AI is permeating markets at scale, adopted and applied at pace, with security often an afterthought. While companies are eager to tap the technology, Cloudflare urges them to take stock of their resources and infrastructure to ensure the best integration possible.
Speaking at the ITWeb Security Summit 2026 in Johannesburg recently, Özgür Danisman, director of solutions engineering for META at Cloudflare, said businesses want to leverage AI, customers want chatbots, and employees want AI’s capabilities – but the situation demands caution.
"Are we ready to secure this technology and adopt it in our organisations the old way, using deterministic security tools?" he asked. "It's like driving a Ferrari without brakes. That's not what you want."
Danisman said customer AI use cases fall into several categories. “Think about the AI in your applications that you expose to the public. Today, customers are using agents to browse different sites and get the best price. This is what they expect, and you need to provide this capability.”
But this requires careful consideration, he added, including whether to invest in massive GPU farms. “Are you going to have these hosted somewhere in the US? How are you going to cope with that?”
Danisman also raised the issue of employee use of AI. He said if employers believe they have blocked it, they haven’t.
“You’re fooling yourself. Employees are already using it. It’s better to enable them, to give them tools that can be used in a secure way so customer information is not leaked.”
The rationale, he explained, is that it is better for employers to empower employees with secure tools than to have them engage in shadow AI and heighten risk.
Danisman said customers are eager to invest in AI, but most markets are at the beginning stages of adoption.
“There are different maturity models we see in customers, starting with shadow AI, where employees use the technology and managers try to apply governance while also ensuring confidential information is not shared with AI tools.”
Companies without controls in place can face legal and compliance issues. One control mechanism is knowing what needs to be governed, which is complicated by the sheer volume of AI applications available.
Danisman explained that these tools are "perforated", making it difficult for customers to grasp what is risky and what they can allow.
Before companies have a knee-jerk reaction to AI, Cloudflare advises business leaders to ensure they can protect data these AI services use.
Danisman cited McKinsey research showing that 78% of C-level executives feel their AI applications are not mature enough to perform functions and add value.
“You need agility. And you need to make sure these AI applications can scale up and down depending on burst traffic," he said. "If you're an e-commerce site selling tickets and a new show causes a huge spike, you have limited capability and your AI application will not be able to respond. You need to scale with changing traffic patterns."
In addition to guardrails, governance and security, companies must have the requisite data to prompt and train AI.
Cloudflare underlines the role of model context protocol (MCP), a guardrail that acts as a server to mediate connections between agentic AI and the outside world.
“Think of it as an API," Danisman said. "Agents need to talk with the outside world, and MCP servers act as the ‘go-to people’. But is this MCP really coming from a trusted source? These MCP servers can run locally on people's devices, so there could be a lot of risks – code execution can happen, credentials can be stolen. You want to use authorised MCP servers.”
Danisman pointed out that AI can be used for scale, sustainability, automation and productivity – but always with security and governance in mind.

