At RSAC 2025, a presenter pulled up a live dashboard of "users" logged into a company's systems.Normal company. Could've been yours.
60% of those users weren't human. They were AI agents. Making decisions. Moving money. Talking to customers.
The presenter clicked on one of them. In the last 24 hours it had processed 900 customer tickets, made 56 pricing decisions, and accessed customer data more than 1,200 times.All without human review. And nobody in that company knew.I've been thinking about that dashboard ever since. Because what that presenter showed wasn't a cautionary tale about a reckless company. It was a normal company doing what most companies are doing right now: deploying AI agents faster than anyone can track them.86% of AI agents are deployed without security approval (Gravitee, February 2026, n=919). Most organizations can't tell you how many agents are running inside their environment, let alone what those agents are authorized to do.
The 1% Problem
Here's what I keep telling business leaders who ask me whether they should be worried about AI agents.
These agents are making brilliant decisions 99% of the time. That's not the problem. The problem is the 1%.
That's when your inventory agent orders lipsticks instead of bicycle wheels because a supplier description was ambiguous. That's when your pricing agent starts giving 90% discounts to anyone who mentions a competitor in a chat window, because that's what it learned closes deals. Both of those have happened. In production. At real companies.The agents weren't broken. They were doing exactly what they were designed to do. Nobody had defined what a bad decision looked like before deployment. Nobody had built a way to catch it in real time.That's a governance problem, not a technology problem. And it's the problem I wrote Agentic AI + Zero Trust to solve.
Why This Is Harder Than It Looks
Some orgs are deploying more agents than their competitors, faster. Because they built the governance layer first.Before any agent goes live they answer four questions in writing: who owns it, what it can do, what counts as failure, and how to shut it down. Thirty minutes. Written down. That's it.
The Agentic Trust Framework, published through the Cloud Security Alliance, was built around exactly those four questions.The ones getting it wrong are the ones who went straight from demo to full autonomy. Impressive pilot, no governance, and then one day someone's explaining a pricing disaster to the board."Move fast and break things" worked when humans reviewed decisions before they shipped. It breaks your business when agents can make a million decisions per second without review.
What's Already Running in Your Environment
If you haven't done an AI agent inventory recently, here's a reasonable assumption: you have agents running that you don't know about.Your marketing team's content generator. Your sales team's meeting scheduler. The customer service tool someone spun up six months ago because the approved option had a three-week wait. All of them have access to your systems. Most of them have no documented owner, no scope definition, and no kill switch.Token Security found 600 ungoverned agents inside a single Fortune 500 company in a 24-hour scan at RSAC 2026. 93% of organizations have experienced shadow AI incidents (Komprise, 2025).The place to start is simple.
Ask your IT lead, your engineering lead, and two business unit heads the same question separately, before they compare notes: "What AI agents or automations are running in our environment right now, and what systems do they have access to?" You'll get different answers. That gap is your starting point.Not sure where your organization stands? The free AI agent assessment at verifiedagents.ai takes 10 minutes and maps your governance gaps against ATF's five elements.
About the Book
I wrote Agentic AI + Zero Trust: A Guide for Business Leaders because that RSAC dashboard kept bothering me. Not because what it showed was unusual. Because nobody in the room seemed surprised.The book covers four things I get asked about constantly.Why the Pentagon committed $800 million to the same AI agent technology most business leaders are still nervous about, and what they understood that most organizations don't yet.
The 90-day playbook that took one company from zero to 50 secure agents in production, with governance built in from day one.How to find the AI agents already running inside your organization. Most leaders find at least five they didn't know about.Why "move fast and break things" becomes catastrophic when agents operate at machine speed, and what to build instead.John Kindervag, who created Zero Trust, wrote the foreword.
Michelle Savage, who leads content design at PayPal, co-authored it with me specifically so it wouldn't read like a security manual. It's written for business leaders, not practitioners.Pre-order link is in the comments below.
Frequently Asked Questions
How many AI agents are running in a typical company without anyone knowing? Token Security found 600 ungoverned AI agents inside a single Fortune 500 company in a 24-hour discovery scan at RSAC 2026. 86% of AI agents are deployed without security approval (Gravitee, February 2026). Most organizations don't have a complete inventory of what's running inside their own environment.
What is the 1% problem with AI agents? AI agents make correct decisions the vast majority of the time. The failure mode isn't constant errors. It's rare but consequential mistakes: an inventory agent ordering the wrong product because a supplier description was ambiguous, a pricing agent giving 90% discounts based on a pattern it learned, a customer service agent making a commitment nobody approved. These happen because failure criteria were never defined before deployment.
What is the Agentic Trust Framework? The Agentic Trust Framework (ATF) is a free, open governance standard published by the Cloud Security Alliance in February 2026. It covers five elements: identity, behavioral monitoring, data governance, segmentation, and incident response for AI agents. Microsoft's engineering team built their Agent Governance Toolkit against it 30 days after publication. Full spec at agentictrustframework.ai.
What four questions should every AI agent answer before deployment? Who owns this agent? What specifically is it allowed to do? What does failure look like? And who can shut it down, and how fast? These four questions, answered in writing, take about 30 minutes per agent and are the minimum governance before any ag vbcb vvvzent touches a production system.
What is Agentic AI + Zero Trust? Agentic AI + Zero Trust: A Guide for Business Leaders is a book by Josh Woodruff and Michelle Savage, with a foreword by John Kindervag, creator of Zero Trust. It covers how to deploy AI agents securely at scale, why governance matters more than the technology, and how to build the human layer around autonomous systems that most deployments skip.
Why did the Pentagon invest $800 million in AI agents? The Department of Defense committed $800 million to agentic AI because autonomous agents operating at machine speed provide decision advantages that human-paced processes can't match. The investment signals institutional confidence in the technology itself. The governance question, what the agents are authorized to do and how they're controlled, is what most organizations haven't answered yet.
AUTHOR BIOJosh Woodruff is the Founder and CEO of MassiveScale.AI. Creator of the Agentic Trust Framework, published by the Cloud Security Alliance and implemented by Microsoft. CSA Research Fellow. Co-leads the CSA Zero Trust Working Group. IANS Faculty. RSAC 2026 speaker. Author of Agentic AI + Zero Trust (foreword by John Kindervag, creator of Zero Trust).