A Security Framework for the Agentic Era | CISO Roundtable on AI Agent Security

Autonomous agents are taking actions, chaining tool calls, and touching regulated data inside the enterprise. Traditional security controls were built for deterministic systems where the steps were the contract. Agentic AI breaks that assumption. The agent decides how to get from A to B, and the path is where the risk lives. In this Opsin Webcast, Trey Tunnell (CISO, Floor & Decor) and Anatoli Lataria (Chief Information & Digital Officer, MiTek) join James Pham (CEO, Opsin) to work through the unresolved questions every security leader is now facing: who is authorized to take an action, what was the agent's intent, and where does accountability sit when something goes wrong. The conversation introduces a five-part framework for securing agentic AI in the enterprise looking a key elements: • Identity — why inherited permissions break when agents crawl, and what scoped agent identity actually looks like • Intent — the gap between what an agent was built to do and what it does in production • Action chain — what breaks at the agent-to-agent hop and why context has to travel with the request • Behavior — capturing the plan, not just the prompt and response • Owner accountability — how security and the business share responsibility when an agent goes off-pattern What you'll learn: 1. Why deterministic controls miss the real risk in non-deterministic systems 2. How agent-to-agent communication creates chain-of-custody gaps in authorization and audit 3. The "shadow IT inversion" and why governed paths have to be faster than ungoverned ones 4. What security leaders should consider when launching their agentic AI program 5. Where existing frameworks (NIST AI RMF, OWASP GenAI Top 10, MITRE ATLAS) actually help and where the gaps remain Panelists: Anatoli Lataria, Chief Information & Digital Officer, MiTek Trey Tunnell, CISO, Floor & Decor James Pham, CEO and Co-Founder, Opsin About Opsin: Opsin gives security teams the visibility and control to secure, govern and scale enterprise agents. Our contextual layer connects identity, data, and model behavior so CISOs can surface real risk in sanctioned AI tools and agents, prioritize what matters, and remediate at the root cause. Deployment is one-click via API, and proactive risk assessment simulates real user queries to surface AI risk within 24 hours. Learn more at https://www.opsinsecurity.com Chapters: 00:00 Introduction and panelist backgrounds 01:35 The state of agentic AI adoption in the enterprise 05:30 What concerns CISOs about agent autonomy 09:00 Why traditional security controls miss agentic risk 12:30 Identity, visibility, and the agent-to-agent hop 16:40 Inherited permissions and data discovery by agents 20:50 Agent-to-agent communication and chain of custody 25:00 The intent problem and non-deterministic systems 30:30 Owner accountability when an agent does something wrong 36:50 The shadow IT inversion 38:50 A ninety-day playbook for security leaders 46:00 Closing thoughts on the pace of change