AI agent risk for boards. A 90 day oversight plan.
AI agent risk oversight for boards with a 90 day plan aligned to NIST AI RMF and EU AI Act
AI agent risk is now a board problem. You don’t get to punt this. Hundreds of large companies already call out AI in risk disclosures. Last year the count jumped from 49 companies to 281. That should get your attention. If you are a director or an executive, the clock is already running. The question is simple. Do you have a real oversight plan or a slide? This piece gives you the plan. It is concrete. It is built on evidence in my notes. It fits the next quarter and the year that follows.
I wrote this blog for the boardroom. Audit and Risk chairs. CEOs and CFOs who sign filings. General Counsel who lives with the fallout. CISOs and CIOs who carry the pager. We are going to cut through the noise and get your next 90 days in order. We will define ownership. We will set boundaries. We will chosse metrics that effectively identify and surface risk. Then we will put the right controls in place so your teams do not fight the agent more than they use it. If you want ceremony, skip this. If you want results, keep reading.
Table 1: Fortune 500 AI risk disclosures by year
Why boards must own this risk now
AI agents act. They plan. They call tools. They touch data. That makes them different from chat in a browser. The failure modes look like cyber, legal, and ethics rolled into one. Enforcement isn’t idle as regulators have latched on to AI claims and disclosures. Courts already hold boards to an oversight duty for mission-critical risk. That is the backdrop. The jump to 281 companies adding AI as a risk in filings indicates where this trend is headed. Your peers are putting AI on the risk register. Some because they learned the hard way. Others because they read the room.
This is also about speed. AI systems evolve rapidly, and your oversight cadence must keep pace. If you wait for an annual review, you will miss a change that adds a dangerous tool to an agent. Or a model update that shifts behavior. Or a new state law with a fresh duty. The board does not need wiring diagrams. You need a clear strategy and a feed of the right signals. You also need escalation triggers. If one of those signals hits a threshold, management briefings move from quarterly to now. No drama. It’s just the new rules of the road.
The AI agent risk landscape you can’t ignore
Let’s talk risk categories.
Data leakage and privacy exposure.
Prompt injection that flips an agent.
Unsafe actions via tools.
Identity and credential misuse.
Autonomy drift and goal misalignment.
Supply chain tampering through models or plugins.
Shadow AI that lives outside governance.
IP exposure.
Biased or unfair outcomes.
Regulatory non-compliance.
A few stand out. Prompt injection is cheap for attackers and common in the wild. Once an agent can browse, read content, or call a tool, a malicious instruction in a page or data field can push it off course. If the agent holds broad permissions, the blast radius grows. Identity is next. Shared tokens in prompts. Long-lived keys. Weak scoping. Those choices turn one mistake into a breach. Then there is tool misuse. Code exec in the wrong place. File deletion in a production path. A payment API without a second check. You get the picture. The map of risk touches tech and process. That is why board oversight must tie to both.
Figure 1: Title: AI Agent Risks and Likelihoods
Where the system fails along the pipeline
Failures stack up across the pipeline. Design flaws start the chain. Vague goals. No constraints. No human approval for irreversible actions.
Next comes data. Biased training sets. Poisoned inputs from the outside world. Then the model. Susceptible prompts. Hidden backdoors.
After that come tools and connectors. Too many. Too powerful. No isolation. No egress control.
Identity controls often lag. Shared API keys. No per-user auth. Weak rotation.
Then the human layer. No clear ownership. No change control. No kill switch.
Finally, the supply chain. Third-party models or plugins are pulled without real vetting. Each gap alone is survivable. Together they compound.
You do not need perfect systems. You need layered friction at the right points. You need a clean inventory of agents. A register of tools and the exact permissions for each. A rule that any new capability comes with a review. You also need logs that tell a story.
What the agent saw.
What it attempted.
What was blocked.
Who approved the final action.
This is how you keep one missed step from turning into a reportable incident and a very long week.
Controls that actually cut AI agent risk
Good controls are boring. They save you money and sleep. Start with access. Provide agents with unique credentials that have the least necessary access. Scope tokens. Make them expire. Require human approval before any high-impact move. Allow only the tools you trust, and use them only for the tasks that require them. No general code exec unless the use case demands it. Put agents in sandboxes. Control egress. Use content filters on inputs and outputs that catch sensitive data and unsafe instructions. Capture every action in immutable logs.
