By Soumoshree Mukherjee
Editor’s note: This article is based on insights from a podcast series. The views expressed in the podcast reflect the speakers’ perspectives and do not necessarily represent those of this publication. Readers are encouraged to explore the full podcast for additional context.
On a recent episode of “CAIO Connect Podcast,” hosted by Sanjay Puri, cybersecurity innovator Steve Wilson, chief AI and product officer at Exabeam, traced his remarkable journey from early AI experiments in the 1990s to becoming one of the industry’s leading voices on secure AI adoption.
Wilson, whose career spans shaping early Java, writing influential security frameworks, and authoring “The Developer’s Playbook for Large Language Model Security,” shared how his path circled back to AI after a long detour. “I started my first AI company with some friends when I graduated from college in the early 1990s,” he recalls. But when the internet exploded in 1995, the future was clear. “I set aside AI for a while and didn’t really come back to it till the [2010s.]”
What brought him back was generative AI’s sudden leap, especially the release of ChatGPT. While leading products at Exabeam, Wilson grew deeply interested in the security implications of these new models. This led him to launch a research initiative at the OWASP Foundation, “I wrote the first draft of a document that’s called the OWASP Top 10 for Large Language Models, which has become quite popular in terms of helping people understand those technologies.”
Today, as Exabeam’s first Chief AI Officer (CAIO), Wilson is leading AI transformation both in the company’s cybersecurity products and across its internal operations, from sales processes to engineering workflows.
But Wilson’s most powerful insights in the conversation revolved around how enterprises should adopt AI responsibly and effectively.
When Puri asked how CAIOs should think about governance in an age of autonomous, agentic AI systems, Wilson framed the challenge with clarity: AI risks may sound new; prompt injection, hallucination, rogue agents but the task is familiar. Every technological shift required understanding a new layer of security.
He said, “We need to continuously monitor their behaviors. We need to understand their normal patterns. When they get out of normal, we need to be able to detect that… Those are more the techniques we need to apply going forward to secure the agent population.”
He informed the audience that the basics still apply: know your data, understand the tools, partner with CIOs and CISOs, and define clear policies without over-regulating innovation.
READ: Dr. Girish Nadkarni’s global vision for future of AI in healthcare (
Citing an MIT study, he revealed, “…that 95 % of the AI projects that have been rolled out the last few years have not been successful.” He said, “It’s like people were worried about getting left behind the same way that a company got left behind in the internet boom and you don’t want to become the next blockbuster video or Sears Roebuck that becomes a memory.”
The conversation’s most provocative moment came when Wilson addressed the growing problem of AI theater companies investing heavily in AI without measurable returns. He cleared, “what I am suggesting is that just spending money to roll out AI and give tools to your workforce, they will not all figure out by themselves how to get better.”
Wilson offered a simple rule: start with the KPI, not the model. At Exabeam, this meant targeting bottlenecks such as sales exception processing areas where AI could directly impact revenue and speed. He distinguishes between “horizontal” tools (open-use AI available to all employees) and “vertical” use cases that solve business-critical problems.
He explained, “Those are the ones where you can invest, spend the time, and then figure out that you can measure the success and see how that’s going to impact your business.”
As organizations race to deploy AI, Wilson’s message stands out: the winners won’t be the fastest adopters, but the most intentional ones, those who pair innovation with measurable impact.