The biggest technological leaps never happened without risk. The first companies onto the Internet didn't wait for Cloudflare before launching their first websites. The early cloud adopters didn’t wait for Wiz before migrating their on-premise servers. They recognized that early adoption wasn’t about eliminating risk. It was about managing the risk well enough to move fast.

With AI Agents, companies aren’t waiting for security to catch up. The agent train has already left the station. And with smarter, more experienced attackers and rapid AI adoption, the risks are compounding fast. The security leaders who jump in front of the train to slow it down become a stain on the rails. The security leaders who ignore the train get left at the station.

Today, a security leader's job is to clear the rails ahead so the train gets where it's going ahead of schedule.

Every day, I see companies camped out somewhere between the two ends of this spectrum:

Full Send. They’re all in on employee AI enablement. They encourage employees to use any AI tool they want, however they want, and will (maybe) figure out how to secure it later. Their acceptable risk threshold is sky high because they want a competitive advantage.

No surprise, these tend to be mid-size companies trying to punch above their weight. And, damn, are they winning.

The Tiptoe. Slow, methodical, and nervous about the risks. They’re not sure how to get their arms around agents, so they default to "no" across the board while they wait to standardize on an AI platform and security approach.

With how fast AI is moving, "wait and see" is doomed. The landscape will shift three times before they pick a vendor or security solution. And while they wait, employees aren't sitting on their hands. They're finding their own tools.

Hello, shadow AI.

So what's a risk-conscious security leader supposed to do?

If you want to win, you need a balanced approach that indexes towards enablement. You can sit in a conference room and threat-model every possible scenario before you deploy, but that's not a winning strategy. The possibilities are too wide. The conversation stays abstract, and the policy never ships. There’s never a comfort level reached.

The right data changes that.

Here's the playbook we're seeing work for our customers:

1. Enable employees with AI tools you can see. Get the tools out there, but pick the ones you can get visibility into. That means visibility into configuration data, such as which MCPs and Skills are in use, which permissions users grant to agents, and which tools agents are allowed to execute. This also means run-time visibility. The ability to monitor what agents are doing is the linchpin of a data-driven approach to securing agents.

2. Threat-model with data. This is where the conversation shifts. Instead of asking a room full of nerds "what tools or permissions should we block,” you collect a list of the MCPs, Skills, tools, and permissions that every agent HAS executed. This is built on the real way employees use agents and the actual way agents operate.

This shifts the question to, "What actions from this list are we willing to tolerate based on the value they're delivering to the company?"

Evoke’s data shows that people are over-permissioning their agents to a degree that is…ermm…concerning. Like, take out all of production, concerning.

With the right visibility, you can see the configured permissions and use that gut reaction as the starting point to expand from there. Now your threat modeling exercise has a more focused direction, and you’re not risking a mutiny from 100x employees.

3. Block the risky tools and actions. A policy without enforcement is not an effective security control. If users can override it, it’s merely a suggestion. With the data-driven exercise, you can now start to block the things that make you go yikes! Those tend to be one-way actions that affect business operations, such as deleting data without human confirmation. For easily reversible actions that deliver real productivity gains, let ‘er rip.

4. Create a run-time backstop. When something malicious, unauthorized, or just plain anomalous starts happening, you need to step in as it occurs. This is your insurance policy for when an agent goes rogue or gets compromised. Employees can still move fast, but you stop them from running off the cliff. This is detection and response in action.

5. Continuously monitor and tune your enforcement policy. Like any growing garden, agents and permissions will change over time, so you need to maintain it to keep it healthy. Observe agent usage over time. Adjust your controls as you learn what's normal and what isn't. Your first set of controls will be terrible, and that's okay. Your second set will be a little less terrible. Your fifth set of controls? Now that starts to look like a real AI security program that will make other CISOs go, “How did you do that?”

The companies winning the AI agent race aren't the ones with zero risk. They're the ones who decided what risk they could live with, gained the right visibility into what agents were doing, and improved their controls over time.

They started moving and got sharper over time.

As a former CISO, I get it. The last thing you want is another tool, another dashboard, another vendor pitch. But the agent attack surface is opening in front of us right now, on your endpoints, in your network, regardless of what projects you added to your roadmap last year.

You can stand in front of the train and get flattened. You can wave it off and pretend it's not coming. Or you can grab a flashlight, walk the tracks, and make sure the business gets to where it's going in one piece. That’s the job.

If you want to see exactly what your agents are doing right now, which ones are over-permissioned, and where your blast radius actually is, that's an Evoke POV. Want to see what your agents are actually doing?