The Predictability Factor is a weekly deep dive at the intersection of AI, Security, Privacy and Tech, to help you Go From Chaos to Resilience in The World of AI.
In July 2021, Czech billionaire Radim Passer drove at a record speed of 417 kmh on the German highway, the Autobahn. That is neither a typo, nor a simulation.
I am an Indian-German, living in London. My top speed on the German highway has only been 240 kmh. I say only, not because it's too slow, but because if you've ever driven on the German highway, you know three things are true for sure:
The adrenaline is amazing.
There is always someone driving faster than you.
You wouldn’t step in if the brakes only worked some times.
The experience is not reckless. It is precisely controlled. The difference between 240 km/h being safe and 240 km/h being fatal is not the speed. It is everything built underneath it.
Over the last 10 years or so, I’ve shared this personal story, over and again on different stages and different rooms in front of all sorts of audiences, and every time it resonated extremely well. Over the last decades, this analogy neatly ties to every evolution of technology we have seen thus far. Before it was the Internet, then it was the web, cloud, OT, IoT, IIoT and now it's agentic AI. If anything, it is even more fitting and true to what is happening today.
I’ve always loved driving. When I drove in Germany, I fell in love with it even more. My friends joke about this. If you know how to drive in India and if you know how to drive in Germany, you likely can drive anywhere, in any condition, well.
German highways are the only highways in the world where you have unlimited speed zones.
Simple probabilistic models suggest faster speed always yields more fatalities. Studies have been done on this subject for ages. Yet, German highways seem to defy that principle. There’s an AI lesson in there.
But that's exactly what we are doing with agentic AI.
If I told you that the car you're going to step in right now and drive on the German highway at whatever speed possible, but that your brakes only worked randomly some of the times, not all the times, would you step in?
If I told you that the car you're going to step in right now and drive on the German highway at whatever speed possible, but that your brakes only worked randomly some of the times, not all the times, would you step in?
I wouldn't.
Driving without speed limit works on the German highway because:
The car is engineered for it
The brakes are built for it, and they work every time we press them
Most importantly, the highway infrastructure is designed with longer curves for high-speed turns. God rails. Guardrails are built not only within the car, that work in a deterministic manner, but also resilience is built around it within the infrastructure.
Remove any one of those, and the speed that made the drive exhilarating becomes the thing that kills you.
Agentic AI is like driving a car with a powerful engine (the underlying model), fuel (the compute power) and built-in mechanics and maps (default architecture and training data) BUT with no brakes or seatbelt (guardrails), all the while it’s going at an unlimited speed on the highway. The even more interesting part that most organisations don't understand is this:
Your organisation is that highway on which Agentic AI is running at an unlimited speed but unlike the German autobahn, it’s without a secure infrastructure, reliable engineering or built-in resilience to sustain any of it.
Read it again.
Add to that, in the real-world, LLMs function as probabilistic machines providing probabilistic outcomes.
Ask it to follow a “security” rule 10 times, it will comply 7 times. Maybe 8. Maybe 5. That's not a guardrail. That's a wish-list.
Even if you had brakes in your car, imagine one where the brakes only worked accurately 7 out of 10 times. Would you drive it? You wouldn't.
You are giving Agentic AI unlimited speed, privileged permissions, access to tools and sensitive data, despite knowing that it will only work accurately at random times, it will hallucinate, and it will provide unreliable outputs. Add to that AI has no concept of ethics, repercussions or unintended outcomes.
The car’s brakes alone aren’t enough. The infrastructure within and around it matters. I wouldn’t go that speed in the U.K. where I now drive every day. Not just because it’s illegal but also because the infrastructure around it doesn’t support it, reliably (even if it were legal).
When I drive 240 kph (or 150 mph), on a German highway, I trust the engineering of the vehicle and the physical infrastructure of the road. I trust that when things are about to go out of control, I can use the brakes reliably and predictably, as long as I maintain the safe distance.
German highways are built specifically with longer curves to allow drivers to turn safely at massive speeds. Add to that stringent and more rigorous licensing, and stricter traffic rules (tailgating is punished, lane discipline is strictly followed, etc).
Multiple studies (e.g. Google, CSA, etc.) have found that governance maturity is the strongest indicator for agentic AI readiness in your enterprise.
The five pillars that you’ll go through below will determine whether your AI can be secure, auditable, ethical, transparent, and responsible, and where human oversight is most urgently needed i.e. these five pillars are strongest indicators of whether your enterprise is truly AI ready.
Five Assumptions around Your Agent of Chaos
In April 2025, an AI coding agent at PocketOS, a B2B platform handling car rental reservations and payments, encountered a credential mismatch in a staging environment. Nobody instructed it to fix the problem. It decided on its own initiative to resolve it, found an API token with blanket authority across the entire infrastructure, and deleted the production database and every backup. In 9 seconds. Rental businesses lost customer records, bookings, three months of reservations. When asked why, the AI responded: "You never asked me to delete anything. I decided to do it on my own."
The AI knew what it had done. It had principles. No governance architecture existed to enforce them.
Most organisations are running Agentic AI in their enterprises with five assumptions baked in:
The AI will only do, what it says it’ll do
The AI will always follow instructions
It will only take instructions from the right people (the good guys / its owners)
The AI will not do things it was never asked to do
The AI will always execute within the constraints it was given
A recent paper called Agent of Chaos showcases all five assumptions are wrong.
