CISSP Cyber Training Podcast - CISSP Training Program

CCT 353: AI Agent Governance Essentials - CISSP Practice Questions

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur Season 3 Episode 353

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 28:26

Send us Fan Mail

AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership.

We walk through what is driving the mess: board-level pressure, AI FOMO, and the dangerous habit of treating AI agents like old-school automation. Then we get concrete. We talk about why many enterprises still lack an inventory of AI agents, why traditional security tooling is tuned for human behaviour anomalies, and what it actually takes to be audit-ready. We cover practical governance frameworks like tiered autonomy, why observability is more than collecting output logs, and how to design decision-path tracing with execution records and decision logs you can act on.

To make it actionable for exam prep and day-to-day work, I close with CISSP-style practice questions on the exact scenarios you will face: detection gaps, human approval bottlenecks, least privilege for agents, proving decisions during audits, and architecting platforms that balance operational efficiency with risk management. If you are serious about passing, I also share how my CISSP Sprint cohort is structured to force momentum, including booking your exam date early.

Subscribe for weekly CISSP-focused training, share this with a teammate building AI workflows, and leave a review so more security pros can find the show. What part of AI agent governance is your biggest blind spot right now?

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Welcome And Podcast Mission

SPEAKER_00

Welcome to the CISP Cybertraining podcast. We provide you training and tools you need at the CSSP exam. Hi, my name is Sean Gerber. I'm your host for the podcast. Join me each week as I provide the information you need at the CISP exam and grow your cyber checker in the light. Alright.

SPEAKER_01

Good morning, everybody. It's Sean Gerber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is Thursday, and we are going to be getting into various aspects related to the CISSP exam that are tied to the questions associated with it. Today's gonna be questions are gonna be focused around some AI governance aspects and the whole governance process because I'm seeing more and more of this as an issue. But yeah, it's gonna be good. I'm gonna be super excited about that. And uh yes, from a personal note, I'm excited because today, this is almost the end of May. And for my wife's business using Kona Ice and Traveling Tom's coffee, it is almost over for the big, really busy month. This month is killer. So I'm pretty excited about that. But you're not here to listen to about traveling tom's coffee or Kona Ice. So let's get into what we're gonna talk about today.

Why AI Governance Matters Now

SPEAKER_01

Today is the question, the article is on CSO magazine. And you guys know I go to CSO quite a bit because I as we're trying to study for the CISSP, we want to have a CISO type of security leader mindset, is everything we deal with. And this is an aspect that is no different. So in CSO magazine, AI governance imperative you can't afford to ignore. And this is all part basically on their article from May 28th of 2026. So the article again is AI governance imperative you can't afford to ignore. And I want to break this down for you basically because it's at the intersection of AI risk, GRC, and security leadership. So, what are they getting into in this situation? Well, here's the core issue. Organizations across the board are deploying AI agents. And yeah, I get it, is a massive pressure from the board, the front office. Everybody's got the AI FOMO right now, right? Fear of missing out. So they want to just throw something out there and see how it works. But here's the thing: many of these organizations are deploying these agents with a zero, I mean a zilch, visibility, and these agents are actually in what they're

The Set It And Forget It Trap

SPEAKER_01

doing. There's no governance, there's no observability, and they just set it and forget it, which I've talked about numerous times on this podcast, is the set it and forget it mindset will get you in trouble completely. So this TJ Marlin, a CEO of AI security firm called Guardrail Technologies, which I like the name because it's actually you can pronounce it and it makes sense, uh, put it this way that he said it's not just set it and forget it like a crock pot. You don't put in the chicken in the in the morning and the chicken inside and come back at night and have a great dinner. And he's right. Organizations treating AI agents like a slow cooker or a pressure cooker are going to be the ones making front page news. And unfortunately, not for the right reasons, right? So part of the problem is that some of these IT leaders are comparing AI agents to robotic process automation, RPAs. Now, I don't know if you've dealt with that, and we've talked about this at CISSP Cyber Training, is that the RPAs is a very robotic type process. And I would say they're like pre-AI aspects back maybe 10 years ago. And AI agents had been a or processes had been a big part of many organizations. Well, and those were set up that once you set them up, you did just basically set them, forget them. That are trying to teach or basically make the same comparison with the AI agents. And these AI agents are not the same, they're very, very different. So these ones are making decisions, their reasoning, the output is not predictable in very much the same way. So I again I want to say that the RPAs and the AI agents are very different, but people are treating them very similar. So let's get into some of the data that really kind of drove this article home for me and why I was interested

