{"id":7663,"date":"2026-04-01T09:00:00","date_gmt":"2026-04-01T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=7663"},"modified":"2026-04-01T09:00:00","modified_gmt":"2026-04-01T09:00:00","slug":"9-ways-cisos-can-combat-ai-hallucinations","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=7663","title":{"rendered":"9 ways CISOs can combat AI hallucinations"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk assessments, incorrect policy guidance, or even inaccurate incident reports.<\/p>\n

Cybersecurity leaders say the real trouble starts when AI moves past writing summaries and begins making judgment calls. That\u2019s when it\u2019s asked to decide things such as whether security controls are doing their job, if a company is meeting compliance standards, or if an incident was handled the right way.<\/p>\n

Here are nine ways CISOs can tackle the problem of AI hallucinations.<\/p>\n

Keep humans in the loop for high-stakes decisions<\/h2>\n

Fred Kwong, vice president and CISO at DeVry University, says his team is carefully testing AI in governance, risk, and compliance work, especially in third-party risk assessments. He notes that while AI helps review vendor questionnaires and supporting evidence that assess the security posture of those vendors, it doesn\u2019t replace people.<\/p>\n

\u201cWhat we\u2019re seeing is the interpretation is not as good as I would want it to be, or it\u2019s different than how we\u2019re interpreting it as humans,\u201d Kwong says.<\/p>\n

He explains that AI often reads control requirements differently than experienced security professionals do. Because of that, his team still reviews the results manually. For now, AI is not saving much time because the trust in the technology just is not there yet, he says.<\/p>\n

Mignona Cot\u00e9, senior vice president and CISO at Infor, agrees that human oversight is critical, especially in risk scoring, control assessments, and incident triage. \u201cKeep the human in the loop, full stop,\u201d says Cot\u00e9, who sees AI as a productivity tool, not something that should make final decisions on its own.<\/p>\n

Treat AI outputs as drafts, not finished products<\/h2>\n

One of the biggest risks is over-trusting AI, according to security experts. Cot\u00e9 says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.<\/p>\n

\u201cThe moment your team starts treating an AI-generated answer as a finished work product, you have a problem,\u201d she says. \u201cTreat every output as a first draft as opposed to a final one. There will come a point where repetitive questions will have repetitive answers. By labeling those answers and time stamping them at origination time, they can be addressed at scale.\u201d<\/p>\n

Srikumar Ramanathan, chief solutions officer at Mphasis, says this over-trust often comes from what he calls \u201cautomation bias.\u201d People naturally assume that something written clearly and confidently must be correct.<\/p>\n

To counter that, he says companies need to build an \u201cactive skepticism\u201d culture. \u201c[That means] looking upon AI outputs as unverified drafts that require a signature of human accountability before they are actionable,\u201d he explains.<\/p>\n

Demand proof, not polished prose, from vendors<\/h2>\n

When vendors say their AI can \u201cassess compliance\u201d or \u201cvalidate controls,\u201d security leaders say buyers need to ask the tough questions.<\/p>\n

Kwong says he pushes vendors to provide traceability of the answers that the AI gives so his team can see how the AI reached its conclusions. \u201cWithout that traceability, it makes it even that much harder for us to identify,\u201d he says.<\/p>\n

Ramanathan says buyers should ask whether the system can point to the exact evidence behind its answer, such as a time-stamped log entry or a specific configuration file. If it can\u2019t, the tool may just be generating text that sounds right.<\/p>\n

Puneet Bhatnagar, a cybersecurity and identity leader, says the key question is whether the AI is actually analyzing live operational data or just summarizing documents. \u201cIf a vendor cannot show a deterministic evidence path behind its conclusion, it\u2019s likely generating narrative \u2013 not performing an assessment,\u201d says Bhatnagar who most recently served as SVP and head of identity management at Blackstone. \u201cCompliance isn\u2019t about language. It\u2019s about proof.\u201d<\/p>\n

Stress-test models before extending trust<\/h2>\n

Kwong recommends testing AI tools to see how consistent they are. For example, send the same data through twice and compare the results.<\/p>\n

\u201cIf you send the same data again, is it spitting back the same result?\u201d he asks.<\/p>\n

If answers change significantly, that\u2019s a red flag. He also suggests removing important evidence to see how the model reacts. If it confidently gives an answer anyway, that could signal a hallucination.<\/p>\n

Cot\u00e9 says her team checks AI outputs against other tools, including scanning systems and external penetration testing results. \u201cAnd we don\u2019t extend trust to any AI tool until it has proven itself against known outcomes repeatedly,\u201d she says.<\/p>\n

Measure hallucination rates and monitor drift<\/h2>\n

Security leaders say organizations need to track how accurate AI is over time. Kwong says teams should regularly compare AI-generated assessments with human reviews and study the differences. That process should happen at least quarterly.<\/p>\n

