56% of employees use generative AI at work, but only 26% say their organization regulates the practice (source: Conference Board). The result: data leakage, circumvention of security policies, and regulatory risk. The DeepSeek affair reminds us that, beyond security, it is also a question of digital sovereignty. Who controls the tools we integrate on a daily basis? Rather than resisting the tide and trying to block requests, CISOs must accompany and facilitate this technological revolution. How to prevent leaks? How do you ensure compliance? How can we prevent the growing technological dependence on a single supplier?