Optiv CRO: AI Driving New Enterprise Security Risks

Enterprise security teams are under increasing pressure as AI adoption accelerates, introducing new risks around identity, governance, and operational resilience. 

Channel Insider spoke with Optiv CRO John Hurley about how enterprise priorities are shifting—and where partners are seeing the most demand in 2026.

Optiv’s advisory model reflects shift toward services-led security

Optiv supports its enterprise customers with a wide range of security services and consultation-based work. To do so, it works closely with many security vendors as trusted partners to deliver that technology to customers.

“We’re in a very unique position in the marketplace now,” said Hurley. “We’re helping our partners go to market differently now and we act as advisors to both our clients and to our technology partners.”

Hurley told Channel Insider that while technology has changed greatly over the last decade since Optiv’s founding, its fundamental mission has stayed consistent.

“Our value has always been in our core construct, which is to meet customers where they are and get them to where they want to be,” Hurley said.

CISOs gain influence, but face growing operational complexity

Hurley said that as the company has worked with customers over time, he’s noticed the changes in what CISOs and CIOs require from their trusted partners.

“Thankfully, CISOs and CIOs have a seat at the table now with board-level conversations,” Hurley said. “Not all of those leaders were prepared, though, for what that requires. It’s great they finally have a voice, but we definitely help consult and train how they react with those conversations.”

Optiv can manage a company’s technology strategy in a holistic approach, Hurley said, that allows CIOs and CISOs to spend more time working in the business on key initiatives with other executives.

“We advise, we deploy, and we can manage that technology for our customers,” Hurley added. “This business is getting harder every day. CISOs need us, because they’re being pulled in so many directions, and they have so many pieces of technology in their stack it’s almost impossible to keep up with everything.”

AI adoption introduces new enterprise attack surfaces

It shouldn’t surprise anyone in the channel to hear that Optiv has spent a lot of time over the past few years working its customers on AI planning and understanding.

“Everyone’s trying to figure out AI, for sure,” Hurley said. “I would be shocked if there isn’t a CEO in a business anywhere right now saying they need figure out how to get AI into their business.”

To Hurley, many enterprises are still in the early stages of AI adoption, including agentic AI deployment projects, and that leaves opportunities for partners like Optiv to advise on best practices moving forward.

At the same time, attackers are using AI to automate phishing, vulnerability discovery, and social engineering at scale, compressing attack timelines.

Growing regulatory scrutiny around AI and data governance is also pushing enterprises to formalize security controls earlier in deployment cycles.

Identity becomes critical as AI agents scale

One of those best practices has resurfaced an old security focus: identity management. 

Security teams are increasingly treating AI agents and automation tools as non-human identities, expanding identity governance frameworks beyond human users.

“We do a lot of work around identity, and really we always have, so it’s a natural place for us to have conversations with customers when they bring up AI,” Hurley said.

Core security priorities remain: cloud, data, and resilience

While there are many ways in which the security landscape has changed, Hurley told Channel Insider Optiv is still focused on some of the foundational aspects of cybersecurity that remain true regardless of change.

“What was old is new, in some ways,” said Hurley. “Most companies have always been the most concerned with protecting their intellectual property, and that’s no less true now with AI. The challenges in some ways aren’t changing, but the speed at which things need to happen is much faster now.”

Hurley said cloud security and data-related governance remain a priority for Optiv and its customers, as do services like managed detection and response (MDR) that allow organizations to maintain a focus on both prevention and response to potential attacks.

“Today, it’s all about the recovery of your business. You have to stay operational; even a few hours of downtime is a massive problem,” Hurley said. 

As AI adoption continues to accelerate, Hurley expects enterprise security strategies to become more tightly aligned with business continuity and resilience. 

For partners like Optiv, that means deeper involvement in identity governance, cloud security, and managed response—areas where demand is likely to intensify as organizations work to balance innovation with risk.