Alister Shepherd

In this session, Alister Shepherd, CISO at the FCA, shares a practical case study on moving AI security from frameworks and standards into live implementation. Drawing on the FCA's experience, he will explore how security teams can monitor, validate and strengthen AI systems once they are in production. He examines why reliability is a core security concern, not just a technical performance issue, and how failures in live models can create unseen risk if they are not identified early. He also reflects on the journey so far, including lessons learned, early challenges and how his team has adapted its approach by evolving the tooling and controls needed to secure AI systems in practice.

Enterprise AI is already in production, but security models haven't caught up. Teams are deploying copilots, agents, and AI-powered workflows faster than organisations can define acceptable risk, leading to inconsistent decisions and growing exposure. The challenge isn't understanding every AI threat, it's deciding where to draw the line and enforcing it consistently. This panel focuses on a critical question: how do organisations define and apply AI risk boundaries in practice, across data use, model behaviour, and autonomy, without slowing down delivery?