JetStream Security

A regional bank just told the SEC that an unauthorized AI tool accessed customer names, dates of birth, and Social Security numbers from inside its own systems. The filing doesn't say which AI tool. It doesn't say how the tool got the data. It says only that an investigation is ongoing. This is what shadow AI looks like once it surfaces in a federal disclosure: a governance failure that the company itself cannot fully describe. In our latest piece, JetStream general counsel Patrick Zeller explains what the filing reveals, what it doesn't, and the question every board and risk committee should be ready to answer: If a regulator asked tomorrow what AI is operating inside your organization, what data it can reach, and where that data goes, would you be able to answer? Read the full analysis: https://t.co/YoAm9PbtsZ

The average large enterprise runs 43 cybersecurity tools. Most require a persistent agent on every managed endpoint, a background process that starts at boot, competes for CPU and memory, and represents an unconditional trust relationship with that vendor's entire software pipeline. That overhead is already a documented problem. Half of the average IT work week goes to endpoint security deployment and management alone. 52% of executives name complexity as their top impediment to security operations. 63% of firms that increased security budgets in 2024 saw no meaningful improvement. Agent sprawl is the through line. Now enterprises are being asked to govern AI inside the same environment. Before accepting another agent to do it, the architectural tradeoffs are worth understanding. Read the analysis by Paul Loeffler here → https://t.co/pCJiY45twL #agenticai #aigovernance

A lawsuit pending in Chicago asks whether an AI provider can be held responsible for what its product produces, and why the answer matters for any team evaluating AI vendors. Nippon Life Insurance Company of America v. OpenAI pleads three counts: tortious interference with a contract, abuse of process, and the unlicensed practice of law. The unlicensed-practice claim is the headline. The tort counts are the ones that will have operational consequence for any company that builds, deploys, or licenses an AI system. Patrick E. Zeller, General Counsel at JetStream, breaks down what the complaint alleges, why the tort counts are the ones to watch, and the vendor diligence questions every legal team should now be asking. The boundary between an acceptable AI tool and a liability-generating one is being drawn right now. The architecture of AI vendor liability is being built on this record. Read the analysis on JetStream Insights → https://t.co/qW885G1rJR #AIGovernance #AIAdvisory #VendorLiability #AIVendorRisk

JetStream Security has been named to Redpoint Ventures' 2026 InfraRed 100, the annual list of companies building the infrastructure under the AI era. Full list: https://t.co/VGYjw5XzXi The recognition lands in the same week Redpoint's own data sharpens the gap we exist to close. 70% of CISOs have purchased an AI security platform or plan to inside twelve months (Redpoint Proprietary CISO Survey, 2026). Only 17% of organizations are running AI at production scale (UBS Evidence Lab). The demand is here. The deployment is not. The governance layer underneath those agents is the wedge. AI is ready. Trust isn't. That gap is the work. Thank you, Redpoint Ventures. #AIGovernance #InfraRed100 #EnterpriseAI

Guidepoint Security put together a solid afternoon at F1 Arcade Atlanta last Thursday, and we were grateful for the opportunity to support and join in. Patrick Zeller and Lauren Cusimano made the most of it. If you were there and we connected, thanks for the time. If we missed you, let's fix that! #aigovernance

Last month, the FDA issued a warning letter every compliance team should read. A company deployed an AI agent to manage regulatory requirements. The agent missed critical obligations. No qualified human reviewed the output before the company acted on it. They failed the inspection and pointed to what the AI had not told them as the explanation. The agency's response: delegating compliance accountability to an AI system is not a recognized defense. Three governance gaps drove the enforcement action. General Counsel Patrick Zeller breaks down what failed and what it means for any organization running AI in a regulated workflow. Read here: https://t.co/Su5343OBSL #AIGovernance #RegTech #Compliance

"We aspire to be the CrowdStrike for AI governance." Our CEO and co-founder Raj Rajamani stopped by the Secure Ventures podcast with Kyle McNulty. This is how he thinks about building for the long game. Raj on the team he's built: smart and highly capable people who have been tested together and forged strong bonds because of it. Learn more about the JetStream team: https://t.co/56Kcu2JFcc #aigovernance #agenticai #enterpriseai

AJ Anand spent his career building large-scale infrastructure at Cohesity, Veritas, Symantec, Lightning AI, and Khoros—data protection, cloud-native systems, the foundations enterprises run on—before co-founding JetStream Security as CTO. When he and the co-founders designed the JetStream SAIG Platform, multi-cloud support was a first principle of the architecture, not something they planned to add later. AWS, GCP, OCI, and Azure were all accounted for from day one, because not every enterprise customer runs on the same cloud, and the platform needed to meet them where they already are. Moving fast in AI requires infrastructure that's portable, nimble, and built to scale from the beginning. Learn more about JetStream: https://t.co/0bHwWw4dvF #AIGovernance #CloudNative #EnterpriseAI

That's a wrap! Offset Symposium 2026 filled Mellon Auditorium with the people responsible for getting software into mission environments. Government leaders, operators, builders, and investors, all focused on the same problem: capability that's built but not yet deployed. The theme this year was "The Time is Now." After a day on the Customer Gallery floor, it's hard to argue otherwise. Thanks to Second Front for having us. Paul Loeffler and Mike McGrail represented JetStream on the floor. #OFFSET26 #AIGovernance #defensetech