Survey Data On Agent Blind Spots

SPEAKER_01

in it. So the company called True Foundry, they're an agent governance vendor, and they've served over or surveyed over 200 enterprise AI leaders, and here's what they found. So again, 200 AI leaders. 54% of organizations cannot fully trace what their AI agents are doing. Okay, so that's a huge deal. 54 cannot do not fully know what they're doing, and 56 have no centralized control or governance layer. That's 50%. And you're talking half of them. So more than half of the organizations are deploying agents they can't track, can't control, and that's a critical exposure failure. I mean, it truly is. So we would never accept this from a privileged access perspective. If you had accounts that had privileged access, you would not allow this to happen. But why are they accepting this from autonomous AI systems that are actually putting real actions into production systems? I mean, why? Why are we doing this? So here's where

Missing Inventories And SIEM Limits

SPEAKER_01

it gets interesting, right? So those professionals, a senior data and AI expert at Google makes the point that I think needs to be heard loud and clear. Most enterprises don't even have an inventory of what AI agents are running in their environment now. So I that I totally believe. They don't. They don't. And so think about that. If you can't govern what you don't even know exists, so put that all into perspective. Most of these folks have traditional tooling like SIMs, EDRs, these are all built in to look for human anomalies. They're looking for behavior patterns tied to a human activity. But the AI agent running these processes a 10,000 times in a row looks completely normal to those tools because they don't look like a human. So it's an important aspect, right? So this gap in security stack is where we as practitioners or we as security professionals need to start thinking about now, not after the incident. And I know we say that, but we really truly need to be involved in that at this

Frameworks For Scalable Agent Governance

SPEAKER_01

moment. So the part I liked about this article is it also brought in a few experts in this article on how are some very good practical frameworks you can use. So the first one is a tiered autonomy. It's basically compared to the financial system. The financial system does not run on trust, it runs on auditability, accountability, reconciliation, and the circuit breakers that are there, right? So it's it's built like that. AI agents need to mature in the same direction. You gotta have it. Really. Give them free reign on low stakes, routine tasks, but for anything of any consequence, you gotta put a human in the loop. You gotta have it. And that's so that's a big factor, right? Second is observability isn't logging. So Nvidia made a point that really stuck with me that the traditional software, you could read the code to understand what happened. With AI agents, the source of truth is in the traces, the execution records, the decision logs. But here's the key just collecting logs isn't enough, right? Because we all can collect logs until we're blue in the face. That doesn't change it. But you have to be able to act on that information. Observability without action is just an audit trail after the disaster and after you lose your job. So we don't want any of that, right? We want to make sure that we're saving the company and you're saving your meal ticket. That's an important part. Third, governance can't be a human rubber stamp on every output. So Ganesh from Box made this important point here where organizations trying to be safe defaulted to requiring a human to approve every single action. We know that that is not feasible. It just can't happen. So in theory, that sounds wonderful, but in practice, we all know that at scale this becomes your bottleneck and it just won't happen. So you've just rebuilt a manual process with extra steps, and that makes it even more challenging. So now what I see is Marcello Lozaretti, founder of legal AI firm called Savilex, nailed the ultimate standard that organizations should be held to. And again, lawyers know these things. They keep you out of trouble. Not every lawyer is one that you want to work with, but lawyers are an important part. He said the challenge isn't whether the agent produces a good answer. The real question is can your organization prove what the agent accessed? What instructions it followed, and what tools it invoked, what decisions it made, and where the human intervened. And then finally, whether it stayed within the authorized boundaries. So that's a point that he's making. Sounds logical, right? Well, if you don't do these things, you are going to be held liable. It's an important aspect. So if you can't answer those questions, you don't have governance. However, you do have hope, right? He recommends building a governance into the agent architecture itself. That means role-based access controls, policy-bound execution, approval thresholds, immutable key term, immutable, can't mess with them. That you have in place for it. So here's my takeaway for all of

