Former Texas Chief Information Security Officer Nancy Rainosek told attendees of a recent Darwin webinar that Texas agencies are less focused on artificial intelligence hype than on visibility, governance and control.
Rainosek, who joined Signature Advisory Partners LLC last year as a senior consultant, described inventory as a foundation of AI governance rather than a one-time exercise, pointing to the need for agencies to track AI use over time, assign accountability and understand how systems are changing inside their environments.
She also highlighted shadow AI as a practical concern. In one example from her time in the public sector, sensitive employee information was uploaded into ChatGPT during an attempt to verify payroll calculations, underscoring how data exposure can happen when employees are trying to work efficiently without clear guardrails. The concern points to growing interest in stronger controls, safer internal alternatives and better oversight of how public tools are used.
Sandboxing also emerged as an important part of responsible adoption. According to Rainosek, systems that can be tested in controlled environments and show visible results may have a clearer path forward than broader pitches centered on transformation alone. Rainosek tied that conversation to Texas policy requirements, including the Texas Responsible Artificial Intelligence Governance Act, Gov. Greg Abbott’s prohibited technology list and Texas Administrative Code Chapter 219.
Rainosek also made clear that AI buying decisions will not rest with security leaders alone. The former state CISO described governance as a shared effort involving executives, legal, procurement, data management, business owners and security teams, meaning companies selling into state government will need to address compliance, operational fit and ownership alongside innovation.
Data governance remained another central theme. Rainosek warned that agencies without strong data classification and data quality practices will struggle to get reliable results from AI systems, making foundational governance work just as important as the tools themselves.
Former Texas CISO On What Agencies Want From AI Vendors
What to Know:
- Nancy Rainosek recently spoke on a webinar, saying Texas agencies want AI vendors to lead with visibility, governance and control rather than broad transformation claims.
- Shadow AI and data exposure remain top concerns, creating demand for safer internal tools, stronger controls and secure deployment models.
- Winning vendors will need to show practical results, fit within Texas compliance requirements and address stakeholders beyond the security office alone.
