1
00:00:06,000 --> 00:00:10,239
AI is evolving at an unprecedented pace.

2
00:00:10,239 --> 00:00:14,579
And we're entering into a new frontier, agentic AI.

3
00:00:14,579 --> 00:00:18,040
These aren't just chatbots or recommendation engines.

4
00:00:18,040 --> 00:00:25,260
These are AI systems that can set goals, make decisions, and take actions autonomously.

5
00:00:25,260 --> 00:00:31,399
This shift brings massive opportunities, automating complex workflows, accelerating innovation,

6
00:00:31,399 --> 00:00:33,680
but also introduces serious risks.

7
00:00:33,680 --> 00:00:37,279
What happens when AI makes decisions without human oversight?

8
00:00:37,279 --> 00:00:40,759
How do we govern AI that thinks and acts for itself?

9
00:00:40,759 --> 00:00:43,159
And that's exactly what we're here to discuss.

10
00:00:43,159 --> 00:00:48,360
Let's start with why agentic AI is different from traditional AI.

11
00:00:48,360 --> 00:00:53,520
Unlike classical machine learning models, which respond to predictive inputs and produce

12
00:00:53,520 --> 00:01:01,500
expected outputs, agentic AI takes the output from one AI model and actually uses it as

13
00:01:01,500 --> 00:01:04,559
the input for another AI model.

14
00:01:04,559 --> 00:01:11,160
There are four key characteristics, all that stem from autonomy, which amplifies various

15
00:01:11,160 --> 00:01:12,720
new forms of risk.

16
00:01:12,720 --> 00:01:15,599
First, there's underspecification.

17
00:01:15,599 --> 00:01:21,760
The AI is given a broad goal, but no explicit instructions on how to actually achieve it.

18
00:01:21,760 --> 00:01:23,120
Long-term planning.

19
00:01:23,120 --> 00:01:27,160
These models make decisions that build on the previous ones.

20
00:01:27,160 --> 00:01:28,879
Goal directedness.

21
00:01:28,879 --> 00:01:33,440
Instead of simply responding to the inputs, they work towards a goal.

22
00:01:33,440 --> 00:01:35,959
And then there's directedness of impact.

23
00:01:35,959 --> 00:01:41,680
Some of these systems operate without any human in the loop.

24
00:01:41,680 --> 00:01:54,559
So what I want you to remember is that autonomy itself is equal to increased risk.

25
00:01:54,559 --> 00:01:59,559
And I'm going to put three exclamation points.

26
00:01:59,559 --> 00:02:01,080
And that's the issue.

27
00:02:01,080 --> 00:02:09,800
As autonomy increases, so do risks like misinformation, decision-making errors, and security vulnerabilities.

28
00:02:09,800 --> 00:02:14,919
Many organizations are still catching up with the generative AI risks.

29
00:02:14,919 --> 00:02:18,000
And agentic AI just amplifies them.

30
00:02:18,000 --> 00:02:24,559
Note, with outcomes like these, there are even fewer humans in the loop, fewer domain

31
00:02:24,559 --> 00:02:27,399
experts making course corrections.

32
00:02:27,399 --> 00:02:32,720
Look, we don't have time to define each and every one of these risks for you.

33
00:02:32,720 --> 00:02:38,000
We could record a show on each and every single one of them, but we do want you to see this

34
00:02:38,000 --> 00:02:45,080
impressive list of risks that are amplified or net new with agentic AI, because we want

35
00:02:45,080 --> 00:02:50,639
you to understand why governance is so critical.

36
00:02:50,639 --> 00:02:53,759
Now let's talk about how we actually govern this technology.

37
00:02:53,759 --> 00:02:58,039
Effective governance for agentic AI requires a multilayered approach covering technical

38
00:02:58,039 --> 00:03:01,199
safeguards, guardrails like interruptibility.

39
00:03:01,199 --> 00:03:06,240
Can we pause or shut down specific requests or even the entire system?

40
00:03:06,240 --> 00:03:07,440
Human in the loop.

41
00:03:07,440 --> 00:03:10,119
When does AI require human approval?

42
00:03:10,119 --> 00:03:13,160
Is the agent able to stop and wait for that input?

43
00:03:13,160 --> 00:03:14,880
And confidential data treatment.

44
00:03:14,880 --> 00:03:20,479
Do we have the adequate data sanitation like PII detection and masking to avoid a sensitive

45
00:03:20,479 --> 00:03:22,240
information disclosure?

46
00:03:22,240 --> 00:03:27,279
Additionally, we have process controls, things like risk-based permissions.

47
00:03:27,279 --> 00:03:30,160
What actions should AI never take autonomously?

