AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

Responsible AI: Governance, Risk, and Security with Daniel Wallace, McKinsey

AI adoption is moving faster than governance can keep up. Daniel Wallace shares what he's seeing across the U.S., Europe, and the Middle East as organizations shift from experimentation to enterprise-scale deployment, and how security leaders can build programs that balance innovation with responsible AI.

As organizations race to embed AI into business operations, security, governance, and risk management are struggling to keep pace. In this interview, Daniel Wallace shares what he's seeing across organizations in the U.S., Europe, and the Middle East as AI adoption shifts from experimentation to enterprise-scale deployment. Drawing on his experience advising organizations across multiple industries, he discusses how leaders can enable innovation without sacrificing security or trust.

The conversation explores what responsible AI looks like in practice, why governance should accelerate rather than hinder adoption, and how different AI technologies require different risk management approaches. Daniel explains why organizations should distinguish between generative AI, traditional machine learning, and autonomous AI agents instead of treating every AI system the same. He also discusses industry-specific challenges, including explainability in financial services and safety considerations in critical infrastructure sectors.

The interview also examines the growing role of AI governance frameworks, the importance of human accountability for AI-generated work, and practical strategies for implementing controls that scale alongside adoption. Rather than waiting for the industry to reach consensus, Daniel encourages organizations to establish clear governance, select a framework that fits their environment, and continuously evolve it as AI capabilities mature.

Whether you're a CISO, security leader, technology executive, risk professional, or AI program owner, this discussion offers practical guidance for building AI programs that balance innovation, security, and responsible governance.

Key Topics Covered

  1. Enterprise AI adoption trends across industries and regions
  2. Responsible AI governance and organizational guardrails
  3. Managing risk across generative AI, machine learning, and AI agents
  4. Industry-specific AI challenges in financial services, healthcare, and critical infrastructure
  5. AI governance frameworks, including NIST and ISO guidance
  6. Human oversight and accountability for AI-generated outputs
  7. Building security, governance, and risk management into AI initiatives from the beginning

Bfx25 Christie Terrill Update Bio

About the author, Christie Terrill

Chief Information Security Officer

Christie Terrill is the Chief Information Security Officer (CISO) of Bishop Fox, with more than 20 years of experience in security and technology services. She oversees the company’s security strategy and program, and has played an integral part in developing the company’s operational strategy while simultaneously ensuring the greatest value for clients. A 15-year Bishop Fox veteran, Christie most recently drove the rigorous, multi-year process of completing certifications for Bishop Fox’s ISO/IEC 27001 Type 2 and SOC 2 Type 2 Security Trust Services Criteria. Having joined Bishop Fox as a consultant, she quickly ascended to partner and established the company's enterprise security consulting practice, as well as serving in the sales organization.


Daniel Wallance

About the author, Daniel Wallance

Senior Expert / Associate Partner, McKinsey & Company

Daniel Wallance is a cybersecurity, technology risk, and AI consultant having worked in the United States, Middle East, and Europe for global corporations. He graduated from M.I.T. where he was a Fellow in the System Design & Management Program, jointly operated by the Sloan School of Management and the M.I.T. School of Engineering. Prior to M.I.T., Daniel was the operations director at a boutique investment firm where he designed the firm’s business systems and processes, including redundant and secure enterprise-wide IT systems.