On the 39th episode of Enterprise AI Defenders, hosts Evan Reiser (CEO and co-founder, Abnormal AI) and Mike Britton (CIO, Abnormal AI) sit down with Mark Ballister, CISO at Montefiore Health System, to discuss governing AI risk in a hospital system. Mark shares how his team flipped the default from "no" to "yes, with controls," why work-versus-web toggles are a quiet exposure point, and how his own security team produced 22,000 lines of AI-generated code for an internal risk-evaluation model.

Quick Hits from Mark:

On the AI governance posture: "We don't look to say no. We look to say yes, as long as we can put controls around it."

On the Microsoft Copilot work-versus-web toggle: "By just clicking that button that says 'web,' you are no longer protected."

On bringing AI inside the security team: "It wrote all…22,000 lines of code."

Book Recommendation: The One Minute Manager by Ken Blanchard and Spencer Johnson

Like what you hear? Leave us a review and subscribe to the show on Apple, Spotify, and YouTube.

Enterprise AI Defenders is a show where top security executives share specific ways AI changes the threat landscape and the defenses that hold up in real environments.

Find more great insights from technology leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Abnormal Studios.