Welcome to this week’s edition of CIOsurge!

This week:

• From my conversation with Cy Khormaee, we talked about how cheap generative tooling and compromised delivery channels are pushing serious email threats into smaller organizations, which means inbox security now belongs in your business continuity planning, not just IT hygiene.

• With Microsoft Agent 365 treating AI agents like first class entities, CIOs need to design an agent control plane that covers identity, least privilege, lifecycle, and audit before bots start taking real actions in ERP, CRM, and finance.

• AWS and Google standardizing multicloud networking is a clear signal that cross cloud topologies are becoming normal, so now is the time to set your multicloud principles, guardrails, and ownership model before the tooling makes sprawl effortless.

Let’s make this week a game-changer.

Stay sharp. Stay ahead.

💡 Guest Expert Insights: Cy Khormaee

⬇️ Security Is Moving Downmarket

Cy has watched the same nation-state playbook target small companies. Cheap generative tooling plus compromised delivery channels make “why us” a dangerous mindset.

Install protections early. Put something watching the front door on day one, then sweep what is already delivered. Teach teams the two checks that matter most: verify the sender via a trusted channel and slow down before any “action.”

Treat email risk as a business continuity problem, not an IT chore. If your inbox is not usable during a surge, your company is not either.

www.aegisai.ai 

🧩 Microsoft Agent 365 targets AI bot sprawl

Microsoft's new Agent 365 gives enterprises a central registry to manage AI agents across their environment, tracking usage, permissions, and behavior in real time. By treating agents like employees, it aims to tame bot sprawl, reduce security risk, and make large-scale automation deployments more governable.

If you're serious about agents in production, this is the kind of control plane you’ll need. Once bots can take real actions in ERP, CRM, or procurement, you can’t rely on ad hoc tracking spreadsheets and tribal knowledge. A unified registry, permissions model, and activity view becomes non-negotiable for audit, security, and compliance.

The question isn’t whether agents are coming into your environment — they already are via Copilot, SaaS products, and skunkworks experiments. Your job is to decide how they’re onboarded, governed, and decommissioned. Start designing policies now for agent identity, least-privilege access, monitoring, and incident response, or you’ll inherit an unmanageable bot shadow IT.

- Zack Tembi

Read the full story

☁️ AWS and Google set new baseline for multicloud networking

AWS and Google Cloud launched a joint multicloud networking service that links AWS Interconnect - multicloud with Google Cloud Cross-Cloud Interconnect, with Azure joining in 2026. It introduces an open interoperability spec and point-and-click provisioning, pushing AWS's model toward a de facto multicloud standard.

This is a pivotal signal that multicloud is no longer a fringe architecture but the expected default. If the largest providers are standardizing connectivity, your network strategy, security model, and data placement assumptions all need a fresh look.

For CIOs, this is leverage and risk at the same time. Easier interconnects reduce friction and migration cost, but they also make it simpler for the business to spread workloads across vendors. Now is the moment to define your multicloud principles, guardrails, and ownership model before the tools make sprawl effortless.

 - Zack Tembi

Read the full story

🗞️ At A Glance

AWS pitches enterprises on frontier agents built for scale, autonomy

Anthropic’s Claude Opus 4.5 pricing cut signals a shift in the enterprise AI market

CrowdStrike CEO talks relationship with AWS: 'We're now part of the ecosystem there'

CrowdStrike Unveils Real-Time Cloud Detection and Response Innovations

OpenAI is under pressure as Google, Anthropic gain ground

Agentic AI’s rise is making the enterprise architect role more fluid

Congress mulls preempting state-level AI laws — again

💡 CIO Spotlights

AmeriLife taps Sulabh Srivastava as CIO to unify tech across affiliates

• AmeriLife created a new CIO role and appointed Sulabh Srivastava to lead enterprise technology and platform integration across its growing affiliate network.

• Srivastava brings two decades of experience from Acrisure and major health systems, with a track record in AI, automation, and cybersecurity at scale.

• The move signals a push to standardize systems, improve data-driven decisions, and accelerate digital transformation company-wide.

  Read the full story

Arvest Bank hires Jennifer Baker as CIO to lead modernization push

• Arvest Bank named Jennifer Baker as its first chief information officer as part of a multi-year tech overhaul.

• Baker brings 20+ years across fintech, banking, and cybersecurity, including five years as CTO at Synovus.

• She’ll run all tech teams, focusing on data access, employee enablement, and improving customer experience.

  Read the full story

🗞️ Submit a Section

Want to be featured in the next edition of CIOsurge?

Send us your story

🤝 Jobs

Deputy CIO - The Planet Group

Field CISO - SHI International Corp.

CIO - USPTO

CISO - The Campbell's Company

CIO - Valmont Industries, Inc.