Governance Built Into Agent Architecture

SPEAKER_01

you. This is especially important for those that are studying for the CISSP, CISM, GRC, or you're just, you know, a senior leader understanding how you should handle this. AI governance is not a future problem. It's not. You need to do deploy it now. You need to understand it. It's a right now problem. And organizations that get ahead of it are going to avoid the headlines that others are going to make. So again, from a CISP domain, right, one of the things you want to look at, this is the risk management and security operations and even some aspects around software development securities. These principles haven't changed. Least privilege, auditability, human oversight, policy enforcement, all of these are a big factor. And this is what changed the surface area, all of those pieces to it. So you need to be asking yourself this right now as a security leader and asking your teams. Do you have an inventory for your AI agents running in your environment? Do you have that? Where is that at? Do you have observability into what they're doing? Do we have governance that scales, not just checkbox processes? And I would be willing to bet a lot of people have the checkbox processes. I'm seeing it personally with different organizations that I'm working with. And it I can understand why, right? You get behind and you're like, what do I do? But the checkbox processes are going to bite you. So just kind of think about that. Okay, so that's all I have for that segment.

CISSP Sprint Cohort Invitation

SPEAKER_01

But before we get into the questions today, I wanted to briefly bring up to you do my CISSP cohort, right? This is an important part. So these questions and all this stuff is going to make your brain work harder than expected, right? That's a good sign. You're thinking at the right level. But here's the thing thinking hard in the moment is a very different from being prepared when you're sitting in the testing chair with that clock running for your CISSP exam. This is why I built the CISSP Sprint, right? This is Sprint, it's my eight-week live cohort that's designed and it's specifically for one purpose is to get you across the finish line and passing that doggone exam, right? Here's what makes the difference. This is a structured cohort that is designed specifically to help serious candidates, and they have live sessions with me directly. There's also a part in this in week one that I'm not gonna budge on that I think is an imperative for you to do this is that you pick a view, purchase some view exam date. Stop. Period dot. That's what you got to do. I've seen it a hundred times. When you don't have a date on the calendar, your studying never gets urgent enough, and we fix that on day one. Day one, you get you set it up and you book it. And because realistically, there's no reason to continue going if you're not gonna be serious about that. We cover all eight CISSP domains. We go through practice questions, hard ones. We break down the why and the answers, not just the what. By the time you walk into the testing center, you're not hoping you're ready. You know you're ready, right? So the next cohort kicks off July 7th, and I'm keeping it small. It's capped to 15 students because I want to make sure every person in that cohort gets the attention, the feedback, and the results for them, right? The early bird pricing is available right now. So if you've been on the fence, now's the time to do it before that ends. So head on over to CISSP Cybertraining.com. Go check it out and reserve your spot today. Okay, so let's get into the questions that we're gonna