Then there is Air Canada. When its AI chatbot gave a grieving passenger incorrect information about bereavement fares, Air Canada argued in court that the chatbot was a "separate legal entity" and the company bore no responsibility for what it told customers. The tribunal rejected that defence entirely. Air Canada was held fully liable. The court ruled that bot's advice was Air Canada's advice.
You cannot drive at 417 km/h and then tell the court the car acted independently, even if your car was on auto-pilot. You are still accountable.
Assume Chaos and Build Resilience
6 years ago, I worked on a national AI strategy. Since then I have been implementing this model with enterprises across sectors. What I still see, consistently, is organisations measuring AI readiness only by ROI. That is the wrong metric. ROI measures the output of a system you may not actually control.
The enterprises that make this work are not the ones with the largest budgets or the most advanced models.
They are the ones that assumed chaos from the start and built resilience within and around it. Every pillar is a layer of that resilience. Pull one out and the others do not hold.
The Autobahn at 417 km/h is not inherently dangerous. It is only dangerous when the engineering, resilience and guardrails underneath have not been built.
Let’s dig in.
This Ultimate AI Governance and Security Playbook is a step-by-step complete playbook on building your agentic AI governance and security maturity for resilient and trustworthy AI in your organisation. It’s the ultimate AI playbook that covers:
The AI Governance Foundation
Key Pillars for a Strong AI Governance and Security Maturity
50+ Real-World Examples
Actionable insights and Practical Measures for Increased AI Maturity
Mapping to NIST AI RMF, OECD AI Lifecycle for Each Pillar
The Responsible AI Layer That Changes Everything
How to Bring It All Together for a Strong AI Foundation
Five Key Pillars for Enterprise AI Governance and Security Maturity
Here’s a quick overview of the five pillars or dimensions that determine and are the true measure of agentic AI governance and security maturity, in building, deploying and scaling enterprise AI:
The 5 pillars are your system for enterprise AI governance and security maturity, necessary for enterprise AI readiness, deployment and implementation.
Each pillar depends on the others. Data that is classified and access-controlled without a governance policy behind it is unprotected. A governance policy without cultural literacy is unread. Controls and engineering without data readiness are securing a pipeline that was never clean to begin with. Governance without controls and engineering is not fully implemented.
The NIST AI RMF GOVERN function defines governance as the set of conditions that make every other risk management function possible. ISO/IEC 42001:2023 calls this organisational context.
Before you can manage AI risk, you need a functioning system for understanding what risks you face, who is accountable for them, and what is in place to manage them. The five pillars are that system.
Pillar 1: Data Readiness and Validation
Early 2023, in my role as the Group Chief Security Officer, my team and I were working together with other key stakeholders in the organisation to roll out an enterprise AI tool for the entire organisation. Data governance was the first key step in that AI rollout. In fact, I provide that example in my practical AI strategy template.
Most people misunderstand why data readiness and validation is key.
The best thing you can do for your AI has actually little to do with the AI or even technical controls. It has a heck a lot to do with fixing your data. That is your ground zero.
Unless and until you have the right data quality, data classification and data governance in place, you are just exposing your data to AI, just waiting for a data breach to happen.
This could be because your AI now has access to data it shouldn’t or just because you didn’t put in the right DLP measures in place and your employees, knowingly or unknowingly have exposed your sensitive data to the Internet. Most of that exposed data gets leaked to the dark web, where the criminals sell your data for profit, espionage or further targeted attacks against your infrastructure.
As we rolled-out the enterprise AI, we had defined 3 key pre-requisites and outcomes:
Enterprise Oversight
Banning or not providing AI tools, when ChatGPT was already public and while new GenAI tools were releasing every week, would have just increased, not reduced our Shadow AI. We knew employees were already using GenAI tools. It was just a matter of time before that would become a part of our Shadow AI.
If you make security so difficult, you know it, users will find ways to bypass your security.Data Governance
Improved data governance, specifically improved and more accurate data classification, was both a goal and a test use case. In order to deploy an AI tool effectively and securely, we knew we had to validate our data labelling and classification. Most companies don’t and this is where the biggest security leaks happen.
Better data classification and use of data for business decisions was a pre-requisite and a goal for deploying the GenAI tool in the organisation.
Note: This was only possible since we had already done a lot of heavy lifting and actual classification in the years before, given that we were heavily regulated and had a lot of customer data. If you have never done it, this is a whole project in itself, and absolutely necessary for secure deployment and integration of AI. Do it right away, if you haven’t, even if you have already deployed AI.Responsible Integration
Testing this rollout with a specific but varied group of users (different roles and responsibilities, starting with non-admin privileges) with specific use cases and data set was necessary and a key part of the overall equation for responsible AI integration. I share this example in my practical AI strategy and governance template.
Here is the part nobody wants to sit with: 75% of large enterprises already have shadow AI running across their networks. 86% are blind to where their AI data is actually flowing.
Employees are installing autonomous agents with real system access, connecting them to enterprise infrastructure, and then finding out about it the same way everyone else does: after the fact or worse yet after a breach.
In 2014, Amazon built an AI hiring tool to screen engineering candidates at speed. By 2015, the company realised the model was not reviewing resumes in a gender-neutral way.
It hated women. Well not literally, but it learned that from the dataset that did.
Upgrade to Continue Reading
Become a paying subscriber of The Predictability Factor to get access to this post and other premium-only content including bonuses
Upgrade NowA subscription gets you:
- Free access to premium content
- The Ultimate Enterprise AI Governance and Security Maturity Playbook
- My 7-Step enterprise AI roadmap with 50+ real-world examples, actionable insights, 5 key pillars for governance and security, and more
