Netskope outlines AI governance steps for health systems

Netskope’s webinar presented practical governance and security measures for health systems adopting Artificial Intelligence (AI), stressing data control, shared risk decisions and defensive monitoring to help IT and security leaders manage emergent AI use.

Research overview

A Netskope-hosted panel reviewed how clinicians, operations teams and data scientists are introducing AI tools into health systems before formal controls are in place. Panelists described real-world examples of note copying, agent-based chat tests and Software-as-a-Service (SaaS) integrations occurring outside established governance processes.

Key findings

Panel participants warned that ungoverned AI can expose protected health information and influence clinical or operational decisions unless outputs and failure modes are understood before deployment. The group recommended adaptive policies that balance enabling teams and preserving control rather than blanket blocking or unchecked access.

“Security shouldn’t be dictating all components, doing the blocking, setting the strategy, doing everything around that. You need to have other stakeholders at the table.” said Steven Ramirez.

Technical breakdown

The discussion emphasized data discovery, classification and consistent controls across data at rest, in motion and in use as prerequisites for secure AI. Panelists said protecting AI begins with protecting data and requires security and data teams to share visibility, ownership and remediation responsibilities.

Threat analysis

Speakers noted that adversaries are applying AI across standard attack phases, citing AI-enabled spear-phishing and automated reconnaissance as examples, and recommended using AI defensively to model normal behavior and detect anomalies. They also advised integrating platforms and policies so monitoring, response and governance operate from a unified environment rather than isolated tools.

Operational impact

The panel set out practical actions for security and IT leaders to reduce risk while allowing productive use of AI in care and operations. Oversight cadence should increase to match pilot velocity and teams should treat AI as an ongoing program with shared accountability.

Recommended actions

The webinar offered four operational steps to follow.

1. Assess compensating controls in addition to patching and ask what stands between a new AI attack path and a serious incident.
2. Engage as a partner and communicator to help clinical and business teams understand how secure AI can operate within their workflows.
3. Inventory shadow and SaaS AI usage, map data flows through those tools and apply controls before a data loss event.
4. Move from reactive responses to proactive programs that maintain oversight while enabling the business.

Leadership perspective

Speakers urged security teams to shift from a gatekeeping posture to one that provides context, visibility and shared decision authority so operational teams will surface edge cases early. They proposed a model where security owns roughly one third of risk decisions, with compliance and data governance sharing the remainder to avoid concentrating authority.

“I think AI is kind of forcing our hand, as we did with the digital transformation, to more of a data transformation, making sure we have more governance and ownership in those respective areas.” said Steven Ramirez.

Health systems should implement adaptive governance, unified monitoring and clear data ownership to reduce exposure while enabling controlled AI use. This “Blog Signals brief” is a fact-based summary of the vendor blog.