Post-Mythos, the window for human response is gone. AI agents can exploit vulnerabilities at machine speed, faster than traditional, reactive security teams can respond to. Agents are being integrated into business tools, deployed by different teams, and connected to systems that were not designed for autonomous decision-making. AI security guidance does exist, but whether that guidance is realistic enough for security teams to apply to safeguard their AI systems and agents is another question.
New research from Rubrik Zero Labs found that 80 percent of IT and security leaders in APAC say AI security advice is too theoretical to be useful. While the market is not short on frameworks, principles, or governance models, much of such guidance assumes organizations are operating in controlled, well-mapped environments, when in reality most are not.
In fact, 81 percent of APAC respondents believe AI agents will outpace current security guardrails within the next 12 months. Organizations are being asked to secure systems they cannot fully see. It is akin to protecting a building without knowing how many rooms it has or who has access.
The demand is pressing: AI security guidance needs to evolve. Leaders cannot wait for a perfect, final framework. They need practical guidance that reflects how AI is being deployed today: quickly, unevenly, and often beyond the direct line of sight of security teams.
AI security advice assumes organizations have observability
Most AI security advice tells organizations to govern AI use and reduce risk. However, much of the advice starts with an assumption that does not always hold true: that organizations know where their AI systems are and what they are doing. Rubrik Zero Labs found that 70 percent of APAC respondents do not have full oversight of AI agents. Organizations are trying to secure environments where AI systems are not fully understood, an operational gap that current guidance often misses.
AI tools are no longer deployed only through approved enterprise channels. AI is deployed everywhere. Over time, organizations can end up with fragmented AI environments that security teams only partially understand.
Guidance built for a fully mapped environment becomes difficult to apply when the environment is still changing. Security leaders understand the importance of AI governance, but many are being asked to operationalize guidance faster than they can establish basic oversight.
Realistic AI security guidance starts with observability
Useful AI security guidance must start with what organizations can see. Before organizations can govern AI well, they need visibility of all AI systems across the organization, which include enterprise tools, employee-built agents, and vendor systems.
The next step is traceability. Security leaders should be able to answer five basic questions about any meaningful agentic action.
- What did the agent do?
- Why did it do it?
- What did it touch?
- Did it complete the action safely?
- Where did it fail?
Without this level of traceability, AI security becomes reactive. Teams are left trying to piece together what happened after the fact, often with incomplete information.
With observability, security guidance becomes more adaptive. Teams can refine controls faster, investigate incidents with more confidence, and make better decisions before, during, and after something goes wrong. Realistic AI security advice should not look like a static checklist that assumes perfect control. It should help organizations understand and respond to AI systems as they change.
Recovery-first security without guesswork
Prevention still matters. Yet in the age of AI, prevention is no longer enough. AI-driven threats can be tricky to detect, and with agentic systems becoming more connected to operations, organizations must assume that failures will happen. These failures may come from malicious activity, security incidents, or an agent mistake, which makes recovery a core part of securing systems and agents. In the AI era, every company needs to address the security question of our time: How fast can you take care of your crisis and resume business as usual?
So, although recovery-first thinking begins with observability, it doesn’t end there. The goal is runtime governance. Effective guidance should help teams monitor actions in real-time and automatically cut off agents the moment they cross a policy guardrail. Organizations that want to thrive in this new environment require intent-driven governance to safely scale the enterprise AI workforce while maintaining total control over agent behavior. Without these things, recovery becomes guesswork as teams lose time trying to make sense of an attack or agent mishap. The organizations that succeed will not be those with the most comprehensive AI frameworks, but the ones that can act swiftly and decisively on those frameworks when it matters.
Ananth Nag is General Manager and Vice President, Asia Pacific, Rubrik, leading business operations across India, ASEAN, and ANZ. With nearly two decades of experience, he is a customer-focused sales leader known for accelerating growth and building high-impact teams.
Previously, Ananth led the growth and transformation at Zscaler of their India team, delivering exceptional customer outcomes. He played a key role in leading digital transformation initiatives for several marquee customers—including the 5th largest bank globally—by aligning technology strategies with measurable business results.
Ananth began his career as a developer, giving him a unique blend of technical insight and commercial acumen. He has held leadership roles at Udacity, ServiceNow, BMC Software, and more. His strength lies in developing scalable sales playbooks and enabling GTM teams to consistently deliver value at every stage of the customer journey.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Featured image: Chris Yang on Unsplash