Then test like an attacker. Red team the agent. Try prompt injection. Try poisoned content. Try to trick the change process. Make it a habit. When the model or plugins update, retest before rollout. Keep a rollback plan. Add a real kill switch that stops the agent mid-run. Do not hide it behind a five-click menu. Train the people who use and watch the agent. If they cannot spot a sketchy prompt, you will be back here soon. None of this is exotic. It is discipline.
Governance that will stand up in the boardroom and in court
The board sets tone and boundaries. Management executes. That line matters. The board should approve an AI strategy and a risk appetite. Which processes can include an agent? Which cannot? Where and when is human approval needed? What error rates are tolerable? The board should confirm the right structure. Most companies route AI oversight to Audit or Risk. Some add a Technology or Ethics committee. What matters is clear ownership and a cadence of reporting that gives you forward sight.
Laws are maturing. Europe has the AI Act, which imposes obligations on high-risk systems. That brings risk management systems, human oversight, and quality management. Fines can reach 6% of global turnover for serious violations. In the United States, the Colorado AI Act puts duties on developers and deployers. That includes impact assessments by 2026 and due care to prevent algorithmic discrimination. Securities rules do not carve out AI. If an AI agent leads to a material cyber event, you will have to move fast on disclosure. None of that should scare you. It should focus you. The right governance makes this manageable.
Metrics the board should see every quarter
You can’t govern what you can’t measure. Track prompt injection attempts detected or blocked. Track blocked or overridden agent actions. Track tool usage anomalies. Track data exposure incidents. Track red team success rates on AI targets. That last one should go down over time. Each metric needs a threshold for board escalation. Choose numbers that force a conversation before an incident, not after one.
I also want KPIs for risk management. Time to patch agent vulnerabilities. Coverage of testing before release. Rollback success rate when you have to pull a change. Define a quarterly cadence for reporting. Escalate immediately when a metric crosses its line. Tie these metrics to the enterprise risk dashboard. If you already run ERM with discipline, this plugs in. If you do not, this is your chance to raise the bar.
Figure 3: Board oversight KRIs for AI agents
A 90-day plan that locks in momentum
You can make real progress in a quarter. Here is the plan I use with clients.
Month one. Build the inventory. Find every AI agent in production, pilot, or skunkworks. Include third-party services and rate each according to its risk. Confirm the oversight structure and committee. Name the management owner. Draft the AI use policy with risk appetite and human approval rules. Get it to the board for review. Set your initial metrics and define escalation thresholds.
Month two. Implement priority controls, such as unique credentials and least privilege for agents. Define tool allow lists by use case. Content filtering. Logging and anomaly detection. Put a kill switch in place. Train the users and operators. Close any shadow AI you find or bring it into the program. Set up a red team plan for your most critical agents. Book the date. Prepare to test prompt injection, data exfil, and unsafe tool use.
Month three. Run the first AI red team, and fix what you find. Complete your policy approval and present the board report with baseline metrics. Confirm a change management rule for model and plugin updates. Define rollback. Review contracts with external AI providers. Ensure that security, data protection, and uptime are adequately covered. If you operate in Europe or Colorado, please confirm your plans to meet the upcoming dates. Keep the board informed with supporting data
Figure 4: 90-day action plan with owners and timelines
Board oversight in practice
Here is what this looks like in a real meeting. The CIO and CISO present the updated agent inventory. It shows eight agents. Two in finance. One in operations. Five in customer support. Each has a purpose, data access, tools, and risk rating. The CISO shows a chart with prompt injection attempts by week. A spike last month triggered an internal review and a change to input filters. The CTO walks through a plugin update that passed testing and rollout. The GC confirms progress on the assessment plan for Colorado and the control plan for Europe. The Audit Chair asks one question. What would trigger the use of a kill switch for the finance agent? The team answers without pause. That is what good oversight feels like.
If you feel behind, do not bury that. Use it. Commit to the plan. Set the dates. Ask for the right budget. Show progress in 30 days. Then in 60. Then in 90. Boards reward clarity and pace. Your teams will too. No one wants to learn governance in a crisis.
Key takeaway
AI agent risk becomes manageable when the board sets a clear risk appetite, demands real metrics, and insists on least privilege, human approval for high-impact actions, and regular red team tests. Do the work now, and you avoid surprise later.
Call to action
👉 Book a complimentary risk review. If you want a second set of eyes on your first 90 days, I am happy to help. For more of my writing, see RockCyber Musings and our website site at RockCyber
👉 Subscribe for more AI security and governance insights with the occasional rant.