Ramanathan suggests tracking metrics such as \u201cdrift rate,\u201d which measures how often AI conclusions differ from human reviews. \u201cA model that was 92% accurate six months ago and is 85% accurate today is more dangerous than one that\u2019s been consistently at 80% because your team\u2019s trust was calibrated to the higher number,\u201d he notes.<\/p>\n

He also recommends measuring how often cited evidence truly supports the AI\u2019s claims. If hallucination rates climb too high, organizations should reduce how much authority the AI has, for example, downgrading it to a less autonomous role in their governance models.<\/p>\n

Watch for contextual blind spots in compliance mapping<\/h2>\n

Bhatnagar says the most dangerous hallucinations happen when AI is asked to make judgment calls about control effectiveness, regulatory gaps, or incident impact.<\/p>\n

AI can produce what he calls \u201cplausible compliance\u201d, or answers that sound convincing but are wrong because they lack real-world context. Compliance often depends on technical details, compensating controls, and operational realities that documentation alone doesn\u2019t show.<\/p>\n

Ramanathan adds that AI often struggles with the nuance of permissive language, (\u201cmay,\u201d \u201ccan\u201d) versus restrictive language (\u201cmust,\u201d \u201cis required to\u201d).<\/p>\n

\u201cFor example, AI often misinterprets permissive language like \u2019employees may access the system after completing training\u2019 as a strict, enforceable rule, treating optional permissions as mandatory controls,\u201d Ramanathan explains. \u201cThis causes AI to overestimate the authority of permissive or vague language, resulting in incorrect assumptions about whether policies are properly enforced or security measures are effective.\u201d<\/p>\n

Push back on generic or identical assessments<\/h2>\n

Some vendors overstate what their AI tools actually do. Bhatnagar says many tools summarize documents or generate gap reports but vendors market those features as if they\u2019re doing full, automated compliance checks.<\/p>\n

The risk increases when multiple customers receive nearly identical assessments. Organizations may believe their controls were thoroughly evaluated when the AI only performed a surface-level document review.<\/p>\n

Ramanathan says this creates false confidence and broader industry risk. If one popular model has a flaw, that blind spot can spread widely.<\/p>\n

Bhatnagar adds that he has seen vendors market AI tools as assessing whether organizations are compliant, even when multiple customers receive structurally similar or nearly identical assessments.<\/p>\n

In those situations, the tool may not actually be analyzing company-specific policies or evidence but instead generating text that appears customized without being grounded in reality, he says. \u201cWe are still in the early stages of separating AI narrative generation from AI-based verification,\u201d he says. \u201cThat distinction will define the next phase of governance tooling.\u201d<\/p>\n

Reinforce accountability in audits and legal reviews<\/h2>\n

From a regulatory standpoint, AI does not remove responsibility, according to experts. Ramanathan says regulators are clear that duty of care stays with corporate officers.<\/p>\n

\u201cIf an AI-generated assessment misses a material weakness, the organization is liable for \u2018failure to supervise,’\u201d he says. \u201cWe are already in an era wherein relying on unverified AI outputs could be seen as gross negligence. If your audit findings are wrong because of an AI error, you haven\u2019t just failed an audit, you are held responsible for filing a misleading regulatory statement. \u2018AI told me so\u2019 is not a defense.\u201d<\/p>\n

Cot\u00e9 says being able to show that a human reviewed and approved each consequential decision is critical during audits. \u201cThe key is proving a human was at every consequential decision point, with a timestamp and an audit trail to back it up,\u201d she notes.<\/p>\n

Be cautious with automated regulatory mapping<\/h2>\n

Ramanathan says that one of the biggest compliance risks appears when companies rely on AI to automatically map internal controls to regulatory frameworks, such as GDPR or SOC 2.<\/p>\n

\u201cThe greatest compliance risk by far is in automated regulatory mapping,\u201d he notes. \u201cThe AI might confidently claim a control exists or satisfies a requirement based on a linguistic pattern rather than a functional or operational reality.\u201d<\/p>\n

For example, an AI tool might see an encryption setting listed in a database configuration and assume encryption is active, even if that feature is turned off in the system.<\/p>\n

Ramanathan says this can create \u201ca massive security gap where a company believes they are audit-ready, only to discover during a breach that their AI-verified defenses were nonexistent or misconfigured.\u201d<\/p>\n

To reduce that risk, he says organizations need to structure their policies and regulations more clearly and connect them to enforceable technical rules rather than relying only on AI to interpret documents.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

AI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk assessments, incorrect policy guidance, or even inaccurate incident reports. Cybersecurity leaders say the real trouble starts when AI moves past writing summaries and begins making judgment calls. That\u2019s when it\u2019s […]<\/p>\n","protected":false},"author":0,"featured_media":7664,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-7663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7663"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7663"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/7663\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/7664"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}