Agentic AI systems — autonomous models that browse the web, execute code, and take independent action — are already inside enterprise environments. But the governance programs designed to manage AI risk were built for a simpler era: models that respond, not models that act.

This session exposes the five critical governance gaps that emerge when agentic AI enters your environment: agent identity, action scope, auditability, third-party agent risk, and change velocity. Using real-world scenarios drawn from healthcare and financial services, attendees will see exactly where traditional GRC frameworks fall short — and what a modern control overlay looks like in practice.

We'll map the gaps to existing frameworks (NIST AI RMF, NIST CSF 2.0, ISO 27001) and show practitioners and security leaders alike which controls transfer, which need updating, and which you'll need to build from scratch.

Attendees will leave with a practical governance framework they can apply immediately — whether they're building a new AI risk program or retrofitting an existing one for the agentic reality ahead.