How One CIO Made the Case for AI Security Before Anyone Else Was Asking

AI is moving faster than policy, and the pressure to act — or at least show progress — is intense. Organizations draft policies, issue tool licenses, and stand up governance committees. Meanwhile, employees are already using AI tools that IT hasn’t approved, for workflows that haven’t been mapped, at a risk level that nobody’s measured.

One CIO I recently spoke with decided to approach the problem differently.

“There’s still a lot of FOMO out there. We’re all in the early phases of this, and some leaders have overspent. You have to be very strategic about where and how to deploy capital in this area.”

He’s not an AI skeptic — far from it. He runs IT at a company with iconic brands, aggressive innovation targets, and an AI strategy tied directly to business outcomes. But before he set a single control, he wanted first to understand what was actually happening inside his organization.

Making the Case Before Results Existed

The company is Just Born Quality Confections — makers of iconic brands like PEEPS®, MIKE AND IKE®, HOT TAMALES®, and GOLDENBERG’S® PEANUT CHEWS®. The CIO, Chidi Alams, is running IT in a highly competitive industry where companies must continuously adapt to changing consumer demands while operating efficiently at scale. At Just Born, AI is one component of a broader data, analytics, and automation strategy designed to generate better insights, enable more informed decisions, and help the business operate more effectively.

When most organizations were still debating whether AI security was even necessary, Alams was already moving. Just Born became an early customer of Aim Security, the AI security company that Cato acquired last fall, and has since integrated into the Cato SASE platform as Cato AI Security.

As Just Born accelerated its AI initiatives, Alams ensured that AI security was part of the conversation with both the executive team and the Board. The discussions were less about overcoming objections and more about building a shared understanding of the opportunities, risks, and governance considerations that accompany the adoption of AI.

For Alams, visibility was foundational. “I can’t mitigate risk that is blind to me. With the opportunities that come with AI come real risks, and you can’t manage what you can’t see.”

His view was straightforward: as employees increasingly interact with public AI tools, organizations need visibility into how those tools are being used and what data may be flowing outside their traditional security boundaries. Cato AI Security provided both the visibility and policy enforcement capabilities needed to help manage that risk while enabling responsible adoption.

The conversation wasn’t solely about security. It was also about making more informed investment decisions as AI adoption continued to evolve across the business.

“Instead of blanket-issuing expensive licenses, let’s first understand how AI is actually being used across the organization. That visibility helps us make better decisions about where to invest, which tools to standardize on, and how to allocate resources going forward.”

For Alams, AI visibility serves a dual purpose. It helps strengthen governance and risk management while also providing valuable insight into employee adoption patterns, emerging use cases, and future investment opportunities.

With that perspective, the organization moved forward with the investment as part of its broader AI strategy.

What the Data Actually Revealed

With Cato AI Security in place, Just Born got its first picture of AI usage across the organization — every app in use, sanctioned or not, with prompt activity classified by risk level. Shadow AI, which most organizations suspect but struggle to quantify, became visible and manageable.

That visibility is now driving two priorities for Alams.

The first is policy.

Just Born’s AI governance committee is newly established and beginning the work of formalizing the company’s approach to AI policy — the rules that Cato AI Security will enforce. When it updates its generative AI acceptable use policy, real usage data from Cato AI Security will guide the decisions instead of assumption or generic industry templates.

“Cato AI Security is going to be a major input into the next version of our policy. We’ll have the data to make intelligent decisions about where to apply controls — and why.”

The second benefit was training.

When Just Born began its employee AI education efforts, the sessions were developed through a collaboration between the IT team and an external AI consultant. While the training drew on industry best practices and expert guidance, insights into how AI was being adopted across the organization helped shape portions of the content and ensure it reflected real-world employee interests and use cases.

Those insights also helped identify a few AI power users across the business. Across multiple Lunch & Learn sessions, the IT team and its consulting partner invited employees from functions including HR and Marketing to share how they were experimenting with AI in their day-to-day work, providing practical examples that complemented the broader training program.

“It’s the same type of insight you look for in consumer research. Understanding how people are actually using a technology helps you develop more relevant training, identify promising use cases, and accelerate adoption.”

For Alams, the goal isn’t to monitor employees — it’s to better understand how AI is being used across the organization so the company can provide more targeted training, stronger support, and clearer guidance as adoption continues to grow.

Built for the Roadmap, Not Just Today

The company’s AI strategy extends well beyond public LLMs. Areas of exploration include agentic AI, sovereign AI capabilities grounded in the company’s own data, and domain-specific AI applications designed to support key business functions and decision-making processes across the enterprise.

Each of those expands the AI footprint and the potential attack surface. Alams says that’s exactly why he chose a platform built for enterprise AI security thinking from day one.

“I need visibility not only for public LLMs, but as we get deeper into agentic use cases. Cato AI Security becomes the core platform to secure our AI transformation — not the only platform in our toolchain, but the foundation everything else runs through.”

What I Took From This Conversation

Most of the leaders I talk to aren’t avoiding AI risk management — they’re grappling with it. The challenge is often making the case before the results exist, securing budget for an investment that’s hard to quantify, and deciding where to start.

What resonated about Alams’ approach was the sequencing — and the goal behind it. The aim was never to build walls around AI. It was to understand how AI was being used, establish governance and security policies grounded in the organization’s risk profile and business objectives, and use adoption insights to help inform and refine those policies over time.

For Just Born, that meant starting with visibility and choosing a platform that could support AI as it scaled in the org, from day-to-day usage through agents.

Alams has a name for what he is building toward: secure enablement. Not restricting AI, but enabling it responsibly while protecting what matters most. As organizations continue to explore AI’s potential, the challenge is not whether to adopt the technology — it’s how to do so in a way that balances innovation, governance, and risk.

He puts it plainly: “Be disciplined, tie your investment to your actual business plan, and get the visibility in place early. A policy has little value without the infrastructure to provide observability and, ultimately, enforcement. Everything else follows from that.”

Learn more about Cato AI Security.

Just Born Quality Confections has been crafting iconic American candy since 1923. Headquartered in Bethlehem, Pennsylvania, the family-owned company manufactures and markets beloved brands including PEEPS®, MIKE AND IKE®, HOT TAMALES®, and GOLDENBERG’S® PEANUT CHEWS®. For more than a century, Just Born has delighted consumers with some of America’s most recognizable confectionery brands.