The Inventory Trap: Why Knowing What You Have Is Not the Same as Managing Risk

Here is a question I ask every risk team I work with: can you tell me what your ten most expensive risks are, in dollars?

Not red, yellow, or green. Dollars.

The silence that follows tells me everything.

Most enterprise security programs are very good at finding things. Asset inventories, vulnerability scans, shadow IT discovery, AI tool audits. We have built an entire industry around the discipline of visibility. And visibility is not nothing. You cannot manage what you cannot see. But somewhere along the way, the security profession started treating discovery as the destination instead of the starting line.

It is not. Knowing what you have is table stakes. The real work starts after the inventory closes.

I run enterprise cybersecurity at the state level. That means dozens of agencies, hundreds of thousands of devices, and a regulatory surface that touches federal law, state statute, and the daily lives of real people. At that scale, you learn fast that the danger is not ignorance. The danger is false confidence. A completed inventory feels like progress. It looks like progress on a dashboard. But an inventory with no risk quantification attached to it is just a very detailed list of things you might lose.

The FAIR community has been making this argument for years, and I think they are right. If you express a risk as a color on a heat map, you have described your anxiety. If you express it as a financial range tied to probability, you have described a decision. Boards do not fund anxiety management. They fund decisions.

AI is making this gap impossible to ignore.

For the past few years, the default posture toward AI in security programs has been: discover, catalog, then figure out the controls. That worked when AI tools were novelties used by a handful of power users. That era is over. AI is now embedded in how work actually gets done. Developers are running code through AI assistants. Finance teams are generating analysis with large language models. Operations staff are automating workflows with agents they configured themselves, on a Tuesday afternoon, with no ticket submitted to IT.

The inventory problem used to be a slow leak. With AI adoption spreading at this pace, it is a burst pipe.

But here is what I want to push back on: the answer is not a better AI inventory. The answer is a risk program that can absorb continuous change and still produce prioritized decisions.

Aviation safety culture teaches this through what it calls the chain-of-error model. Accidents do not happen because of one failure. They happen because of five or six small failures that reinforce each other until the outcome becomes inevitable. The safety discipline is not about eliminating every failure. It is about breaking the chain before it completes. You build checks at every link because you know the links are always changing.

Cyber risk with AI embedded across the enterprise works the same way. The exposure does not live in any single tool or system. It lives in the interactions: between the AI assistant and the data it accesses, between the automated decision and the human who no longer reviews it, between the third-party model provider and the contractual obligation nobody read carefully enough.

One of the smartest reframes I have heard recently is this: AI risk is not a technology problem you solve once. It is an ecosystem problem you manage continuously.

That changes everything about how you staff, tool, and report.

A point-in-time assessment of your AI exposure tells you what was true on the day someone ran the audit. In a fast-moving environment, that information decays within weeks. What organizations actually need is a monitoring posture that treats risk as a live variable, not a periodic checkbox. The same continuous intelligence model that security teams use for threat actors needs to be applied to internal AI adoption. Where is AI being used? By whom? With what data? Under what controls? And, critically, what is the business consequence if any one of those answers changes unexpectedly?

Third-party risk compounds this. The third-party questionnaire model was already creaking before AI accelerated everything. Annual assessments create blind spots you could drive a freight train through. A vendor's security posture can deteriorate materially in three months. Their AI provider can change their data retention policy in a terms-of-service update nobody flagged. The exposure is real and it is continuous, but the review cycle treats it as static.

I do not think the answer is to slow AI adoption. That argument does not survive contact with the business. The business will adopt AI because AI produces outcomes. The job of the security program is not to stand in front of that adoption. The job is to make adoption survivable: to understand the exposure fast enough, accurately enough, and in financial terms clear enough that the organization can make real tradeoffs.

That requires three things to exist simultaneously.

First, continuous discovery. Not annual. Not quarterly. Running, always, with automated triggers when something materially new appears.

Second, quantification tied to business impact. Not a risk score from one to ten. A range of probable loss in currency, weighted by likelihood, broken down by scenario. That is the language the CFO and the board can act on. That is what moves budget.

Third, integration across risk functions. The AI tool that a marketing team adopted is not purely a security problem. It is a privacy problem, a vendor management problem, a data governance problem, and possibly a regulatory compliance problem, all at once. The teams managing those disciplines need shared vocabulary and shared frameworks, or you get five parallel conversations that never produce a single clear decision.

This is not a technology problem. It is an organizational design problem. And it is solvable, but not by adding another discovery tool to the stack.

The organizations that manage AI risk well over the next few years will not be the ones with the most restrictive policies or the most aggressive deployment. They will be the ones that can answer the question I ask at the start of every risk conversation:

What are your ten most expensive risks, in dollars?

If you can answer that question clearly, and update that answer as the environment changes, you are doing risk management. Everything else is inventory.