When AI Acts on Its Own, You Need Guardrails
After communicating with cybersecurity folks across the world, I thought I had heard most takes on AI risk. Then I started asking specifically about agentic AI governance, and smart people, some people who work in this space on a regular basis, told me handful of guardrails would do it. I kept waiting for the punchline. It never came. I think most of us are still mentally treating agentic AI like generative AI, something that produces output for a human to review. Agentic AI does not wait for review. It acts. It calls APIs, queries databases, sends communications, moves data, spends money, and takes irreversible actions in your production environment, often before anyone realizes it has done so.
So I stopped debating and started mapping. I sat down and built what I am calling a starter list. Not a comprehensive one. Not a finished one. A starter list. I reached 20 control points across six domains and deliberately stopped, because the point is not the count. The risk in agentic AI does not live in any single control point. It lives in the seams between them. Every organization deploying agentic AI right now should be able to answer every one of these 20 points. Most cannot yet, and that is the conversation we need to be having. Save this list and hand this to your board, those that are in charge of risk or agentic AI security.
