3 Non-Negotiables for CISOs in the Agentic Era
When I look at where artificial intelligence (AI) is heading in organizations, 2026 is a year for taking control.
AI threats have evolved faster in the last 12 months than most organizations can process, and there is barely any time to catch up. We’re not preparing for an agentic world; we’re already living in it. Agents are acting inside environments today—some built by our own teams, others operated or manipulated by attackers—and they make decisions at speed and scale.
We are just starting to shape our understanding of what these threats truly look like. And we’re trying to manage this class of threats with a playbook that was designed for a pre-agentic era.
This year needs to be the year we replace that playbook with something that reflects how agents—both our own and those belonging to the threat actors—actually behave, how they fail, and what they can access. It’s time to build the right security foundations for operating in an agent-driven world.
Here are three priorities that I think should guide CISOs through this shift.
Priority One: Build a Security Approach for the Agentic Economy
Agents are already operating inside organizations, often under the radar, and most teams still don’t know where and how agentic AI is being used. This dynamic must change.
A security model for the agentic economy starts with knowing every agent in your environment: what it can access, what identity it runs under, and what decisions it is allowed to make. Without this inventory, organizations can’t secure anything.
But the moment that visibility exists, the next problem appears: speed. Agents are created, changed, and deployed at developer speed, usually in minutes—not months. That pace means security can no longer sit behind the development process. Security teams now need controls that plug directly into how agents are built, tested, and deployed. In the agentic world, clinging to the back of innovation simply doesn’t work.
Traditional governance structures also don’t work today as governance committees can be too slow to react. Security teams need governance that is automated, embedded, and continuous, including real-time policy enforcement and monitoring that detects behavioral drift the moment it happens.
If we don’t define this security approach built for agentic systems now, we will lose ground.
Priority Two: Create an Incident Response Playbook for Agent-Driven Breaches
Traditionally, almost all security breaches have involved social engineering and a human link in the kill chain. And so incident response (IR) is built around human behaviors—a person clicking something, accessing something, or making a change they shouldn’t have. But when an agent is the one taking the action, following a flawed instruction or misinterpreting context, that model breaks down. Businesses need an IR approach that treats agents as autonomous actors, not extensions of a user.
Right now, nearly all organizations lack a complete playbook for this. The work starts with defining what evidence matters in an agentic investigation: the agent’s instruction chain, the model outputs it received, the context window it acted on, the permissions it used, and the decision boundaries it crossed. Without capturing this information, we can’t explain why an agent behaved the way it did.
It’s also critical to remember that failure looks different for agents, too. Agents can hallucinate steps, act on incomplete context, follow an attacker’s crafted instruction, drift outside their intended scope, or chain actions together in ways no human would. These behaviors create a new category of incidents that IR teams have never had to dissect before.
In 2026, CISOs need to redefine what “good” looks like when it comes to IR. This includes looking at what legacy assumptions no longer apply, how agent behavior should be reconstructed, and how teams should triage incidents where intent is machine-generated rather than human-driven.
Almost no one has a mature playbook for agentic incidents, but we cannot wait for one to appear. We have to start building it now.
Priority Three: Bring in AI Red-Teaming Capability
Security teams can’t improvise their way into malicious AI thinking. Most defensive teams are trained to protect systems, not to think like attackers who spend their time figuring out how to misuse agents, exploit prompts, or push systems outside their intended scope.
That’s why if a business doesn’t have people with genuine offensive AI expertise, it needs to work with a partner who does. Partners with this capability take a different approach to traditional security teams. They spend their days breaking models, probing agents in ways defenders wouldn’t naturally attempt, and uncovering behaviors that only show up under adversarial pressure. They understand how attackers think because they practice those techniques every day—safely, deliberately, and in controlled environments.
AI red-teaming also has to work hand-in-hand with IR. If organizations are struggling to understand what an agent did, the answer is to simulate real failures—prompt injections, harmful instructions, privilege misuse, scope drift, or agents taking actions the team never anticipated. Security teams should be stress testing these scenarios regularly because while we haven’t lived through these developments yet, they’re coming.
And this can’t be a one-off exercise. Organizations need to build this as a permanent muscle—a continuous way to test how agents behave, how they fail, and how well defenses hold up when things go wrong.
From Awareness to Action
The agentic era is already reshaping how attacks happen, how systems behave, and what security teams are expected to control. The most resilient organizations will be those that stop waiting for clarity and start building these capabilities now.
Businesses need a security model that gives CISOs real visibility into agents, an IR approach that can handle behavior we’ve never investigated before, and AI red-teaming that exposes weaknesses long before they show up in production.
None of this is optional. These are the foundations that will determine whether security teams stay ahead of what’s coming or find themselves constantly absorbing the impact after the fact. Now is the moment to move from awareness to action.
James Robinson is the chief information security officer at Netskope with more than 25 years of experience in security engineering, architecture, and strategy. He specializes in services and solutions that help executives change their security strategies using innovation. Robinson attended Webster University where he studied business and management, and he holds a number of technical certifications. He is also a regular commentator on security issues for business and trade publications and holds more than 10 U.S. patents as an inventor.
