Don’t Let Your AI “Go Rogue”: A Practical Control Plan for Agentic AI
- Kanchan Khatri
- Sep 29
- 4 min read
Updated: 7 days ago
Agentic AI promises huge ROI, until it acts outside a human identity or exfiltrates data. This article covers the importance of governance, the risks involved, and tools to leverage for incorporating controls into your agentic AI builds. Here’s the step: a compact, audit-ready control plan for boards and CISOs that they can actually use.
Often, when projects get underway—whether at the project or program level—one of the most important stakeholders is left out of requirements gathering: the auditor. Love them or hate them, auditors can be catalysts for change, especially when it comes to getting compliance right, internally and for customers to trust your service. At a minimum, this control plan should help put you in a defensible position for audit or the board.
Why Boards and CISOs Care About AI Agents
Agentic AI becomes an enterprise risk when it can:
Act without a verifiable human identity.
Escalate privileges without oversight.
Execute at scale without traceable logs.
CISOs and boards I’ve worked with are asking for the same proof: “How do we know agentic AI is controlled, auditable, and safe?” (AI Governance Control Plan, 2025)1.
The answer lies in identity-first governance, backed by telemetry.
Telemetry: The Backbone of AI Governance
Telemetry is the digital breadcrumbs your systems emit: sign-ins, API calls, access requests, DLP matches, privilege elevations, and even the agent prompts themselves. Think of your fingerprint: it’s unique to you. Where did you leave your fingerprints? It ties back to intent.
For agentic AI, telemetry is not optional; it’s the only way to prove who initiated an action, what the agent did, and whether sensitive data or privileges were involved. Without telemetry, AI activity is just “mystery automation.” With it, you have accountable automation1. Accountability ties to the intent. When you record the intent of the agentic AI before building, that ticket is the start of the telemetry.
Five Control Functions Every Executive Should Demand
Identity Binding — Every agent action maps to an authenticated human identity (SSO + MFA). Below, I provide sample query snippets to run validation.
Access Enforcement — Agents inherit only the requester’s entitlements; privileged actions require elevation.
Data Protection — Apply labels/DLP to AI inputs & outputs, not just to human workflows.
Immutable Audit Trails — All queries, actions, and policy results logged and retained immutably.
Anomaly & Prompt-Injection Detection — Detect unusual usage and prompt patterns (“ignore previous instructions”).
Ask for three KPIs every month:
% of AI actions mapped to validated identities (target = 100%)
· # of prompt-injection alerts and time to resolution
# of excessive-usage cases flagged and remediated
Platform-Agnostic Mapping
The table below lists the functions, the Microsoft tools, and their equivalents.
Illustrative Snippets (short-form)
Sentinel KQL (identity binding control sample check):
SigninLogs
| where TimeGenerated >= ago(30d)
| where AppDisplayName contains "Copilot" or Resource contains "agentic"
| project TimeGenerated, UserPrincipalName, AppDisplayName, IPAddress, ResultDescription
| take 50
Splunk SPL (equivalent concept):
index=agent_actions OR index=azure_signin earliest=-30d
(App="Copilot" OR App="agentic")
| table time, user, app, status, clientip, correlationId
| head 50
Elastic / Kibana KQL:
agent_actions
| where timestamp >= now() - 30d and app.keyword in ("Copilot","agentic")
| project user.keyword, status, correlationId, client_ip
| limit 50
Control Plan
A formal control plan document should include Control Object, Control Statement, including any specific alignment to regulations or frameworks (i.e., Access to AI agents is governed by least privilege (NIST CSF 2.0 PR.AA-01, PR.AA-03), Control Implementation, Control Test Plan, Evidence Request List, Sampling Plan (Method and Basis), Test Design and Procedures and the Test Execution. The control plan is the onus of the internal audit team and operations.
Control Statements are crucial for a CISO as they provide a structured approach to managing and mitigating risks associated with information security. They ensure that all security measures are clearly defined, implemented, and monitored, which is essential for maintaining the integrity and confidentiality of an organization's data.
Additionally, Control Statements help in demonstrating compliance with regulatory requirements and industry standards, thereby enhancing the organization's overall security (defense) posture. This also sets up the Security Operations Team for what will be needed to track and report for agentic AI identity controls.
Appendix: JumpCloud for Agentic AI Identity Governance
JumpCloud is more than a directory: it provides controls, telemetry, and audit evidence for AI identities3, even in non-Microsoft environments2.
Directory & Identity Broker — Centralizes AI “bot” identities for accountability.
Directory Insights — Rich logs of authentications, role changes, provisioning (the “intent log”).
Role-Based Controls — Minimal entitlements for agents, with scoped admin roles.
Endpoint Enforcement — Device policies ensure only compliant systems interact with agents.
APIs & Webhooks — Automate lifecycle events (create, disable, change role).
SIEM Forwarding — Send logs to Splunk, Elastic, or Sentinel for unified visibility.
This makes JumpCloud4 a strong choice for audit, validation, and governance of agentic AI activity2.
Closing Thoughts
Agentic AI will evolve — but your control objectives won’t:
Bind every action to a human identity.
Enforce least privilege.
Protect data.
Prove it with immutable telemetry.
SOURCE: Mike Birkford
While organizations concentrate on their growth, we at IDMEXPRESS are focused on cyberproofing them by providing 24/7/365 IAM and PAM managed services. If you are looking for a managed service partner, contact us today to secure your tomorrow.
Comments