The Part Nobody Talks About When They Talk About AI Agents

Every company wants to deploy AI agents. Almost none of them are ready for what comes next.

There's a version of the AI agent conversation that happens in boardrooms and on earnings calls — the one about productivity gains, automation potential, and competitive advantage. It's an exciting conversation. It's also, increasingly, an incomplete one.

Because the other conversation — the one happening in the offices of CISOs, security architects, and enterprise risk teams — sounds very different. It sounds like: how do we give AI systems access to the data they need to be useful, without giving them access to the data that would be catastrophic if it leaked, got misused, or ended up in the wrong prompt context?

That's not a theoretical question anymore. It's the question that determines whether an organization's AI ambitions survive contact with reality.

The Gap Between Ambition and Readiness

Here's what's actually happening in enterprise AI right now: companies are deploying AI agents at a pace that has outrun the governance frameworks designed to manage them.

The agents themselves are becoming genuinely capable. They can search internal knowledge bases, execute multi-step workflows, connect to live business systems, and act autonomously on behalf of employees and customers. That capability is the point — it's why organizations are investing heavily in agentic AI.

But capability without control is risk. And the specific risks that come with AI agents aren't quite like any security challenges that came before them.

Traditional security models were built around human actors taking deliberate actions. An employee accesses a file. A user sends a message. A process writes to a database. The actions are discrete, traceable, and governed by permission models that were designed with humans in mind.

AI agents break that model in at least three important ways.

First, scope creep is architectural, not accidental. An agent designed to answer employee questions about HR policy might, in the course of answering a question, traverse internal databases, email archives, and communication platforms — not because it's behaving badly, but because that's what it was built to do. The scope of data access required for an agent to be genuinely useful is often dramatically larger than organizations anticipate when they first deploy it.

Second, the attack surface includes the prompt layer. Prompt injection — where malicious content in data that an agent processes attempts to hijack the agent's behavior — is a class of vulnerability that has no direct analog in traditional software security. Your agent reads a document. That document contains hidden instructions. Now your agent is doing something its operators never intended. This isn't hypothetical; it's been demonstrated in real deployments.

Third, agents act at machine speed. A human who accidentally accesses sensitive data can be stopped. An AI agent that's been misdirected — by a bad configuration, a compromised prompt, or an overly broad permission scope — can exfiltrate, process, or share sensitive information orders of magnitude faster than any human could. The window between "something is wrong" and "significant damage is done" is compressed dramatically.

Why Governance Frameworks Tend to Lag Deployment

There's a structural reason the security conversation tends to follow the deployment conversation rather than precede it: the teams are different.

The people making AI deployment decisions are typically product teams, business unit leaders, and AI enthusiasts within the organization — people who are rightfully excited about what agents can do and who are measured on shipping capabilities and demonstrating value. Their incentive structure pushes toward deployment.

The people responsible for governance are security engineers, compliance officers, and risk managers — people whose job is to ask "what could go wrong?" and whose incentive structure pushes toward caution.

In most organizations, these two conversations happen sequentially rather than simultaneously. AI gets deployed. Security gets called in to audit what's already running. The audit reveals gaps. A retrofitting exercise begins.

That retrofitting process is inefficient, expensive, and often incomplete. Architectures that weren't designed for security governance from the start are genuinely harder to secure after the fact. Policies that weren't embedded in deployment decisions are genuinely harder to enforce retroactively. Data access permissions that were granted broadly to make agents useful are genuinely hard to narrow without breaking the functionality that people have come to depend on.

The organizations that avoid this pattern are the ones that find a way to run the deployment conversation and the governance conversation in parallel — treating security as a design constraint from the beginning rather than a compliance checkbox at the end.

What Real-World AI Agent Risk Actually Looks Like

Abstract frameworks are useful. But there's a particular kind of insight that only comes from organizations that have actually built, deployed, and operated AI agents in production — and then lived with the consequences of the security decisions they made along the way.

On March 12, Glean is hosting a virtual Security Showcase built around exactly that kind of insight. The event is designed to close the gap between where organizations aspire to be with AI agents and where their security posture actually is — and it's structured around the practical, deployment-grounded knowledge that the abstract frameworks tend to miss.

The centerpiece of the showcase is a fireside chat with Cvent's CIO and CISO — two executives who have been making real-world AI agent risk decisions together, inside a real organization, with real consequences attached to those decisions. The CIO/CISO dynamic is particularly instructive: these are two roles that often experience tension around AI deployment, because one is optimizing for capability and the other for risk. Hearing them discuss how they've navigated that tension in practice — what they agreed on, where they had to find compromise, what they would do differently — is the kind of conversation that maps directly onto what most enterprises are experiencing right now.