48
00:03:30,160 --> 00:03:31,440
Auditability.

49
00:03:31,440 --> 00:03:36,039
If an AI arrives at a decision, can we trace back to how it made that choice?

50
00:03:36,039 --> 00:03:40,960
In monitoring and evaluation, AI performance needs constant oversight.

51
00:03:40,960 --> 00:03:44,740
And lastly, accountability and organizational structures.

52
00:03:44,740 --> 00:03:48,880
Who takes responsibility when AI decisions lead to harm?

53
00:03:48,880 --> 00:03:51,759
What regulations apply to your AI use cases?

54
00:03:51,759 --> 00:04:00,160
And how do we hold our vendors accountable for the AI's behavior?

55
00:04:00,160 --> 00:04:02,720
Now let's dive into the technical safeguards.

56
00:04:02,720 --> 00:04:06,880
Any organization deploying agentic AI needs guardrails at each of the main components

57
00:04:06,880 --> 00:04:08,119
of an agent.

58
00:04:08,119 --> 00:04:14,240
The first one being at the model layer.

59
00:04:14,240 --> 00:04:18,160
This is to check for bad actors who are trying to have the agent take actions that are not

60
00:04:18,160 --> 00:04:21,920
aligned with your organizational's policies or guidelines.

61
00:04:21,920 --> 00:04:24,239
Or even human ethical values.

62
00:04:24,239 --> 00:04:25,239
Absolutely.

63
00:04:25,239 --> 00:04:30,239
The next layer is the orchestration layer.

64
00:04:30,239 --> 00:04:33,679
Here you're going to want to have infinite loop detection to not only maintain an enjoyable

65
00:04:33,679 --> 00:04:37,440
user experience, but to avoid very costly failures.

66
00:04:37,440 --> 00:04:45,239
Then at the tool layer, we're going to want to make sure we limit each tool for a specific

67
00:04:45,239 --> 00:04:49,820
agent to give them the appropriate usage and not go outside of their predefined areas.

68
00:04:49,820 --> 00:04:52,359
And we do that via role-based access control.

69
00:04:52,359 --> 00:04:54,299
How do we know all of this fits together?

70
00:04:54,299 --> 00:04:58,959
We need to rigorously test the system.

71
00:04:58,959 --> 00:05:03,200
We highly recommend red teaming so we can expose any vulnerabilities before we get to

72
00:05:03,200 --> 00:05:04,200
deployment.

73
00:05:04,200 --> 00:05:07,600
And once we do get to that deployment, we want to make sure that we are continuously

74
00:05:07,600 --> 00:05:12,279
monitoring.

75
00:05:12,279 --> 00:05:17,600
So that we have automated evaluations to understand if we have any hallucinations or compliance

76
00:05:17,600 --> 00:05:19,040
violations.

77
00:05:19,040 --> 00:05:24,200
The most successful organizations are already leveraging advanced tools and frameworks to

78
00:05:24,200 --> 00:05:28,000
ensure safe and effective AI deployment.

79
00:05:28,040 --> 00:05:37,000
These include models and guardrails designed to detect and mitigate risks in AI-generated

80
00:05:37,000 --> 00:05:45,119
prompts and responses, agent orchestration frameworks that enable the safe coordination

81
00:05:45,119 --> 00:05:56,320
of workflows across multiple AI systems, security-focused guardrails that help enforce policies and protect

82
00:05:56,320 --> 00:06:04,519
sensitive data during interactions, and observability solutions that provide insights into system

83
00:06:04,519 --> 00:06:11,600
behavior, helping teams monitor and understand what's actually happening underneath the hood.

84
00:06:11,600 --> 00:06:13,959
Agentic AI is here.

85
00:06:13,959 --> 00:06:15,220
It's powerful.

86
00:06:15,220 --> 00:06:16,399
It's evolving fast.

87
00:06:16,399 --> 00:06:24,200
And organizations that don't take governance seriously today will regret it tomorrow.

88
00:06:24,200 --> 00:06:26,480
And governance is not just about security.

89
00:06:26,480 --> 00:06:27,480
It's about control.

90
00:06:27,480 --> 00:06:32,239
AI should empower organizations, not create unmanaged risks.

91
00:06:32,239 --> 00:06:35,600
So here's our challenge to you.

92
00:06:35,600 --> 00:06:42,239
Before you let AI act on your behalf, make certain you have the right guardrails in place.

93
00:06:42,239 --> 00:06:47,920
Because in the age of agentic AI, responsibility doesn't just fall on the machine, it falls

94
00:06:47,920 --> 00:06:48,760
on us.