Q1 Why SIEM Misses Agents

SPEAKER_01

go over today. Question one an organization has deployed multiple AI agents across its production environment. The security team notices that their SIM is not flagging any anomalies. Yet an internal review suggests one agent might may be operating outside its intended scope. What is the most likely reason traditional security tooling is failing to detect this? Okay, follows along with we talked about in our earlier session, but again, AI agents, what are they doing? What are they not doing? How are you watching this? So, answer is the SIM lacks sufficient storage capacity to capture agent activity. B, AI agents operate within the application later protocols that bypass network monitoring. B, SIM and EDR tools are designed to detect human behavior anomalies, not autonomous agent deviations. Or D, the agent is using encrypted channels that prevent deep packet inspection. Okay, so let's go through this. Again, their agents are not flagging in their SIM. So what should you do? What's the most likely reason the traditional security tooling is failing to detect this? So let's go over the questions or answers that are incorrect. The SIM lacks sufficient log storage capacity to capture agent activity. Now that would probably be something you'd want to check, again, depending on the size of the agents you have, but it's not the most likely reason for the traditional security tooling is failing. B, the AIA agents operate within the application layer protocols that bypass network monitoring. So that really doesn't fit with what we're trying to accomplish, at least when it comes to the SIM. We know that that is not true. They do operate in the application layer, but at the end of the day, that's not going to bypass your network monitoring, depending on how you have it in your SIM. So that is an incorrect answer. And then let's go D. The agent is using encrypted channels to prevent deep packet inspection. So the agents typically do not utilize encrypted channels to prevent that. I mean, I'm sure you can enable that to happen if you want the agent to be able to do something like that through IPsec tunnels or some sort of aspect that you want to encrypt that traffic, but that would just be an overhead that really is most not most likely not the reason behind it, right? That just that's a lot of extra work. So as you're breaking this down, which one would it be? Well, the answer would be C. The Sim and EDR tools are designed to detect human behavior and behavioral anomalies, not autonomous agent deviations. Right? So we talked about that. Executing thousands of actions perfectly looks normal to these tools because, again, they they don't look like a human. So this functional detection gap, and it's not a storage encryption or protocol issue. It's specifically around the fact that the SIMs and the EDRs are looking at people. They were designed for systems that were around, you know, people dealing with this stuff 10 years ago. And that's when these SIMs were created, and that's when their logic was created. So all this new technology is beyond them in many cases. I know a lot of different tools are working hard to get ahead, come back, and try to get caught up in all this, but they're still behind the power curve, which we talk about a lot.

Q2 Human Approval Bottleneck

SPEAKER_01

Question two A CISO is designing an AI agent governance framework. The team proposes requiring human approval for every agent output to maximize safety. A senior architect pushes back. Ooh, pushback. Yes. From a risk management perspective, what is the primary concern with this approach? Okay, so you had a CISO designing an AI agent governance framework. The team proposes requiring human approval. So each person, you must have someone approve it after every agent output to maximize safety. The architect, the senior architect, says, no way, that's not gonna happen. So from a risk management perspective, what primary concern with what's the primary concern with this approach? A, it violates the principle of least privilege by giving humans too much visibility into agent decisions. B, it creates governance bottleneck that eliminates scalability while providing only the illusion of control. C, it introduces legal liability because humans' approvers become accountable to all agent, and then D, it conflicts with NIST AI RMF requirements for autonomous system deployment. So what are we dealing with here? Well, let's go to the answers that are incorrect. It violates the principle of least privilege by giving humans too much visibility into agent decisions. Yeah, that just doesn't even sound right. I mean, let's be realistic. That's that's not even a really good answer. Uh, because you want to have humans to have understanding in this, and it it's just that doesn't work. So B, or I should say C, it introduces legal liability because human approvers become accountable for all agent actions. Well, you the human approvers, whether they're approving it or not, they are accountable for any agent action. The agent has no accountability because it's an agent. It's not a human. But so that that question's wrong or answer is wrong. It conflicts with the NIST AI RMF framework requirements for automated systems deployment. Autonomous systems deployment. That is not necessarily the case. It does not conflict with that. Uh, there are approval aspects with the RMF framework. Uh, that's it's an important part that you do have people. But so this is the part that is, is that you have to look at it. The key that breaks this down, that makes this fall apart, which we've talked about a little bit briefly in the last uh looking at the different um article that was out in the news, is the fact that the proposal requires human approval for every agent output to maximize safety. Okay, so that's the problem right there. You do want to have human approval in some certain situations, especially when you're dealing with financial aspects. But if you're just having it doing anything, no, you don't want that. So it creates a bottleneck, right? A governance bottleneck that eliminates scalability while providing only the illusion of control, which is B. So the answer is B. Next

