AI and agentic systems are being adopted at a far faster pace than any technologies that have come before. Business leaders are naturally excited about AI’s potential, but this accelerating momentum raises questions about how to deliver safe, secure, and tightly governed systems at enterprise scale.
In this new Peer Insights guide, seven senior security leaders share their recommendations for creating and maintaining AI practices that have enforceable boundaries and are secure by design. The guide provides real-world examples of and advice on how to tackle AI governance that you can apply in your organisation.
Guide Overview
Haider Pasha |
Introduction – It might feel like we’ve been here before, but frontier AI has changed the landscape The rapid development of AI and agentic systems has introduced new challenges for organisations concerning governance. Many business leaders assume that they can apply their previous experiences of ensuring cybersecurity and governance for new technologies, but AI is a different kind of paradigm and requires new thinking. Discover how to envision and plan a security framework in the era of frontier AI, and learn why building governance into these frameworks from the start is key. |
Christoph Hummel |
1. Harnessing data and corporate culture to reduce the new enterprise attack surface created by AI use AI has fundamentally changed the nature of the attack surface and it represents an entirely new form of cyber risk. Legacy security models such as identity management and firewalls – while still necessary – are insufficient to ensure strong cybersecurity and reliable governance for modern AI systems. New threats have emerged, particularly around data leakage. Learn how to identify, prevent, and mitigate the AI risk as the next enterprise attack surface, and explore the roles of data-driven decision making and corporate culture in shaping risk mitigation strategies. |
Amin Jerraya |
2. Governing autonomy: From models to agentic systems AI and autonomous systems are redefining enterprise risk. Using AI responsibly is an essential element of any governance discussion as there is risk in not deploying AI agents. In order to govern this new technology properly, business leaders need to ask themselves: Do we know what we don’t know? Discover the role of oversight in deploying governance agents, and understand how to balance these agents with ‘human-in-the-loop’ processes. |
Olivier Busolini |
3. AI guardrails, kill switches, and fail-safe designs: Governance with enforcement Organisations need to establish acceptable boundaries for AI and agentic systems usage but must also ensure those boundaries are respected and applied. This requires enforcement practices and protocols to work in real-world settings and well-established responsibility paths. Understand these in more detail and discover why organisations need an overarching governance architecture that breeds confidence across the enterprise. |
David Hayes
Chris Wigglesworth |
4. Redesigning accountability for an AI-driven organisation One of the biggest challenges with AI governance is identifying who is responsible for decision making. While role-based policy management, access controls, compliance frameworks, and governance models remain important components of cybersecurity accountability, they cannot provide the level of ownership, governance and protection needed when autonomous decisions are made at machine speed. Learn the importance of setting up the right accountability model, and the role of executives, board members, risk teams and IT organisations in assuming responsibility and governance of AI systems. |
Thomas Billaut |
5. Identity, privilege, and entitlement management in the AI era AI is changing the very nature of identity. Long-standing identity frameworks are centered on human approaches to human identities, but these approaches cannot match the speed and scale of agentic AI. Businesses and technical leaders need to learn how to manage virtual identities to maximise business benefits while minimising risk. Explore the importance of transparent AI usage, and gain concrete ideas on handling AI identity design, monitoring, and management. |
Key questions to ask and answer on governing enterprise-class AI and agentic systems
A practical conclusion for executive decision makers, designed to help you understand the right questions to ask, why they are important, and how CISOs, CTOs, and other AI builders should be prepared to respond.