The more organizations lean on artificial intelligence (AI), spread workloads across different environments, and tie systems together, the harder it becomes for traditional security practices to present a complete picture of what’s going on. The result is a growing number of blind spots – hidden misconfigurations, inconsistent controls, and unpredictable behaviors across systems and AI agents – that can introduce significant risk long before a red flag appears in tooling.
How can CSOs and other security leaders stay ahead of this increasingly dynamic attack surface while minimizing tool sprawl? We asked members of the Foundry Influencer Network to share their best advice for strengthening security posture. Across all experts, a clear message emerges: The answer lies in improving visibility across existing systems, normalizing data flows, and applying AI-driven intelligence to both human processes and technical signals.
Shift from reactive postures to unified visibility
Avoiding blind spots requires a fundamental shift in how organizations think about visibility, says Mircea Trofimciuc (LinkedIn: Mircea Trofimciuc), Vice President of Agentic AI (Product & Engineering) at RealPage, Inc.
“To avoid blind spots without stacking yet another tool on the pile, CSOs need to shift from a purely reactive posture to a unified visibility strategy. The current API security, code scanning, observability, and monitoring capabilities all still have a clear place — they remain foundational,” he says. “But as enterprises become increasingly AI-dependent and distributed, these traditional signals must be complemented with a new layer of intelligence: the detection of agentic AI behavior via pattern adherence within systems.”
He notes that many blind spots now emerge from the behavior of AI systems themselves—not just from static configuration issues—and this demands a more dynamic view of the environment. “By continuously evaluating whether AI agents, services, and automations are behaving within defined, governed controls, rather than simply checking for static misconfigurations, security leaders can surface hidden risks early, across the entire digital footprint,” Trofimciuc says.
Peter van Barneveld (LinkedIn: Peter van Barneveld), Group Innovation Manager at Dustin, adds that AI introduces vulnerabilities that often fall outside traditional defenses.
“Besides traditional security risks, AI introduces new vulnerabilities such as data poisoning and prompt injection attacks, which often fall outside traditional security controls,” he says. “This is why it is essential to have a modular approach when it comes to security architecture and platform. It should be possible to leverage current possibilities on existing platforms, such as Azure or AWS, and to easily extend with new security building blocks so that the entire IT landscape can be covered, including the new AI stack components.”
Align people, processes, and data to reveal hidden risks
Several experts emphasized that more tooling is not the answer. Instead, the answer lies in greater alignment.
Will Kelly (LinkedIn: Will Kelly), a writer focused on AI and the cloud, notes that visibility often breaks down not because of missing tools but because of siloed processes.
“CSOs don’t always need to throw more tools at the problem to reduce blind spots. They need to better align people, processes, and data. Start by using existing FinOps and cloud cost metrics to identify anomalies in usage patterns, which often reveal hidden risks such as shadow IT or misconfigured services,” he says. “Collaboration between security and FinOps teams can help surface these insights without a new tool investment. Also, regular audits and tagging practices across cloud environments help make your cloud footprint more transparent and manageable.”
Sarv Kohli (LinkedIn: Sarv Kohli), CIO and VP Technology and Adjunct Professor at Georgia Tech Professional Education, agrees that the biggest opportunity for reducing blind spots comes from better orchestration, not expanding the stack.
“Connect technology with data, people, and processes. As organizations push deeper into AI, their attack surface evolves faster than any one tool can contain,” he says. “The real opportunity isn’t buying more technology; it’s in orchestrating what already exists with tighter alignment between people, processes, and data. When teams share a single, living view of their AI, cloud, and identity landscape, and stay accountable for what changes, security leaders can reveal and resolve blind spots without expanding their security stack and close hidden gaps long before they become headlines.”
Scott Schober (LinkedIn: Scott Schober), President/CEO at Berkeley Varitronics Systems, Inc., underscores the operational complexity facing modern security teams.
“It’s tough to avoid blind spots in today’s digital without spending more. The environment is just too complex to manage manually. The attack surface keeps expanding, and old manual processes just can’t keep up with AI, cloud systems, and remote teams,” he says. “From my perspective, the key isn’t just adding more tools. It’s about connecting the ones you have more effectively, automating where it helps, and really knowing your existing systems.”
Use existing telemetry and governance models to their full potential
Vivek Singh (LinkedIn: Vivek Singh), Senior Vice President of IT and Strategic Planning at PALNAR, says unified visibility is achievable using what most enterprises already have in place—if they enforce standards and normalize existing signals.
“All security leaders (CSO and VP’s) should ensure unified visibility across assets, identities, and data flows through continuous monitoring, well-defined governance, and collaboration with IT and engineering teams,” he says. “This way your dependencies on external security tools are very minimal. Removing blind spot requires normalizing existing telemetry and enforcing configuration standards and automation detection workflows.”
Anshul Gandhi (LinkedIn: Anshul Gandhi), former Senior Machine Learning Engineer at Dell Technologies, stresses the importance of treating the enterprise landscape as an interconnected system rather than isolated components.
“Security leaders need the ability to map their environment as a living, interconnected system, not as a collection of isolated components,” he says. He explains that this level of awareness depends on deeper visibility and “unifying telemetry across AI pipelines, cloud services, data platforms, and identity layers so the organization can observe how workloads, models, and data behave in real time.”
“Once this visibility exists, a genuinely data-centric posture becomes possible, where leaders track how sensitive information moves through training pipelines, inference endpoints, and distributed applications, understand which models and services can access it, and anticipate how misconfigurations could expand the blast radius of an incident,” he adds.
Others see enormous opportunity in using AI-driven automation to enhance (not expand) security tools already in use.
“CSOs have to invest heavily in AI-powered automation through agents to proactively and continuously seek and eliminate blind spots,” says Kumar Srivastava (LinkedIn: Kumar Srivastava), Chief Technology Officer at Turing Labs. “Most existing enterprise investments in security tools are not fully leveraged to their max capacity. Without investing in new tools, CSOs can dramatically increase ROI by connecting, integrating existing tools and driving deeper insight.”
A path forward: visibility through orchestration, not expansion
The expanding digital footprint created by AI, cloud services, and distributed applications cannot be secured by piling on additional tools. What’s needed is a unifying layer that grounds all this telemetry, governance, and automation in a single source of truth.
This is where a modern CMDB becomes indispensable. Beyond serving as an accurate, continuously updated system of record, a CMDB provides the structured relationships needed to build enterprise knowledge graphs. By capturing assets, configurations, dependencies, and interactions as connected data, it gives AI applications the context they require to reason, correlate signals, and detect risk across complex environments. These knowledge graphs allow AI-driven security tools and agents to understand how systems, identities, workloads, and AI services relate to one another, thereby transforming raw telemetry into actionable intelligence grounded in a trusted, authoritative view of the environment.
In doing so, a CMDB transforms fragmented visibility into coordinated insight, allowing security leaders to reveal blind spots earlier, respond faster, and strengthen posture without expanding their security stack.
To learn more, visit https://solutions.opentext.com/cloudops/discovery-and-cmdb/
No Responses