As artificial intelligence systems grow more autonomous and capable of independent action, corporate boards are discovering that traditional cybersecurity and risk management frameworks no longer provide adequate protection. The emergence of agentic AI, which can reason and act independently with minimal human oversight, has fundamentally changed the threat landscape. Unlike earlier AI technologies, these systems can compound failures across multiple steps, creating risks that escalate faster than boards can respond .

The scale of AI adoption is staggering. OpenAI's ChatGPT grew from 358 million to 810 million monthly active users in 2025 alone, making generative AI ubiquitous across organizations. This rapid expansion has attracted the attention of nation-state and criminal adversaries who are actively bypassing safety guardrails and weaponizing AI to automate cyberattacks .

What Makes Agentic AI Systems Different From Traditional Software?

Agentic AI systems represent a departure from conventional software in a critical way: they don't just process information and return results. Instead, they reason about problems, make decisions, and execute actions independently. This autonomy introduces a new category of risk that traditional governance frameworks were never designed to address. When something goes wrong in an agentic system, the failure can cascade across multiple steps before a human even realizes there's a problem .

The challenge is compounded by the fact that AI systems themselves have become targets. Defending AI assets is more complex than protecting traditional software, and the potential impact of a successful attack is far more consequential. New open-source agentic projects, such as Moltbook, a social network for AI agents, have emerged with seemingly little focus on security considerations, raising alarms among governance experts .

Why Current AI Governance Frameworks Fall Short?

Boards typically rely on established frameworks and regulatory guidance to shape their security programs. However, the guidance available for AI governance is frustratingly vague. While frameworks like NIST AI Risk Management Framework and ISO standards exist, they express trustworthy AI properties in abstract language designed to maintain flexibility. For example, NIST guidance states that "test sets, metrics and details about the tools used during testing and evaluation are documented" without specifying what metrics should actually be measured or how to audit them at runtime .

The regulatory environment compounds this uncertainty. State governments across the United States are considering or have already passed dozens of laws affecting AI development and deployment. California and New York have recently enacted AI safety legislation requiring frontier model developers to conduct risk assessments, establish safety safeguards, and report incidents. Meanwhile, President Trump issued Executive Order 14179, which seeks to preempt state-level AI laws, creating potential conflicts that leave much unresolved .

International guidance is beginning to fill some gaps. Singapore's January 2026 Model AI Governance Framework for Agentic AI provides lifecycle guidance specifically tailored to agentic systems, offering more concrete direction than many existing frameworks .

How to Build a Defensible AI Security Program

Despite the complexity, experts argue that managing AI risk is far from futile. The key is implementing strong governance, risk, and compliance (GRC) discipline that enables innovation while keeping risk at acceptable levels. Successful programs share three core components:

• Risk-Based Flexibility: Evaluate the specific properties of each AI system to define appropriate controls, rather than applying one-size-fits-all security measures across all use cases.
• Comprehensive Safeguards: Implement adaptable security capabilities, phased deployment strategies, and resilience measures designed to function when failures occur.
• Continuous Assurance: Verify that AI systems operate as intended both during development and at runtime, using automated monitoring paired with human oversight at critical decision points.

The most effective programs embrace automation, whether AI-enabled or otherwise, while explicitly preserving certain functions for human decision-making. This hybrid approach is essential in scenarios requiring value judgments about risk appetite, critical thinking about how to weigh competing factors, empathy when responding to customer incidents, and accountability incentives .

Where Human Judgment Must Remain in the Loop

Boards must recognize that not every decision can or should be automated. Humans need to retain control over decisions that involve subjective judgment, complex reasoning, emotional intelligence, or accountability. This includes signing off on risk ratings and tolerance levels, determining whether operations remain within acceptable risk boundaries, approving testing and remediation plans, weighing tradeoffs between safety and usability, and managing response to incidents affecting users .

The first practical step is achieving comprehensive visibility into all AI usage across the organization. Technology can automate the discovery and inventory of AI systems, but humans must sign off on whether that visibility is adequate. From there, different use cases require different security and safety approaches, much like how doctors diagnose specific health risks before prioritizing treatments and diagnostics .

As agentic AI systems become more powerful and more prevalent, boards that wait for perfect regulatory clarity or universally accepted standards will find themselves perpetually behind. The organizations that succeed will be those that implement disciplined governance now, combining automated safeguards with strategic human oversight, while remaining flexible enough to adapt as the threat landscape and regulatory environment continue to shift.