Peggy Tsai

Autonomous AI agents are increasingly being granted system access akin to human employees, creating a profound new layer of security and enterprise risk that most organizations are still struggling to manage. This session provides insiders' views on setting robust security frameworks and compliance standards, addressing the complexity of governing AI adoption that cannot be centrally controlled due to embedded vendor tools. Our panelists will detail the unique challenges posed by agent access—including defining authorization thresholds, managing access lifecycles, and implementing continuous monitoring to prevent data exposure and bad decisions. Attendees will learn essential processes required to balance rapid AI innovation against severe regulatory and security liabilities, moving past conceptual fears to establish clear, auditable governance rails for agentic capabilities.

• Implement distinct authorization and access management practices for AI agents
• Establish strong AI governance capabilities that integrate tightly with model risk management (MRM)
• Develop a current, comprehensive AI policy that clearly references existing privacy, cyber, and regulatory obligations
• Define clear security and monitoring metrics for AI agents