As organizations accelerate the adoption of generative AI, boards of directors and AI committees are asking new questions: Where is AI being used? What risks does it create? And how are we governing it?

‍

To support CISOs navigating these conversations, our team has released a new Template for CISO GenAI Presentation to the Board or AI Committee. This free resource provides a structured framework to help security leaders communicate clearly, bridge the technical-to-business gap, and address the questions boards care about most.

‍

At its core, the template is built around four main agenda items:

‍

1. GenAI Adoption – CISOs can showcase sanctioned tools, employee-driven activity, and shadow AI usage. Visuals such as adoption growth charts and sanctioned vs. unsanctioned comparisons help answer a fundamental board question: How widely is AI being used, and in what ways?

‍

2. Risk Landscape – The template highlights the primary risks associated with AI adoption, including data leakage through prompts and uploads, account switching between personal and corporate apps, unmonitored extensions, and regulatory exposures like GDPR or HIPAA. Boards want to know: What are the main risks AI introduces to us?

‍

3. Risk Exposure and Incidents – Quantifying exposure is key. This section allows CISOs to report on sensitive data attempts blocked, categories of data most at risk, and even near misses or incidents involving AI tools. The framework encourages dashboard-style reporting that directly answers: How much risk exposure do we really face, and can we measure it?

‍

4. Governance and Controls – Finally, the template provides space to demonstrate guardrails in action: acceptable use policies (AUPs), employee awareness training, integrations with data sensitivity labeling tools, vendor risk reviews, and browser-level enforcement examples. This is where CISOs can show how policies translate into real-world prevention and compliance, answering the board’s question: What guardrails have we put in place, and how do we enforce them?

‍

By organizing these four agenda items into a cohesive story, CISOs can speak the language of risk and governance rather than technology jargon. The result is a clearer dialogue with leadership, greater confidence in AI oversight, and a stronger foundation for trust.

You can explore and download the template here: Keep Aware GenAI Board Template