It must start with making sure the environment / organization that is implementing the new technology has their existing environment at a level of security maturity that senior leadership (and the board) have a strong metrics based assurance that security is operating in the best condition possible. Next is making sure the supply chain of the new technology is held accountable (contract to monitoring to verification / validation) throughout the lifecycle of the technology's use in the environment. Lastly, making sure every field of the data used / produced by the new technology is accessible based on a strict principle of least privilege including anonymization/tokenization, by default.