Skip to main content
Talk to an Expert

Karl Mosgofian on the AI Risks Most CIOs Are Missing

Karl Mosgofian on the AI Risks Most CIOs Are Missing
AI Impact: Transcript
May 24, 2026
Floyd Smith
Floyd Smith Floyd Smith is a member of the Larridin Content Team. He is a successful author and experienced B2B marketer for technologies ranging from databases, to reverse proxies, to quantum computing and AI.

On a recent episode of AI Impact, host Russ Frieden sat down with Karl Mosgofian, the former CIO of Gainsight and now a CIO advisor.

Their conversation is aimed squarely at enterprise technology leaders. Karl spent the hour challenging some of the assumptions that have hardened around enterprise AI over the last two years and argues that most CIOs are bracing for the wrong security threat.

The shadow AI problem CIOs haven't reckoned with

Karl's most pointed critique is about where security attention is being spent. CIOs, he says, are overly worried about their contracted SaaS and LLM vendors. Those vendors have signed contracts and completed security reviews; they have solid business reasons not to misuse data. "If they mess it up, their whole company is gone." Karl notes.

The real exposure, in Karl's view, is the free AI tool an employee downloaded without telling anyone: no contract, no IT review, no company visibility. His point lines up with a finding that Russ reports from Larridin's own customer base: roughly two-thirds of the AI tools in use inside an enterprise are unknown to the CIO.

For CIOs and CTOs trying to set governance priorities, Karl's message is clear: the threat is on the unsanctioned side of the wall, far more than the vendor side.

Agents need their own identity in directory services

Karl then brought up a topic many enterprises haven't yet operationalized: identity for agents. When agents take real action inside a company, the question of who did this becomes critical. If an agent acts solely under a human's credentials, accountability collapses when something goes wrong.

Karl pointed to Microsoft's recent move authorized agents now has their own identity within directory services, rather than running as the human who deployed the agent. For CIOs and CTOs, the implication is concrete: HCM and IAM strategies need to evolve to treat agents as first-class principals. Without this, audit trails, least-privilege controls, and incident response all degrade as agents proliferate.

Why CIO and HR are aligning

Karl agreed with Russ's thesis that the CIO and HR functions are converging. As agent workforces scale, the line between managing humans vs. managing systems that do human work blurs. Karl is careful to note that HR's legal and employment-law expertise won't vanish into IT, but he sees plenty of overlap waiting to be captured: shared help desks, shared policies, shared onboarding flows. Greenfield companies, he suggested, have a chance to design these functions together from day one.

The anatomy of AI projects that actually scale

For all the experimentation of the last two years, Karl's recipe for a successful AI project sounds refreshingly old-fashioned: start with the problem you're trying to solve and define how you'll measure whether it worked. He warns that the common approach—"cool stuff, let's throw it in there"—is an acceptable approach for generic productivity tools, but a budget-burner when applied to higher-stakes departmental projects. CFOs, he predicted, are about to start asking CIOs to consolidate the ten overlapping tools that experimentation produced, ending what Karl called the current "golden glow" of AI freedom.

He was equally direct about adoption. Top-down Zoom trainings produced little movement at Gainsight. What worked was small-group peer learning: teammates trading real, relevant use cases. Karl framed prompting as a new core skill, comparable to the need to learn how to search Google effectively for research, beginning in the 2000s. CIOs and CTOs who underinvest here, he warned, are simply leaving value on the table.

Where AI will hit next

AI has already become normalized in Engineering and customer support. Where will it be more fully accepted next? Karl suggests the answer will derive from the first principles of LLM functionality: it's a large language model. The functions that work primarily with words will benefit most. He named legal, marketing, and technical documentation as the next wave.

Karl describes this moment as the most exciting stretch of his career. Department heads who once viewed the CIO as an obstacle now want partnership. This window won't last forever; once CFOs start demanding ROI, CIOs will return to the gatekeeper role. But for now, Karl's advice to enterprise technology leaders is to get agent identity right, take shadow AI seriously, and invest in the small-group learning that actually moves adoption.

Listen to the full conversation between Russ Frieden and Karl Mosgofian on AI Impact.