Deploy autonomy without losing control
Agentic AI is moving from pilots to production, promising sweeping automation while expanding the enterprise attack surface. We map the risks, controls, and governance moves CISOs need now to scale autonomy with accountability. The message is simple: build guardrails first, then go faster.
Points clés
- Gartner named agentic AI the top strategic technology trend for 2025.
- By 2028, agentic AI could automate 15% of routine decision‑making and be embedded in a third of enterprise applications.
- In early 2024, a Gartner survey of 345 senior risk executives identified malicious AI‑driven activity and misinformation as the top emerging threats.
- By 2029, agentic AI may autonomously resolve up to 80% of common customer service issues, cutting costs by up to 30%.
- Agentic AI adds an LLM‑driven reasoning layer between perception and action, enabling tool selection, data queries, and multi‑step planning.
- Microsoft announced security copilot agents with previews in April 2025; Intune‑based remediation agents will prioritize vulnerability fixes across endpoints.
- OWASP’s 2025 guidance for AI agents highlights threats including data exfiltration, unauthorized code execution, and agent hijacking.
- Around 90% of current agent use cases rely on low‑code platforms, expanding supply‑chain exposure through third‑party components.
- Core controls include activity mapping with immutable audit trails, AI filtering (keyword, LLM‑as‑judge, classification), human‑in‑the‑loop, and IAM for non‑human identities with JEA/JIT and real‑time anomaly detection.
- CISOs face added regulatory pressure from DORA, NIS 2, and the AI Act; this guidance is authored by Pierre Aubret and Paul Florentin at Wavestone, with support from Leina Hatch.
À retenir
Start small, map everything, and give your agents less power than your intern—at least until the audits pass. Add human checkpoints where the blast radius is big, teach your teams what “agent hijacking” is (no, not a spy movie), and red team like your budget depends on it. Do this, and you can enjoy the automation gains without the “oops, the bot did it” headlines.
Sources
