Good morning. Many boards are approving AI strategies without clear visibility into whether the underlying controls actually work, leaving CFOs exposed when regulators, auditors, or investors ask for proof, according to new research. In the private sector, health care appears to face the steepest challenge.
Kiteworks, a technology security company, has released its “Data Security and Compliance Risk: 2026 Forecast Report,” based on a survey of 225 security, IT, compliance, and risk leaders across 10 industries and eight regions.
One of the key findings is that 53% of organizations cannot remove personal data from AI models once it has been used, creating long-term exposure under GDPR, CPRA, and emerging AI regulations.
All respondents said agentic AI is on their roadmap, but the controls to govern those systems are lagging. Overall, 63% cannot enforce purpose limitations on AI agents, 60% lack kill-switch capabilities, and 72% have no software bill of materials (SBOM) for AI models in their environment. The result: AI systems are accessing, processing, and learning from sensitive data while organizations cannot fully track where that data goes or prove how it is being used, according to the report.
Among the 10 industries surveyed, government faces the steepest challenges due to legacy systems. In the private sector, however, health care stands out for weaknesses in controls and AI governance.
Health care organizations are also among the most conservative in AI spending. More than 80% of respondents said they currently have no API agents planned—technology that enables AI agents to connect with external systems and operate in coordinated workflows. While cautious deployment can reduce near-term risk, organizations that delay may also fail to build the governance capabilities they will need as AI use expands, Kiteworks finds.
That caution reflects long-standing economic constraints. Health care has lagged industries such as banking and manufacturing in adopting advanced technologies, largely because of thin operating margins, according to reporting by Becker’s Hospital Review. Yet industry leaders increasingly see AI as essential to financial sustainability. Cleveland Clinic EVP and CFO Dennis Laraway told the publication that AI, robotics, and automation can help health systems scale by expanding patient coverage, increasing volume, and improving speed and accuracy—supporting cost transformation amid payment reform and regulatory pressure.
Those competing forces are landing squarely on CFOs’ desks.
“Health care CFOs are navigating a uniquely difficult balancing act as AI investment pressure intensifies,” Tim Freestone, chief strategy officer at Kiteworks, told me. “Unlike tech or retail, many health systems operate on 2–3% margins in good years, which makes every technology decision feel existential rather than experimental.”
Quantifying AI’s return on investment remains especially difficult, Freestone added. “How do you put a dollar figure on faster diagnosis or reduced clinician burnout?” At the same time, any AI deployment involving patient data brings substantial compliance and security costs, he said.
Because health care has been relatively slow to develop AI governance frameworks, CFOs are increasingly being asked to approve significant investments in technology their organizations may not yet have the internal expertise to evaluate or manage, Freestone said. “They’re essentially being asked to build the plane while deciding whether to buy it,” he said.
As scrutiny shifts from AI ambition to AI execution, CFOs may find that governance—not innovation—becomes the real test.
Sheryl Estrada
sheryl.estrada@fortune.com
Leaderboard
Ann Reis was appointed CFO of Green Plains Inc. (Nasdaq: GPRE), a biorefining company, effective Jan. 6. Reis joins Green Plains from Southwest Iowa Renewable Energy, where she served as CFO, chief accounting officer, and assistant secretary of the board of directors. She has more than 20 years of experience, including leadership roles at Lincoln Financial Group and ConAgra Foods. Reis succeeds Phil Boggs, who has served in multiple finance leadership roles over the past 16 years. He departed the company on Jan. 5.
Spencer Hart was appointed CFO of Loop Industries, Inc. (Nasdaq: LOOP), a clean technology company, effective Jan. 15. Hart, who has served as a member of Loop's board of directors since February 2025, will transition into the full-time executive role. Hart will also remain a member of the board of directors. He brings over 30 years of experience, most recently as a senior managing director and senior advisor at Guggenheim Securities.
Big Deal
E*TRADE from Morgan Stanley’s monthly analysis found that the firm's clients were net buyers in 10 of 11 S&P 500 sectors last month. The three most-bought sectors in December 2025 were consumer discretionary (+13.4%), real estate (+9.8%), and consumer staples (+8.5%). Unlike recent months, the data suggested clients weren’t moving aggressively into or out of tech, according to Chris Larkin, managing director of trading and investing.
"While rotation into consumer discretionary was already evident in November, the net buying in real estate—which was one of last month’s weaker sectors—was more of a surprise," Larkin stated. "It may have reflected anticipation of lower interest rates that could potentially provide tailwinds for these stocks going forward." December also marked the third month in a row that clients were net sellers in health care, he added.
Going deeper
"Trump’s strike on Venezuela gives the U.S. 30% of the world’s oil reserves on paper and a $100 billion rebuilding job in reality" is a Fortune article by Sasha Rogelberg and Nick Lichtenberg.
From the article: "Experts warn that the path to dominance, at least as far as oil is concerned, will be an uphill battle following decades of mismanagement and sanctions. State-owned oil giant Petróleos de Venezuela S.A. collapsed in the mid-2010s following the loss of foreign financial support, as well as skilled workers to maintain pipelines. In 2017, the first Trump administration escalated oil sanctions on Venezuela, restricting the country’s access to U.S. markets. According to Helima Croft, head of global commodity strategy at RBC Capital Markets, oil companies’ efforts to grow production, such as rebuilding infrastructure, would take about a decade." Read the complete article here.
Overheard
"We walked out of the event feeling even more bullish about Nvidia and the overall AI Revolution as the next stage of investments and technology are on the horizon."
—Wedbush Securities analysts wrote in an industry note on Monday after attending Nvidia CEO Jensen Huang’s keynote at CES in Las Vegas. Huang unveiled Rubin, the company’s first extreme-codesigned, six-chip AI platform now in full production, and introduced Alpamayo, an open reasoning model family for autonomous vehicle development. This is part of a "sweeping push to bring AI into every domain," according to the company.
