While I was still in Norway, in one of my CISO roles for critical infrastructure, I got the opportunity to work on the National AI strategy, specifically on the topics of AI Security, AI Ethics and Privacy for building Trustworthy AI.

In another CISO role, my team and I implemented our enterprise AI Strategy and Governance, together with our AI and Emerging Tech policy before the first public version of ChatGPT came out.

I’ve been working with ML/AI dedicatedly for the last 6 years or so. While more and more organisations are waking up to understanding the importance of an AI strategy, governance pillars, controls and engineering, I still see so many of them struggle with building and implementing an effective AI strategy and governance pillars within their enterprise.

Every time I talk to CISOs, CIOs, risk leaders, GRC, internal auditors or boards, this is the one question that I get often:

You can’t. At least not entirely. But that’s only half the story.

Just because most security practitioners will say “zero-trust”, the answer is not that simple. That first question is almost always followed by this statement:

That’s the reality of business.

I get it there is no hundred percent trust. There will never be. At the same time, the concept of trust vs. zero trust aren’t opposites, and it falls apart without giving some context. That context is key.

AI agents will go rogue, hallucinate, make completely inaccurate decisions and take completely wrong actions leading to severe unintended consequences.

Welcome to The Predictability Factor by Monica Talks Cyber, a weekly deep dive and POV at the intersection of AI, Security, Privacy and Tech, written by a hacker and CISO, to help you Go From Chaos to Resilience in The World of AI.

Over the last 3 years, there has been a major shift in AI. Since ChatGPT’s first public model came out, we have gone from “AI that says things” to “AI that does things”.

OpenClaw is the clearest window into that shift.

The reason I say that is because while you may not have it on your roadmap, some employee in your organisation has already installed AI agents and is running agentic AI in your enterprise within your infrastructure, as Shadow AI.

Why does this matter?

In under three months, OpenClaw accumulated over 200,000 GitHub stars, making it one of the fastest-growing open-source projects on record. 10s of thousands are running it locally on machines connected to your enterprise, with persistent memory across sessions, with access to your company data, integrated with your apps and tools, and operating with real system access. One developer in Austria. Four months. A tool now running inside thousands of enterprises whose security teams have no idea it is there. This isn't just a case of OpenClaw.

AI agents are everywhere. Rather it’d be more accurate to say:

PromptArmor researchers documented a specific attack pathway: send a malicious link to an OpenClaw agent through Telegram or Discord. When the agent responds and includes an attacker-controlled URL, the messaging app's link preview automatically renders it, transmitting the user's confidential data to the attacker's domain. No click required. The preview fires. The data leaves.

341 malicious skills were discovered in ClawHub, the official OpenClaw skill registry, primarily delivering malware designed to steal credentials and data from macOS systems. Gartner labeled OpenClaw "insecure by default." China banned it from government computers.

Just over the last 30 days, we have seen 3 major supply chain attacks: LiteLLM, Axios, and Vercel. Add to that, Mythos, the non-public version was hacked by unauthorised users, by breaching its vendor and guessing the URL.

That’s the state of “Hacking AI” in 2026. It’s not attacking the underlying models. It’s attacking everything around it. Or in this case, just “guessing” the URL of Mythos.

No sophisticated malware. No zero-day. No insider access.

I am an Indian-German, living in London. Over the last 10 years or so, I’ve shared this personal story that somehow so neatly ties to every evolution of technology we have seen thus far. Before it was the Internet, then it was the web, cloud, OT, IoT, IIoT and now it's agentic AI.

I’ve always loved driving. When I drove in Germany, I fell in love with it even more. My friends joke about this. If you know how to drive in India and if you know how to drive in Germany, you likely can drive anywhere, in any condition, well.

German highways are the only highways in the world where you have unlimited speed zones.

My top speed on a German highway has been 240 kph (ca. 150 mph). Now, that’s not normal on any other highway in the world. I love that I can go that fast legally. If you’ve ever driven that fast on the German highway, at that speed, you know 3 things are true for sure. 