Q3 Least Privilege For Agents

SPEAKER_01

question. During an audit, the assessor discovers that several AI agents have been provisioned with access permissions exceeding those of human users they support. Yeah, let the AI do it. It'll do it for me. The organization argues that this is necessary for the agents to complete their workflows efficiently. What is the best response to this finding? Okay, so an assessor finds you have AI agents that have been provisioned with access permissions exceeding those humans users they support. So let's go into this and see figure out what is the best response to this finding. A accept the risk and document that compensating controls require quarterly agent access reviews. B immediately revoke all agent permissions and rebuild workflows from a zero trust baseline. C. Implement least privileged scope tool permissions with policy enforcement layers mediating every agent action, or D. Migrate all agent workloads to an isolated network segment to limit lateral movement potential. Okay. So again, we got an assessor. Finds out these agents have been provisioned with too much access. What should you do? What is the best response to dealing with this? Okay, let's get into the answers. Accept the risk, document the compensating control requiring quarterly agent access reviews. B. Immediately revoke all agent permissions and rebuild the workflows from a zero trust baseline. C. Implement least privileged scoped tool permissions with policy enforcement layers mediating every agent action. Or D migrate all agent workloads to an isolated network segment to limit lateral movement potential. Okay, so you're an assessor and you're looking at several agents have been provisioned with access permissions exceeding those of the human users they support. What is that based on this, right? What are the what are they going to do? What is the best response to this finding? So let's talk the ones that are not correct. A, accept the risk and document compensating control requirements, quarterly agent access reviews. So again, if they have more permissions, you don't want to necessarily accept the risk and document the compensating control. Now there might be a reason for that, but that's not the best response in this situation. B, immediately revoke all agent permissions and rebuild the workflows from a zero trust baseline. That's probably what it should have been done at the beginning. Um I've I've got a company that I'm looking at potentially to help them with, and they haven't, they're they're looking to roll out an app and they haven't really dealt with security. They had one guy that's kind of looking at it, and then they go, but we're trying to go live with it, and we're gonna go live in a month, and oh, I need a security guy to look at this. I mean, no, it's gonna be interesting. So um the aspect comes into is you really need to understand rebuilding from scratch is not the right option. And so bolting on something may be necessary, but rebuilding from where you started, no. C or D migrate all agent workloads to an isolated network segment to limit lateral movement potential. Okay, so that's not a bad thing if you have a good plan. But if it's an isolated network segment, you're now limiting the capability of these tools. So that isn't probably the best response to this finding. The best response is C implement a least privileged scope tool permissions with policy enforcement layers mediating every agent action. So again, least privilege applied to these AI agents means scoping tool permissions tightly and enforcing policy at every prompt and tool call. This is not broad revocation or network isolation alone. This is directly addressing the act, the creep risk, right? The credential creep risk while preserving the operational functionality. But this takes time and many companies will not want to take the time.

Q4 Output Logs Versus Traces

SPEAKER_01

Next question A compliance team is preparing for a regulatory audit that requires proof of how AI agents made specific decisions affecting customer data over the past 90 days. The security team discovers that they have only output logs, not excessive. Execution traces. What does this scenario best illustrate? Okay, so you need to have some stuff for people, right? And you got the past 90 days and they have logs, but they're only output logs. They're not execution traces. Now, what's an execution trace? This is what it's actually doing. It's doing on your behalf. Do you have the logs that support that? So A, an insufficient observability architecture where governance was limited to output monitoring rather than full decision path tracing. B a data retention policy failure requiring immediate legal hold procedures. C, a chain of custody gap that can be remediated by reconstructing the agent decisions from output data. Or D a SIM misconfiguration that failed to capture application layer events. Okay, so those are the answers. Let's go into the ones that are incorrect. A dent a dated retention policy failure requiring immediate legal hold procedures. Okay, so this doesn't illustrate the best problem with that, right? We've got a problem that has AI agents that don't have the data, the execution traces, and so putting everything immediate legal hold procedures, that is just going to bring everything to a screeching halt. That doesn't necessarily be the best option there. A chain of custody gap that can be remediated by reconstructing agent decisions from output data. So this scenario doesn't illustrate the chain of custody gap. It illustrates the fact that you didn't have good logs for your traces. So reconstructing agent decisions from output data would be extremely painful, and that's not the problem what we need to be dealing with. D, a sim misconfiguration that failed to capture application layer events. So this is not necessarily, it could be a SIM misconfiguration, but highly likely it's not that. It's basically an insufficient observability architecture that is where the governance was limited to output monitoring rather than full decision path tracing. So again, the SIM could be part of that. You could be have that as your architectural plan where the logs are going, your tracing logs are going in there. But realistically, it's the overall governance and architecture in which you have a strategic goal and plan set up. All right, the last

