How CISOs Are Building Governance for AI Already Live

Employees are using dozens of AI tools, developers are shipping agents with privileged access to production systems, and AI-generated outputs are flowing into regulated workflows — most of it without a governance framework in place to see it, let alone control it.

Security and AI infrastructure leaders on Sagetap are building governance programs fast enough to cover a threat surface that expanded before anyone wrote a policy. The programs gaining traction treat AI as an active enterprise layer requiring its own discovery, detection, and enforcement.

Why This Matters Beyond AI Security & Governance

The absence of AI governance creates exposure that cascades across every security domain that depends on knowing what AI is doing, including:

• ‍Identity & Access Management: AI agents are non-human identities operating at scale. Traditional IAM doesn't model agent-to-data or agent-to-tool access, leaving a class of privileged principals ungoverned.‍
• ‍Data Protection & Privacy: Sensitive data enters AI workflows through prompts, file uploads, and tool calls. Legacy DLP has no mechanism to intercept data moving through agentic pipelines.‍
• Vulnerability Management: AI coding assistants introduce vulnerable dependencies into software supply chains, and agents can be exploited through prompt injection — neither of which traditional VM tools detect.
• ‍Risk Management & Compliance: AI governance is now a compliance requirement. Without audit trails of how AI systems access and use data, organizations cannot demonstrate control to auditors or regulators.‍‍
• Cloud Security: AI agents operating across cloud environments access configurations, APIs, and data stores. When agent-level visibility is missing, cloud security posture tools have an incomplete picture of actual exposure.
• ‍Threat Detection & Response: AI agents generate behavior that existing detection tools weren't built to interpret. Without governance controls logging what agents did and why, security teams lack a signal to investigate.‍‍

Every security domain inherits the exposure that ungoverned AI creates.

Inside the Initiatives: How Sages Are Building AI Security & Governance Programs

Four active initiatives across healthcare, insurance, financial services, and civil engineering show how security leaders are building AI governance infrastructure from scratch. Two of the initiatives recently entered POC.

Mapping the Full AI Attack Surface: Internal and External

A CISO at a very large civil engineering organization is running an initiative to build detection and response capabilities across the full AI landscape. The goal is to gain visibility into which external AI services end users are accessing, and detect potential abuse of AI systems the organization has built internally. The initiative is in POC with Prophet Security and SurePath AI after having evaluated vendors across the detection and governance spectrum.

Standing Up AI Governance in a Regulated Healthcare Environment

A security leader at a hospital and healthcare organization launched an initiative to establish a formal AI governance framework centered on protecting PII and PHI, maintaining regulatory compliance, and ensuring AI is deployed in ways that respect patient privacy. The initiative is in POC with Lumia Security.

Build-Time to Runtime: Securing AI at Every Stage

A CISO at a major insurance organization is running an initiative to secure AI applications, copilots, chatbots, and agents across 60+ AI and ML projects spanning over 20 business entities. The program is scoped to the AI application layer (not broad cloud posture or general GRC) with requirements covering build time, test time, and runtime security for both internal and external-facing AI use cases.

Governing the MCP Layer with Zero Trust

A Deputy CISO at a large financial services organization has launched an initiative to evaluate and onboard an MCP Gateway platform — a Zero Trust control plane governing how LLMs interact with enterprise data and external SaaS tools. The program sets a high technical bar: sub-15ms latency overhead under 100 concurrent agent sessions and a 70% reduction in time-to-value for new agentic workflows, with nine vendors currently on the shortlist.

Top AI Security & Governance Vendors Sages Are Evaluating

Three vendors have appeared most frequently across recent AI Security & Governance evaluations. Their traction reflects capabilities that conventional security tools don't provide for AI-specific risks.

Oryo is the enterprise security control plane for AI agents, built to discover, secure, and govern agents across SaaS and cloud environments. It connects via API to agent platforms, identity systems, and security tools to scan permissions and MCP integrations — flagging risks including tool misuse, missing prompt guardrails, data exfiltration, and privilege escalation.

What Sages evaluated it for: Full-stack AI agent visibility including shadow agents, MCPs, and identity; detecting sensitive data exposure and unusual tool usage; enforcing least-privilege policies so agents only access what they need; and managing AI supply chain risk.

Knostic is an AI security platform that discovers and secures AI agents, coding assistants, and supply chain risks including MCP servers and IDE extensions, while applying need-to-know access controls to prevent LLMs from oversharing enterprise knowledge. It detects where tools like Copilot, Glean, and Gemini expose sensitive information across connected data sources.

What Sages evaluated it for: Discovering and inventorying MCP servers, plugins, and AI primitives; detecting shadow AI and blocking data exfiltration; enforcing need-to-know boundaries based on role and actual usage; and monitoring LLM interactions for oversharing across Copilot and AI tools.

Tenet Security is a runtime defense layer for the agentic era, providing predictable security for AI agents operating with high-privilege access to API keys, write permissions, and connected enterprise systems. Its Agent-Side Simulation™ engine sandboxes tool calls before they execute — detecting and terminating hijacked logic before it reaches production.

What Sages evaluated it for: Real-time sandboxing of agent tool calls before execution; detecting AgentJacking, lateral movement, and unauthorized data passing in agentic workflows; monitoring gateway traffic for prompt injection and data leakage; and runtime guardrails that adapt as models change.

Sages' Key Consideration Factors

When evaluating AI security and governance tools, security and AI leaders prioritize features above all else. Requirements are specific enough that general-purpose security tools rarely make the shortlist.

• Full-Stack AI Visibility Before Control: Sages are buying sight lines. The starting requirement is an inventory of every AI interaction: which tools employees are using, what data is entering prompts, which agents are running, and where shadow AI starts.
• Prompt-Level Data Protection as a Hard Requirement: Conventional DLP stops at the file and the email. Security executives are demanding controls that intercept sensitive data (PII, PHI, financial records, proprietary code) before it reaches an external model or agentic pipeline.
• Agent and MCP Governance as the New Control Plane: As agents proliferate and MCP integrations multiply, Sages need a governed layer determining what agents can see, what tools they can call, and under whose authority they act.

Bottom Line

AI adoption is accelerating and every agent deployed without controls is a privileged endpoint with no governance boundary. The organizations building the right infrastructure now will be the ones with something to show for it when the window closes.

Want to see the specific requirements and evaluations for your peers' AI security & governance initiatives?