But that's exactly what we are doing with agentic AI.

Driving without speed limit works on the German highway because 1) the car is engineered for it, 2) the brakes are built for it, and 3) the road infrastructure is designed with longer curves for high-speed turns.

Remove any one of those, and the speed that made the drive exhilarating becomes the thing that kills you.

In the real-world and in practical functions, LLMs work as probabilistic machines providing probabilistic outcomes.

Ask it to follow a “security” rule 10 times, it will comply 7 times. Maybe 8. Maybe 5. That's not a guardrail. That's a wish-list.

Even if you had brakes in your car, imagine one where the brakes only worked accurately 7 out of 10 times. Would you drive it? You wouldn't.

When I drive 240 kph (or 150 mph), on a German highway, I trust the engineering of the vehicle and the physical infrastructure of the road. I trust that when things are about to go out of control, I can use the brakes reliably and predictably, as long as I maintain the safe distance.

The car alone isn’t enough. The infrastructure within and around it matters. I wouldn’t go that speed in the U.K. where I now drive every day. Not just because it’s illegal. But also because the infrastructure around it doesn’t support it, reliably (even if it were legal).

German highways are built specifically with longer curves to allow drivers to turn safely at massive speeds. Add to that stringent and more rigorous licensing, and stricter traffic rules (tailgating is punished, lane discipline is strictly followed, etc).

That brings me to the maturity roadmap for agentic AI governance and security in enterprises.

Firstly, how do you even define resilience?

Most people define resilience as something that happens in the moment of crisis or adversity. I see it differently.

Scaling without the right governance, architecture and implementation is like running faster in the wrong direction without brakes.

It won’t get you to the right destination, no matter the speed.

I’ve worked with some of the biggest organisations across finance, healthcare and other critical infrastructure companies across EMEA. The one constant theme I see is:

My 5-step framework is all those learnings of years put together in this one roadmap that I recommend for every organisation that wants to go beyond just an AI pilot, safely, securely, and reliably, while building trusted AI.

What this roadmap is and what it isn’t:

February 2, 2025. The EU AI Act's prohibited practices provisions came into force across all 27 EU member states. Most enterprises still cannot answer three questions: Which of their AI systems fall under the prohibited category, which are high-risk, and who in the organisation is accountable for the answers or when things go wrong. Not because they had not thought about it. Because they had never built the structure to know.

That is what happens when you deploy AI without defining your strategy first.

I have seen this pattern dozens of times, in the boardrooms of critical infrastructure organisations, in CISO workshops with the Big 4, in AI governance reviews with financial institutions and enterprises. An AI deployment that started as a productivity pilot becomes an enterprise-wide rollout. The governance structure is still the productivity pilot's governance structure. Nobody updated it because nobody owned it. Nobody got the RoI they had hoped for.

In 2024, IBM's AI Adoption Index found that 42% of enterprises had deployed AI in production. The same report found that the number one barrier to broader deployment was not the technology. It was the absence of an AI strategy. Boards were approving AI investment. Use cases were multiplying. And the foundational question, what specific problem are we solving and why, was never asked.

Define the purpose. Identify the problem. Set measurable outcomes. Start with defined scope. Embed Responsible AI from day one. Build the governance structure before the pressure is on.

Grab my AI Strategy Template with real-world case study (free for Premium subscribers).

In 2025, the Cloud Security Alliance found that 34% of organisations with AI workloads had already experienced an AI-related breach or incident, and the majority had no monitoring capability capable of detecting it in real time. Not because they lacked ambition. Because they did not know what they had, or where they were exposed, before they deployed.

Built with real-world experience across building national AI strategy, implementing AI governance and helping organisations implement AI deployments securely, safely, and with the right governance in place, this quick assessment consists of 35 multiple-choice questions, takes under 10 minutes, and produces a tailored report with specific action steps for your readiness level. It is completely free.

Why do you need to assess your readiness across these pillars?

Most organisations racing into AI adoption fall into one of two positions.