Securing AI in a Highly-Regulated Sector: CISOs Report

On November 6, 2025, the Advanced Cyber Security Center (ACSC) will host its 15th Annual Member Conference at the Federal Reserve Bank of Boston. 

Among the highly anticipated sessions is a panel of Chief Information Security Officers (CISOs) from leading financial institutions, moderated by ACSC CISO Advisor, Mark Morrison, recently retired as OCC CISO.

Artificial Intelligence (AI) has the potential to transform industries—but for security, risk and legal executives its adoption raises urgent questions about governance and resilience. 

“CISOs are being told by boards and business leaders that they must adopt AI. The real question is: how do you secure it, and how do you balance innovation with an acceptable level of cyber risk?”

While researchers and technology developers focus on building models in controlled settings, CISOs face the operational challenges of deploying and securing AI in real-world, highly regulated environments.

“Everything works nicely in the lab. But when you get out in the real world, nothing quite simulates the messy, high-risk operating environment,” Morrison said. “CISOs aren’t building models—they’re tasked with securing them, securing the data, and ensuring the outputs can be trusted.”

A Panel Rooted in Real-World Experience

The CISO panel will bring together leading voices from the financial sector:

• Stephen Scharf, CISO, BlackRock

• Justin Peavey, CISO, Wellington

• Janine Comstock, CISO, MFS Investment Management

• Mark Morrison, CISO Advisor, ACSC (Moderator)

These leaders are grappling daily with how to secure AI tools and integrations while maintaining compliance in one of the most tightly regulated industries. Unlike theoretical debates, this discussion will center on practical tradeoffs, operational hurdles, and lessons learned.

Key Themes on the Table

The panelists will address pressing questions, including:

• Integrating AI safely into existing operations

• Managing adversarial risks like model poisoning and data manipulation

• Training and retaining security talent in an AI-augmented SOC

• Briefing boards on the most urgent AI security risks today

  
  

Why This Conversation Matters Now

The financial sector’s experience serves as a proving ground for other industries soon to face similar pressures. Retrofitting AI into legacy environments is far more complex than deploying it in a greenfield startup. For leaders tasked with securing customer trust, the stakes could not be higher.

As Morrison emphasizes, “If you’re starting up a company, building AI in from scratch is easy. Retrofitting it into an existing operating process and infrastructure—that’s where the real challenge lies.”

Join ACSC Security, Risk and Legal Executives in Boston, November 6

The ACSC 15th Annual Member Conference is a one-day, highly interactive workshop of more than 120 senior executives from across sectors—including CISOs, CIOs, risk officers, and legal counsels. Operating under the member NDA, executives will share case studies, explore the future of AI-driven risk and defense and vendor partnerships - and launch new ACSC toolkits to support executive decision-making.

The CISO Panel will provide an unusually candid, operational perspective on AI adoption. Members should secure their spot today on our registration page.

Date: November 6, 2025

Location: Federal Reserve Bank of Boston

Conference Theme: Winning the Competition for Trusted AI: A Risk and Security Agenda