Fayeron Morrison

AI is showing up in every boardroom—but most boards don't know what to ask. I help directors and executives cut through AI theater and get to what actually matters: risk, oversight, and accountability. A quick intro 🧵

Issue 47 - now in podcast form. Vercel. ShinyHunters. The token that shouldn't have existed. Plus a callback to the Mountainhead Effect - Scattered Spider's playbook, now with new actors. elementalaimatters.substack.com/publish/posts/… #AIGovernance #Cybersecurity

"We don't really use AI" is the diagnosis, not the defense. Every browser extension, meeting assistant, and résumé screener is enterprise AI now — whether the board knows it or not. If management can't produce the inventory, you already have your answer.

Six questions every private-company board should ask this quarter:

Don’t assume your AI security stack has to live in the cloud. At Planet Cyber Sec AI AppSec, @Ron_Dilley shows what happens when you take it local: threat detection, triage, and intel analysis running on infrastructure you control. Not anti-cloud. Just pro-choice. Built. Running. No vendor pitches. #PlanetCyberSec #AppSec #CyberSecurity #infosec #AI planetcybersec.com/060326-appsec/

The Vercel breach didn't start with malware. It started with one employee clicking "Allow all" on an AI tool's permission screen. That's not a security story. That's governance. Issue 47 ↓ open.substack.com/pub/elementala…

Issue 46 — now in podcast form. Caremark. Blue Bell. The Control+F test. 15 minutes. Worth it. 🎧 elementalaimatters.substack.com/p/issue-46-ele…

Built a free Caremark gap analysis for private company boards. Four questions. Thirty seconds. You get: -- Your AI oversight gaps vs. the legal standard -- The Five Moves you have not yet made -- Minute language you can use next week elementalaimatters.substack.com/p/the-ai-overs…

Three Navigator Domains. Three questions Caremark actually asks about board oversight. Zero wiggle room. The framework is in Issue 46. ↓ elementalaimatters.substack.com/p/issue-46-the…

Cybersecurity Leaders Panel @ Planet CyberSec AI AppSec Conference AI is rapidly reshaping the threat landscape, from internal adoption risks to adversarial use in the wild. How are security leaders keeping up? Join @RAGreenberg , Serafino Sini, @ElementalAIHQ, and @0xHorica for a dynamic panel exploring the real-world challenges of securing AI-driven environments. Expect candid insights on governance, emerging threats, and how organizations are balancing innovation with risk. If AI, AppSec, and security leadership are on your radar, this is a must-attend session. planetcybersec.com/060326-appsec/ #PlanetCyberSec #AppSec #CyberSecurity #infosec #AI

Boards don't get evaluated on what they discussed. They get evaluated on what they can show. Five moves to build a defensible AI oversight record -- Issue 46. ↓ elementalaimatters.substack.com/p/issue-46-the…

Open your last 12 months of board minutes. Ctrl+F -> AI Now ask: if that word disappeared -- would anything meaningful change? If the answer is no, that's not an awareness problem. It's an evidence problem. Issue 46 ↓ open.substack.com/pub/elementala…

If you only do one AI governance thing this week: Find out where your board actually sits. 8 minutes. elemental-ai-assessment.netlify.app

"AI risk is no longer contained to the person using the system. It extends to anyone in the splash zone." open.substack.com/pub/elementala…

On March 4, 2026, Nippon Life Insurance sued OpenAI in federal court. For the unauthorized practice of law. If a chatbot can be found practicing law without a license, every regulated profession just moved. Full breakdown:elementalaimatters.substack.com/p/issue-45-you…

Every organization wants to "do more on AI governance." The right one thing to do first is entirely a function of where you actually are. Not where you'd like to be. That's what maturity models exist for.

Two companies can use the same AI tool and sit in completely different risk positions. One has clear ownership, controls, monitoring. The other has a pilot and a slide deck. Your maturity level is the shorthand for which one you are.

So we built a companion for that first step. The 8-minute Maturity Index. Built on the same maturity logic the WEF and others are standardizing. elemental-ai-assessment.netlify.app

For boards, only one of those answers counts. The Navigator's diagnostic questions are calibrated to your self-reported maturity level. Miscalibrate the input and the diagnostic misfires silently.

It isn't denial. It's perspective. Inside the company, you see effort, intent, the plan that's almost ready. Outside, a regulator weighs what exists today. Same question. Two very different answers.

We ran a beta on the Elemental AI Governance Navigator. Leaders rated themselves one to two levels above where the evidence placed them. Almost universally.