Beyond the fireside chat, Glean is releasing a new security framework specifically designed for governed AI agents at scale. Frameworks for AI governance have been proliferating, but most of them were developed at a level of abstraction that makes them difficult to operationalize. A framework designed explicitly for the scale and complexity of enterprise agent deployment — with the specificity required to translate into actual architectural decisions — is a genuinely useful contribution to a space that's been lacking in actionable guidance.

Three Problems the Showcase Is Built to Address

1. Agent controls that scale with deployment

One of the most common failure modes in enterprise AI security is the mismatch between control granularity and deployment scale. Controls that work fine for a single agent in a single department become unmanageable when you're running dozens of agents across the organization. The showcase will cover what it actually looks like to implement agent controls that don't require manual oversight of every action — controls that are embedded in the system architecture rather than bolted on as a layer of human review.

2. Data protection that doesn't cripple capability

There's a tension at the heart of enterprise AI that every security conversation eventually runs into: the data that makes AI agents most useful is often the most sensitive data in the organization. Customer information, financial records, internal communications, strategic documents — these are precisely what agents need to be able to reason about in order to provide meaningful value. A data protection strategy that simply restricts access to sensitive data solves the security problem by eliminating the business value. The showcase addresses how to build data protection that governs access contextually and intelligently — so agents can access what they need for legitimate tasks without creating blanket exposure.

3. Private-by-design deployment architecture

"Private AI" has become a marketing term that covers everything from moderately restricted cloud deployments to fully air-gapped on-premises systems. What it means in practice for enterprise AI agents — where the relevant definition has to account for regulatory requirements, data residency concerns, third-party model access, and organizational risk tolerance — is considerably more nuanced. The showcase will cover what private-by-design deployment actually looks like for agents operating in production, with the specificity required to make architectural decisions rather than just aspirational ones.

The Organizations That Will Get This Right

The enterprise AI landscape is going to diverge significantly over the next two to three years — not primarily on the basis of which organizations deploy the most capable models, but on the basis of which organizations build governance infrastructure that can sustain AI deployment at scale.

The organizations that get this right will share a few characteristics. They'll have found a way to make security a design partner in AI deployment rather than an audit function after deployment. They'll have frameworks for governing agents that scale with the number and complexity of agents they're running. They'll have solved the data access problem in a way that preserves both the value of AI and the protection of sensitive information. And they'll have built the internal expertise to manage a threat surface — the prompt injection attack surface, the agentic permission scope, the model behavior in edge cases — that didn't exist five years ago.

That's a meaningful capability advantage. And it compounds: organizations that build good governance infrastructure early can deploy more aggressively later, because they have the control architecture to manage the risk. Organizations that skip the governance work now will face an increasingly expensive retrofitting problem as their agent deployments grow.

Why March 12 Matters

There's a specific moment in the maturation of any significant technology where the conversation shifts from "should we do this?" to "how do we do this responsibly at scale?" For enterprise AI agents, that moment is now.

Glean's Security Showcase is positioned for exactly this inflection point — a practical, production-grounded event that gives security and AI leaders a blueprint for the governance work that has to happen if AI agent ambitions are going to translate into sustainable, secure deployment at enterprise scale.

The fireside chat, the new framework, and the deep-dive on agent controls, data protection, and private deployment aren't separate topics. They're three views of the same underlying challenge: how do you make AI agents as useful as they can be, without making them as risky as they could be?

That question deserves a serious answer. This looks like a serious attempt to provide one.

Final Thoughts

The AI agent era is already here. The agents are running, the workflows are automating, and the productivity gains are real. But the governance infrastructure required to make that sustainable at scale is still being built — in most organizations, still being designed.

The gap between where organizations are and where they need to be on AI agent security isn't going to close by itself. It's going to close because specific organizations make specific decisions to invest in the frameworks, the architectures, and the expertise that governed AI deployment requires.

March 12 is one opportunity to accelerate that work. Whether you're a CISO trying to get ahead of your organization's AI ambitions, an AI leader who needs security to be a strategic partner rather than a blocker, or an architect trying to figure out what private-by-design actually means in production — the conversation happening that day is one worth being part of.

Where is your organization in the AI agent governance journey — are security and AI teams running in parallel, or is governance still playing catch-up to deployment? The answer probably tells you more about your AI risk profile than any framework does.

Follow for more AI & tech coverage — no hype, just signal.