From Automation to Autonomy: Navigating the Next Wave of AI Agents

This panel led by Josh Devon featured agent builders (Andy Black of Kovvr.ai and Josh Ray of Blackwire Labs) and enterprise CISOs (Tom Quinn of T. Rowe Price and David Ginn of Johnson Controls). The transition from basic AI automation to Agentic AI—autonomous logic capable of controlling its environment—is accelerating, promising massive gains for enterprises but posing complex challenges for security and governance. Agent builders like Kovvr.ai and Blackwire Labs are delivering immediate value by providing leverage to human employees, significantly cutting down time for critical tasks. Examples include reducing cyber incident remediation from weeks to hours and transforming multi-year compliance processes (like FedRAMP) into dynamic, continuous processes measured in minutes. CISOs from T. Rowe Price and Johnson Controls confirm this value, viewing agents as tools to increase workforce productivity, deliver customer value, and gain competitive advantage rather than just cutting staff. The greatest barriers to granting agents meaningful autonomy are primarily cultural, organizational, and regulatory, rather than purely technical. There is a "trust paradox" that arises because the speed and power of agents (like JCI's field service tools or T. Rowe Price's investment agents) must be carefully balanced against the risk of non-deterministic, or misaligned, behavior. Key concerns include the threat of external actors using deepfakes to hijack command channels, and the possibility of emergent, destructive agent behavior (akin to "WarGames"). The consensus is that security must adapt to the probabilistic nature of AI by applying a contextual risk calculus: the same agent may have different policies and safety checks depending on the criticality of the system it touches (e.g., a "CFO agent" gets far more scrutiny than an "intern agent"). Looking ahead, the ultimate goal is for AI agents to become an integrated, invisible fabric of work—a capability as ubiquitous as GPS. The "moonshots" for the next several years focus on achieving dynamic compliance (where legal and regulatory systems are continuously monitored and updated by agents) and realizing autonomous defense. This involves orchestrating defender agents to automatically identify a vulnerability, write the patch, and deploy it without human intervention. This future requires moving beyond the current hype and engaging in "perspirational AI"—the difficult work of building governance, establishing trust, and adapting human processes to safely leverage this rapidly advancing, transformative technology. For more on OODA LLC's approach to business intelligence, due diligence and cybersecurity consulting see: https://www.ooda.com And for deep insights into geopolitical, tech and cyber risks and to join the OODA network see: https://www.oodaloop.com #cybersecurity #OODA #OODAloop #intelligence #cyber #analysis #artificialintelligence #AI #OSINT #opensource #infosec #CTO #CISO #CEO