Patrick Zeller has spent 30 years at the intersection of law and technology. Computer crimes in the 90s. E-discovery in the 2000s. Global privacy and GDPR in the 2010s. AI governance now. Law360 caught up with him this week to talk about that path and his role as JetStream's first General Counsel — including why high-risk AI use cases need an expert in the loop, and what happens when they don't. Read here: https://t.co/o8GcZirGQ7? #AIGovernance #GeneralCounsel #AgenticAI

You asked. We answered. Last week, Patrick Zeller, General Counsel at JetStream Security, and Keith Weisman, Head of Forward Deployed Engineering — the team that works directly with enterprise customers on AI deployment — presented to over 200 corporate directors at the National Association of Corporate Directors. Of the corporate directors in the room, 70% had an AI policy in place. Fewer than a third were performing AI discovery or maintaining a manifest of what was actually running. The session covered the questions boards are actively wrestling with right now: what the United States v. Heppner ruling means for attorney-client privilege, why AI prompts are now subject to legal holds, how agentic workflow drift happens and why it is harder to manage than hallucinations, and what advancing AI capabilities mean for remediation timelines. Real questions from real directors. We turned the answers into an article. https://t.co/3PbtBOa4Iw #airisk #aigovernance

Day 1 of the Chief AI Officer Exchange is in the books. Our very own Patrick Zeller, General Counsel, and Keith Weisman, Head of Forward Deployed Engineering, are in Chicago this week for the Spring USA Exchange, 60+ AI leaders from Truist, Amazon, AT&T, Walmart, Mars, and more. Patrick and Keith took the main stage on a topic the room needed: Rethinking New Risks in the AI Age, privacy, legal, and security considerations that can hurt you. Day 2 here we come! #caiosexchange #aigovernance #agenticai

How do you govern a system that doesn't behave the same way twice? Our CEO Raj Rajamani joined Kyle McNulty on the Secure Ventures podcast to tackle one of the harder architectural questions in AI security: stochastic controls vs. deterministic controls for AI agents. The answer isn't either/or. But the reasoning is important. Learn more about JetStream Security: https://t.co/yt9X5McU55 #aigovernance #agenticai #enterpriseai

Garden of the Gods. Pikes Peak at 14,000 feet. A closing dinner to wrap three days in the Rockies. Great trails, fresh air, and the kind of event that earns its reputation. Honored to have been a sponsor this year. Thanks to the CISO Ascent community for welcoming us. Thank you Tyler and Bryce for creating such a warm and memorable experience. Thank you Joe for masterfully capturing it all. And to Marianne Flanagan and Tyler Ferguson for representing JetStream on the ground all week! #CISOAscent #AIGovernance

Yesterday, Patrick Zeller and Keith Weisman joined NACD to talk AI risk with directors, general counsel, and security leaders. The conversation covered a lot of ground. Where legal exposure lives when employees use public AI. Why having an AI policy and enforcing one are two very different things. What boards should be asking their security and legal teams right now. The live polls reflected a pattern that keeps coming up. Most organizations have a policy. Most cannot tell you if anyone is following it or how well it holds up in practice. 74% of participants have an AI policy. 67% are not performing AI discovery or maintaining a manifest of usage. If you registered and missed it, the session is available on demand via NACD. Does your organization have a way to verify your AI policy is being followed? #airisk #aigovernance

Join in. Today at 1pm ET. Patrick Zeller and Keith Weisman are joining NACD to talk AI risk from the legal and security side. Last week, an AI agent wiped a company's entire production database in nine seconds: No human in the loop, no scoped permissions, no recovery path. For GCs and CISOs, that isn't a tooling story. It's a fiduciary one: who authorized the agent's access, what record exists of the decision, and what does your board minute say when regulators or plaintiffs ask? Patrick and Keith will walk through the governance gaps this kind of incident exposes: agent authorization, audit trails, breach notification triggers under state privacy laws, and the D&O exposure when "the AI did it" isn't a defense. If you sit in legal, privacy, or the C-suite, this hour is for you. Register and join in the conversation: https://t.co/i5oX8inr8E #airisk #aigovernance

Every AI system your enterprise deploys needs a blueprint. Our CEO Raj Rajamani joined Kyle McNulty on the Secure Ventures podcast to explain why, and what it actually takes to build one. JetStream Blueprints™ are synthesized from observed behavior, a real-time map of how your AI systems communicate, what they access, and whether they're operating within approved boundaries. Without that foundation, enterprises can't monitor for drift, can't attribute cost and risk to identities, and can't move AI into scale production with confidence. Learn more: https://t.co/Nh6esyeG3A #aigovernance #agenticai #enterpriseai

Bad week to be a trail in Colorado Springs! We're proud to be a sponsor of the CISO Ascent Spring 2026 Retreat next week in Colorado. Three days in the Rockies with some of the best security leaders in the industry. Hikes, fresh air, and conversations you can't manufacture in a conference room. See you there! #CISOAscent #AIGovernance