To avoid being overwhelmed by AI risk, enterprises should categorize threats into four distinct buckets: 1) AI in your product, 2) internal employee use, 3) AI in vendor tools, and 4) malicious use by bad actors. This framework allows for targeted, practical solutions for each category.

Relying on human-in-the-loop for every agent anomaly is unscalable. An effective governance model uses automation and agent 'interrogation' to resolve low and medium-risk issues. Human oversight is reserved exclusively for critical incidents, preventing security teams from being overwhelmed.

For CISOs adopting agentic AI, the most practical first step is to frame it as an insider risk problem. This involves assigning agents persistent identities (like Slack or email accounts) and applying rigorous access control and privilege management, similar to onboarding a human employee.

When creating AI governance, differentiate based on risk. High-risk actions, like uploading sensitive company data into a public model, require rigid, enforceable "policies." Lower-risk, judgment-based areas, like when to disclose AI use in an email, are better suited for flexible "guidelines" that allow for autonomy.

Instead of reacting to unsanctioned tool usage, forward-thinking organizations create formal AI councils. These cross-functional groups (risk, privacy, IT, business lines) establish a proactive process for dialogue and evaluation, addressing governance issues before tools become deeply embedded.

Similar to "Shadow IT," employees are using powerful, unmanaged AI agent tools without corporate oversight. These "shadow agents" can gain the same system access as a powerful employee but without any identity, limits, or oversight, creating a significant and often invisible risk for CISOs and CTOs.

To manage the complexity and risk of AI agents, companies should adopt a centralized model. Rather than allowing individuals to build agents freely, a dedicated internal team should build, govern, and distribute a suite of approved agents to departments, ensuring consistency and control.

Securing AI agents requires extending the concept of 'least privilege' (access to data) to 'least agency' (scope of autonomous actions). This OWSAP-coined term means an agent should only be granted the minimum capability to perform its function, constraining its potential 'blast radius' if compromised.

Governing individual agents in isolation is insufficient. When multiple agents interact, organizations must implement fleet-level policies that oversee their interactions and handoffs. This approach is critical for preventing emergent risks, like violating segregation of duties, which can occur even when each agent is performing its individual task correctly.