Q5 Designing Tiered Autonomy

SPEAKER_01

question. An organization is architecting a new AI agent platform that will handle both routine data lookups and high stakes financial transactions. Which architecture principle best balances operational efficiency with security and risk management requirements? Again, so you have an organization that's architecting new AI agent platform that will handle both routine data lookups and high stakes financial transactions. Which architecture principle best balances operational efficiency with security and risk management requirements? A deploy all agents under a unified permission model to reduce administrative complexity and ensure consistent policy enforcement. So everybody has the same permissions. C or B require all agents to be pre-approved by the security team before deploying to production. Okay, more of a little stronger control. C architectural agents is stateless microservices to eliminate persistent access risks and reduce the attack surface. Okay. They're microservices and they're running in the background. And then D. Implement tiered autonomy. Full agent independence on low stakes tasks with mandatory human and loop controls for consequential actions. Okay, so the best one that's for best balance is operational efficiency with security and risk management. So risk management's a key factor in the CISSP. So let's go to the ones that are not correct. A. Deploy all agents under a unified permission model to reduce administrative complexity and ensure consistent policy enforcement. Okay, so that does not, it may help with operational efficiency, right? Because they're all the same, but it doesn't really help you around the risk management piece. Require all agents' actions to be pre-approved by a security team before deployment to production. Well, that answer is one of those that can be very uh draconian and it can actually cause you more challenges. So that is probably not the best answer just because of the fact that it's not, it does it it doesn't really help you with your operational efficiency piece of this. It's more of a security aspect. Architect agents as stateless microservices and eliminate persistent access risk to reduce attack surface. So this can be possible. This could be a good option potentially for you, but it doesn't necessarily, it's more of a risk aspect. It doesn't balance out the operational efficiency as well as the last one, which is implementing a tiered autonomy, right? So from a security standpoint, those are all that one's positive. But when you're dealing with an implemented tier autonomy, this is a great way to balance your risk along with the security. Full agent independence, right? You want to let it do its thing on low stake tasks, right? So anything that's at low impact, you allow have it allow it to have full agent independence. But then mandatory human and loop controls for anything of any consequential actions, making move money moves, updating personal data, any of those aspects, you would probably want to have some sort of human in the loop controls. And maybe not on the updating personal data, but maybe on uh writing to that or reading to it. There are different options around it. I'm just kind of pulling from the hip on that one. But the point of it comes right down to is you want to have a tiered autonomy for these different agents. Okay, so that's all I have for you today.

Wrap Up And Next Steps

SPEAKER_01

I hope you guys are all getting ready for your CISP. Go to CISSP Cyber Training, check out all the free stuff I have there at CISSP Cyber Training, sign up for my free stuff, head on over, look at my cohort. I mean it, you're gonna love it. Eight weeks starting July 7th, it's gonna be something that's gonna be incredibly useful for you. And what it's going to do is it's gonna help you get your CISSP done in eight weeks. We're gonna have a plan. You're gonna get this done, you're gonna get on your way with your life, and you're gonna move on. So it's pretty exciting. I'm super excited about putting this cohort together. It's gonna be a great thing for a lot of different people. All right, have a wonderful day, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.

Contributor

Shon Gerber

Host