AI Is Already in Intelligence Workflows. The Governance Hasn't Caught Up.
- Oludare Ogunlana
- 3 days ago
- 3 min read
Intelligence practitioners and educators from academia, industry, and government gathered this week at the University of North Georgia — one of America's six senior military colleges — for the IAFIE 2026 Annual Global Conference. The paper I presented, Ethical and Strategic Governance of AI in Intelligence and Cybersecurity Operations, opened with a scene that has become routine in our profession.
An intelligence analyst opens her morning brief. A model has flagged three threats overnight, summarized each in two paragraphs, and assigned each a confidence score. She has fifteen minutes to decide which goes to her director. She does not know how the model arrived at any of those conclusions.
This is modern intelligence, cybersecurity, and law enforcement work. AI is in the workflow today. The governance frameworks meant to guide it have not yet caught up. For practitioners and policymakers, the lag is becoming a liability.
What AI Governance Actually Means
In plain terms, AI governance is the set of rules, roles, and review processes that determine how an AI system is built, deployed, and held accountable. For intelligence and cybersecurity work, it answers a basic operational question: when an AI tool produces an output — a threat assessment, a person of interest, a recommended action — who is responsible if it is wrong?
The honest answer in many organizations today is "nobody specifically." A model was deployed, an analyst trusted its output, a decision followed. When the result is bad, accountability dissolves into the architecture. In commercial settings, that means lawsuits. In intelligence and cybersecurity, it means wrong targets, missed threats, and eroded public trust.
"Three frameworks have emerged. None was designed with intelligence operations in mind."
Three Frameworks Worth Knowing
NIST AI Risk Management Framework (RMF 1.0). Published by the U.S. National Institute of Standards and Technology in January 2023. Voluntary, organized around four functions: govern, map, measure, and manage. The most widely used reference in U.S. federal and corporate practice.
European Artificial Intelligence Act. Europe's binding regulation, in force since 2024. Classifies AI systems into risk tiers from prohibited to minimal. Penalties run as high as seven percent of global annual turnover.
ISO/IEC 42001:2023. The first certifiable international standard for an AI management system. Familiar to teams already certified to ISO 27001, it offers an auditable structure for enterprise AI governance.
Procurement officers, partners, and regulators increasingly expect organizations to be conversant with at least one.
What Real Oversight Looks Like
Frameworks alone do not protect. The paper argued that the operational test is whether daily work reflects four disciplines:
Role clarity. Who approves an AI-assisted product? Who can halt it? Documented in advance, not improvised after an incident.
An inspectable reasoning trail. Not full mathematical explainability — a realistic record showing what data went in, which model version ran, and what decision followed.
Failure-safe defaults. Systems that flag low-confidence outputs rather than hiding them, and that degrade gracefully when they fail.
Skilled reviewers. Analysts trained to interrogate AI output, not rubber-stamp it. Automation bias is a training problem as much as a technology problem.
"Meaningful human oversight is operational, not aspirational."
These disciplines are within reach for any team willing to invest. They require new habits, not new technology — written into policy and reinforced through practice.
What Comes Next
The frameworks, the risks, and the oversight disciplines come together in one practical question: are we using AI in ways we can defend if something goes wrong?
The question is not abstract. As I delivered this paper, thirty-nine schoolchildren and seven teachers remained in captivity in my native Oyo State, Nigeria. Every modern security response depends on intelligence tools and the governance around them. The stakes are people, not policy.
OSRS helps intelligence, cybersecurity, and law enforcement organizations turn AI governance frameworks into operational reality — through framework assessments, policy development, analyst training, and oversight architectures built for the environments where the stakes are highest.
⸻
AUTHOR BIO
About the Author
Dr. Oludare Ogunlana is the Founder and CEO of OGUN Security Research and Strategic Consulting (OSRS), a Texas-based intelligence and security firm, and Teaching Faculty in the Department of Cybersecurity at Collin College in Frisco, Texas. He holds a Ph.D. in public policy and security studies, along with the CISSP, AIGP, CIPP/US, and FIP credentials. His research focuses on the convergence of cybersecurity, intelligence, and AI governance. He is a frequent speaker at international intelligence and security conferences, including the IAFIE Annual Global Conference.
Comments