How you can navigate the coming changes triggered by AI.
SAFE President Nicola (Nick) Sanna recently gave the welcome address to the 10th annual FAIR Conference (FAIRCON25), hosted by the FAIR Institute where Nick is the Founder and SAFE is the Technical Advisor.
Of the many events in the cybersecurity space, FAIRCON has emerged as the primary venue for open-ended, well-informed exchange of ideas among leaders in cybersecurity, cyber risk management, and risk-based business management.
Nick’s welcome address set the tone.
“AI isn’t just changing the game—it’s resetting it,” he said. That shift changes everything: how security investments are made, where risk accumulates, and how value is created or destroyed. We are living through “the biggest shift in human decision-making in more than 300 years.”
This thorough reset will play out in four ways, he said
1. AI Accelerates Everything
AI is our greatest accelerator — and our greatest amplifier of risk. Attackers are using it to move faster and smarter.
We must respond at “machine speed:”
- from static assessments → to continuous risk monitoring,
- from manual response → to agentic AI-driven remediation.
And “we must quantify AI risk itself” — revealing which use cases create value and which create liability.
2. Getting to a Singular View of Risk
Risk today is fragmented — IT, OT, third-party, cloud, AI.
But the enterprise doesn’t live in silos, and neither should our view of risk, Nick argued.
“The next frontier is a unified, quantified view of all forms of digital risk — one risk language, one financial lens.”
3. CRQ in Security Operations
Quantification is moving from the second line into the Security Operations Center (SOC).
Imagine vulnerabilities prioritized by dollars at risk, not CVSS scores. “That’s where cyber risk meets real-time action.”
4. Regulation as a Catalyst
NIS-2, DORA, the EU AI Act, SEC rules — regulators are now demanding what the FAIR movement has long preached: continuous monitoring, defensible metrics, and board accountability.
“For many organizations, regulation might be the gift that accelerates the maturity we’ve been building all along.”
FAIR began as a movement for quantification. It became the standard for aligning cyber with business, Nick said. Now, powered by AI, it’s entering an age of autonomous cyber risk management—where systems can quantify, prioritize, and mitigate risk in real time.
“Technology alone won’t complete the journey.” It will take the same principles that built the FAIR community: critical thinking, collaboration, and innovation, he concluded.
SAFE automates FAIR cyber risk quantification and presents a unified view of cyber risk.
With the SAFE One platform, manage all cyber risks – third-party, enterprise and AI, automated by 25+ autonomous AI agents. Schedule a demo now.
.
SUBSCRIBE TO WEEKLY BLOG NEWSLETTER
SHARE THE PAGE
