“U.S. Companies Aren’t Dipping Their Toes in AI; They’re Diving in Headfirst”

Artificial intelligence (AI) is transforming the U.S. technological landscape at a dizzying pace, establishing itself as a key driver of innovation and competitiveness.

Jake Bernardes, CISO at the U.S.-based software development company Anecdotes and a security leader with extensive experience in security transformations and building high-level security functions, offers an insider’s perspective on this evolution in an exclusive interview with The Daily Pulse.

Bernardes emphasizes that the U.S. tech market is not only embracing AI with enthusiasm but doing so with an intensity fueled by investor confidence, the dynamism of startups, and a political push that positions AI as a strategic advantage.

However, this race for innovation poses significant challenges, particularly around governance and security, which require a more strategic and automated approach to balance speed and responsibility, he says.

AI integration in businesses goes beyond mere automation. Broadly speaking, it’s about amplifying companies’ capabilities to make smarter, faster decisions. For Bernardes, sectors such as finance, healthcare, retail, manufacturing, and Software as a Service (SaaS) companies are leading AI adoption, leveraging this technology to optimize everything from personalization to supply chain resilience.

However, one of AI’s most underrated benefits lies in its ability to ease the burden of regulatory compliance. By automating repetitive tasks like evidence collection or updating control matrices, businesses can free up resources to address more critical risks and focus on strategic outcomes, fostering greater confidence in data-driven decisions.

Nevertheless, AI implementation is not without challenges. Bernardes underscores that the biggest hurdle is not developing the technology but integrating it securely into business processes.

Issues such as fragmented data, lack of clarity about who oversees AI models, and limited visibility into where this technology is used create significant friction. These challenges highlight the need for a smarter governance approach that connects systems, policies, and evidence in real time.

Only then can companies innovate without compromising security or exposing themselves to unnecessary risks, ensuring their AI systems are both effective and reliable.

In the realm of cybersecurity, AI plays a dual role: as a powerful tool to strengthen defenses and as a weapon that malicious actors use to scale threats like phishing or deepfakes, Bernardes said.

Bernardes describes this dynamic as an arms race, where speed and precision are essential but not sufficient.

Companies must demonstrate that their AI systems are secure, ethical, and compliant with regulations, which requires continuous monitoring and automated evidence collection.

This integrated approach not only protects against emerging threats but also enables organizations to scale their operations securely, maintaining shareholder confidence in an increasingly complex environment.

Regulation and compliance are significantly shaping the future of AI and cybersecurity. While regulation in the U.S. tends to lag behind innovation, Bernardes notes that the most forward-thinking companies are taking a proactive approach, integrating controls and audits from the initial design of their AI systems.

This shift toward automated compliance tools is transforming governance from a reactive process to one that enables speed without sacrificing responsibility.

In Bernardes’ words, trust is the common thread uniting all sectors: without the ability to explain, prove, and secure AI systems, companies cannot scale their innovations sustainably, underscoring the importance of building a strong governance foundation from day one.

Below is the full interview with Jake Bernardes, CISO at the U.S.-based software development company Anecdotes:

• How would you describe the current growth trajectory of AI in the U.S. tech market?

It’s aggressive. The U.S. tech market is moving fast, fueled by investor confidence, startup energy, and political momentum that frames AI as a strategic advantage. Companies aren’t dipping their toes in; they’re diving in headfirst.

We’ve moved beyond experimentation. AI is being embedded into customer service, threat detection, product development, and even compliance processes. But while innovation is surging, governance is lagging. Risk and compliance teams are being pulled in after the fact to “make it safe” or “make it audit-ready,” which creates a lot of friction.

That’s why we’re seeing a growing need for automated, scalable ways to track where AI is being used, how it’s being governed, and whether it aligns with internal policy and external expectations. It’s not enough to build fast. You have to build responsibly and be able to prove it.

• What are the biggest opportunities AI presents for U.S.-based businesses today?

The opportunity isn’t just in automation. It’s in amplification. AI helps businesses move faster, make smarter decisions, and unlock value from places they didn’t even know to look. From forecasting and fraud detection to customer engagement and compliance monitoring, AI is helping lean teams punch above their weight.

One of the most underrated opportunities is using AI to reduce the burden of proving compliance. Think about how much time teams spend gathering evidence, chasing screenshots, or updating control matrices. If AI can handle those repeatable, low-value tasks, it frees people up to focus on the bigger risks and business outcomes.

The real prize isn’t just efficiency. It’s confidence. The ability to act at speed, knowing your decisions are backed by data, monitored in real time, and ready for scrutiny. That’s the future of modern governance.

• What key challenges do companies face when integrating AI technologies?

The hardest part isn’t building the AI. It’s integrating it safely into the business.

Most teams run into the same friction points. First, there’s the data problem. AI needs clean, contextual information to be effective, and most organizations have fragmented, inconsistent sources. Then there’s the governance gap; who owns the model, who monitors drift, who’s responsible if it makes a bad decision?

And finally, there’s the issue of visibility. A lot of companies don’t even know where AI is being used. That makes it almost impossible to assess risk, enforce controls, or explain outcomes to stakeholders.

What’s needed is a smarter approach to governance, one that connects systems, policies, and evidence automatically. When teams have real-time insight into what’s happening across the environment, they can stay ahead of risks without slowing down innovation.

• How is the U.S. market addressing emerging cybersecurity threats in the AI era?

Right now, it’s a mix of innovation and improvisation. Some companies are using AI to strengthen defense, automating detection, improving response times, and analyzing patterns that would be impossible for humans to catch. But at the same time, threat actors are also using AI to scale phishing, generate deepfakes, and exploit vulnerabilities faster than ever.

This arms race creates a new kind of pressure. Security leaders need to move quickly, but also carefully. It’s no longer enough to just stop threats. you need to prove that your AI systems are being used appropriately, that they aren’t introducing new risks, and that your policies are actually being followed in practice.

This is where continuous monitoring and evidence automation become essential. Without real-time visibility, teams are stuck guessing. But when governance is baked in, not bolted on, security can scale with the business, even in the AI era.

• What sectors are showing the strongest demand for AI and cybersecurity solutions?

Finance and healthcare are the obvious leaders, they have high regulatory pressure and massive incentive to automate. But we’re also seeing huge demand in retail, manufacturing, and SaaS. Retailers are using AI for personalization, inventory optimization, and fraud detection. Manufacturers are applying AI to predictive maintenance and supply chain resilience. And SaaS companies are trying to automate everything while staying compliant with frameworks like SOC 2 and ISO 27001.

In all of these sectors, cybersecurity isn’t a nice-to-have. It’s critical. The more AI is used to drive decisions, the higher the stakes if it fails or if it’s exploited.

The common thread is trust. No matter the industry, if AI can’t be explained, tested, and secured, it can’t scale. That’s why companies are looking for solutions that go beyond traditional GRC playbooks and help them govern AI with the same discipline they apply to financial controls or code deployments.

What role do regulations and compliance play in shaping AI and cybersecurity strategies?

A big one. Even in the U.S., where regulation tends to lag behind innovation, compliance is still shaping how companies adopt and scale AI. Boards want assurance. Customers want transparency. And regulators are increasingly asking hard questions about model bias, data privacy, and explainability.

Compliance isn’t just a defensive function anymore, it’s a design input. The smartest companies are building controls and auditability into their AI stack from day one. That way, when regulators do show up, or a customer asks for proof, they’re not scrambling to reverse-engineer governance.

The shift moving from reactive to proactive, from documentation to automation, is where the next generation of compliance tools is making an impact. They’re not just tracking policies. They’re enabling velocity without sacrificing accountability.