The New CIO Playbook: Defense and Offense in the Age of AI

As generative AI moves from hype to operational reality, enterprise leaders face a critical challenge: how to deploy cutting-edge technology without compromising security, stability, or regulatory compliance. In a recent interview with MIT Sloan Management Review, Liberty Mutual’s Global CIO Monica Caldas outlines a pragmatic framework that is gaining traction among Fortune 500 technology executives.

Caldas, a 2025 MIT Sloan CIO Leadership Award recipient, argues that the traditional CIO role must be viewed through two simultaneous lenses: defense (protecting data, ensuring system stability) and offense (building new features, enabling business growth). This dual mandate is particularly relevant in heavily regulated industries like insurance, where the cost of failure is high and the pressure to innovate is relentless.

CIO balancing AI innovation and risk management strategy Professional Insight Visual

Key Takeaways from Liberty Mutual’s GenAI Strategy

Liberty Mutual’s approach to generative AI is structured, risk-aware, and results-oriented. Here are the core elements:

  • Responsible AI Steering Committee: Established early to map risks, set governance rules, and ensure compliance before any large-scale deployment.
  • Mandatory Employee Training: All users must complete training on AI risks (hallucinations, bias, data leakage) before accessing tools.
  • Internal AI Agent 'Libby': Deployed in the help desk, Libby connects to the knowledge base and predicts employee issues, automating manual workflows and freeing up staff for backlog tasks.
  • 35% of Software Development Lifecycle Enhanced: GenAI is used to support engineers, with senior developers gaining the most productivity. Junior engineers require additional mentoring.
  • Modernization First: Caldas warns against using GenAI to simply translate legacy code (e.g., COBOL to Java) without modern architecture—calling the result 'Jobol.' The technology is not a magic wand; it requires robust nonfunctional requirements like security protocols.

Data analysis and AI deployment in enterprise Business Concept Image

Defense and Offense in Practice: A Balanced Scorecard

Caldas’ framework translates into concrete metrics and actions. The table below summarizes how Liberty Mutual balances risk and innovation:

AreaDefense (Risk Management)Offense (Innovation)
Data GovernanceSecure, stable systems; data access controlsEnable rapid access to structured/unstructured data for AI models
AI DeploymentResponsible AI committee; employee training; hallucination monitoringInternal agent Libby; GenAI-assisted code generation
Talent DevelopmentMentoring junior engineers on AI risksUpskilling senior engineers to accelerate development
Legacy SystemsRetire or clean up obsolete technologyModernize architecture before applying GenAI

The message is clear: you cannot effectively play offense without first earning the right through strong defense. As Caldas puts it, “If you don’t have secure, stable systems, you have not earned the right to deploy new technologies quickly.”

Cloud and legacy system modernization with generative AI Global Biz Background

Analyst’s View: What Enterprise Leaders Should Do Now

Caldas’ interview offers a rare, practical blueprint for CIOs and CTOs navigating the GenAI wave. The key insight is that productivity is multidimensional—it’s not just about doing more, but about improving quality, decision speed, and customer outcomes.

Two Immediate Action Items for Your Organization:

  1. Establish a Governance-First AI Committee: Before any pilot, create a cross-functional steering group that includes legal, compliance, security, and business leaders. This committee should define acceptable use cases, risk thresholds, and escalation paths. For a deeper look at how to structure leadership conversations around new technology, see our guide on transforming your listening tour into a strategic leadership tool.

  2. Audit Your Modernization Backlog: GenAI will amplify the weaknesses of legacy systems. Identify the top 10% of technical debt items that block AI adoption, and create a phased modernization roadmap. Don’t try to “lift and shift” old code—rebuild with modern architecture to fully capture GenAI’s value. For broader context on the shifting AI landscape, read AI Trends 2026: The Bubble Deflates, The Era of Pragmatism Begins.

The bottom line: In 2026, the winning enterprises will be those that integrate defense and offense with equal rigor. Caldas’ framework is a masterclass in doing just that.

This content was drafted using AI tools based on reliable sources, and has been reviewed by our editorial team before publication. It is not intended to replace professional advice.