each other to exchange institutional knowledge for at least a couple board meetings, too. Don't just bring the new guy in the front door and send the old guy out the back door, yeah, kind of thinking. Think how can we how can we elevate the board's understanding of the topics that we touched on today?

SPEAKER_03 33:06

My advice would be to, as Byron said, educate themselves. Yeah. You know, we there is so much great information around autonomous systems, around how to look at AI, you know, classes, lear the learning labs. Give yourself an education. We are the last generation that will not be AI native. And so we sometimes have to, in essence, teach ourselves to understand how the emerging generations are using it. The other thing I would say is start getting a vocabulary around quantum. You know, as much as we love AI and we're focused on AI, quantum's coming fast. And so getting an education of where that intersection is going to be is becoming more and more critical.

SPEAKER_01 33:48

Yeah, and in in the fluency of say finance, one learns how to read and to dissect and to discuss balance and uh sheets and and PLs and so on. That's needed in the AI world. It's needed in the quantum world. And in the exchange between management and the board, one one place that my co-author we wrote a book called CEO Ready, and we spent a lot of time on productive paranoia. That's very different from paranoia. And the idea of let's utilize the fears we have about AI, for example, because there's a lot of fear-mongering going on. How do we shift that to think about, okay, we've got risks, we've got responsibilities, we have opportunities. Let's balance these together and work effectively. So we're utilizing the board, management's utilizing the board well, and we're explaining how we are productively paranoid inside the management of the organization. We're not frivolously out there trying to exploit every AI opportunity to the danger of our stakeholders.

SPEAKER_03 35:00

That might be my favorite point that you've that this entire show is we get wrapped up in the technology, we get wrapped up in all the things, but at the end of the day, there's a dollar in a sense behind all of it. And so the more you can educate yourself on how to align risk to that, to the balance sheet, and what it actually means from a company perspective, that is the most important thing

Key Takeaway And Closing

SPEAKER_03 35:22

you can do. Yeah.

SPEAKER_00 35:22

Barnard. A great key lesson to end on. Uh, Kate, thanks so much for taking the time. You're on our short list for uh always bringing you into the studio here and being on the podcast. And Byron, this was fantastic. I hope you enjoy your time here in St. Louis and would love to have you on the show again soon. Okay, thanks to Byron and Kate for joining today. The lesson here is that AI governance is no longer about keeping up with the technology, it's about building a board management system strong enough to steward opportunity, risk, and trust at the same time. This episode of the AI Proving Ground Podcast was co produced by Nas Baker, Kara Kuhn, Nicole Lanzad, and Adam Dumay. Our audio and video engineer is John Knoblock. My name is Brian Felt. See you next time.