Gathered in Monaco for Ready For IT 2026, CIOs and CISOs warn: without data classification or AI governance, companies are exposing themselves to risky projects.
Even if AI is welcomed with enthusiasm during the 7e edition of Ready For IT which is being held in Monaco from June 3 to 4, 2026, it arouses many fears among the IT decision-makers present. “The executive committee expects us to be able to make complex processes simpler” thanks to AI agents, says Audrey Brayer, CIO of Pierre & Vacances, during the opening plenary. But “we must also be an architect of discernment” regarding their use, she adds. AI indeed causes numerous cyber risks which require in-depth consideration of its use. This was made possible thanks to the round tables which provided concrete ideas for IT decision-makers to integrate AI securely into their organizations.
Dealing with deepfakes
If there is one AI risk that particularly attracted attention during the event, it is that of deepfakes. Increasingly accessible and sophisticated, they were at the center of the discussion between YouTubers Amistory and Sylvqin during a plenary devoted to the challenges that AI poses to mid-sized companies. “There is now deepfake as-a-service,” says Sylvqin. This allows cybercriminals to impersonate a collaborator, associate, customer or supplier in order to obtain the execution of an action on the part of a company, such as a bank transfer.
The creation of deepfake is even becoming accessible to everyone thanks to AI tools specially designed for this. And the result is stunning. To prove it, Sylvqin used one of these tools by standing in front of a computer’s webcam. In the eyes of the public, his face appeared transformed into that of Elon Musk, then that of Nicolas Sarkozy. To limit the risks, Amistory therefore advises “putting in place internal procedures in the event of a money transfer for example”, what it calls “double human authentication”. For example, when a financial manager receives a transfer request from a supposed colleague, he must verify its legitimacy with other departments above a certain amount.
Anticipate business needs
Other round tables and feedback highlighted the challenges that CISOs and CIOs face in the face of the rise of AI, particularly in the healthcare sector. Myriam Pellissier, CISO of the Regional Health Agency of the Provence-Alpes-Côte d’Azur region, expressed her fears of shadow AI that she observes in the health establishments whose cybersecurity policy she coordinates. This shadow AI can indeed lead to leaks of personal data. “And this can cause a loss of patient confidence in the health sector,” she insists. Nicolas Emeyriat and Pierre-François Desmure, emergency doctors at the university hospital center (CHU) in Nice, observe the same phenomenon.
Some young doctors and interns use ChatGPT to assist them in establishing diagnoses, according to these two doctors. Beyond the fact that personal patient data can therefore be inserted into the prompts, the responses generated contain numerous errors. This is why they developed Urgencia, a health AI trained on learned and controlled medical data, which only generates responses that it can deduce, without hallucinations or inventions. This type of initiative must be encouraged by AI governance implemented within organizations, believes Christophe Godefroid, CIO at the Belgian Helora University Hospital. Inspired by the ISO 42001 standard on AI management, the governance that the DSI has implemented in its university hospital includes a committee responsible for selecting AI projects proposed by the professions, to anticipate their needs and prevent them from being expressed clandestinely.
Structuring the data
The deployment of AI is accompanied by another fear that has been expressed by IT decision-makers: that of not having sufficiently structured data within their organizations. The growing adoption of AI is pushing them to want to better manage their data, ensuring that it is up to date, correctly classified according to its level of sensitivity and free of obsolete information. And for good reason: “If the dataset on which an AI trains is made up of useless or outdated data, the relevance of this AI will be poor. And if the AI trains on sensitive data when it should not, that’s a problem. With the arrival of AI, we therefore feel that clients are increasingly sensitive to the management of the data they use,” says Ronan Capmal, AI and data security expert at Rubrik. “This is why, before embarking on AI projects, it is necessary to map the data and classify it correctly,” advises Myriam Pellissier.
