"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David
Episode Summary:
In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability.
The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence.
Key Takeaways:
- Why “Responsible AI” is often indistinguishable from “Responsible Marketing”
- The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI Act
- How metadata, audit evidence gaps, and third-party dependencies introduce hidden risk
- Why boards must be educated on AI risk vs. AI marketing hype
- Why CISOs must own the Responsible AI conversation before regulators step in
Notable Quotes:
- “Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”
- “When regulators knock, they won’t call the vendor first. They’ll call you.”
- “Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”
Listener Benefits:
By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation.
Call to Action:
👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.
👉 Share this episode with your peers and comment your perspective on LinkedIn.
#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance