Here's the tension every CISO is feeling right now: Boards and the C-suite are pushing teams to move faster on AI, but Security’s mandate is to prevent breaches and secure sensitive data—and the AI-innovation-at-any-cost mentality can fly in the face of this duty.
The drive for efficiency (and pressure from the top) is leading employees to spin up AI agents and bring in a host of new AI tools—whether your organization has approved them for use or not. "Employees are going to do what they can to make their job more efficient," observes Matt Immler, Regional CSO at Okta, in a recent conversation for our Executive Exchange series. For CISOs, the prevalence of shadow AI can make visibility feel out of reach. Which AI tools and agents are already in your environment, what can they access, and how do you bring them under governance before something bad happens?
To secure the agentic enterprise, Immler argues we must shift our governance mindset, treating AI identities as "first-class identities" and integrating them into existing human-centric frameworks. He recommends focusing on:
AI agent governance: AI agents require the same level of governance as humans. Bring AI agents into your directory, and assign every AI agent a human manager responsible for its data access, scopes, and decisions.
Human in the loop: Keep a human in charge of the big decisions. No agent should cut a $10 million check, approve a hire, or make critical operational decisions without a human giving it the go-ahead.
Standardization: Push software vendors to adopt emerging standards like the Cross App Access Oauth extension to bring control back to IT and Security teams.
Watch the full Executive Exchange video above to learn more from Matt Immler on how AI is shifting the threat landscape, the risks posed by shadow AI, and how CISOs should think about identity governance.
