Much of the conversation in the AI and agentic workflow rollout space is focused on quick enablement and adoption. The principles used for analysis here are fundamentally flawed when applied to regulated industries, government, and high risk spaces.

So today I want to start a series focusing on secure AI rollouts. The goal of this series is to provide you the reader with the necessary information to make the appropriate decisions whether you come from a technical background or not.

A caveat I will state as I start the series, I come from a technical background and much of the content will explore technical themes. I will try to relay the information so that anyone in the space can apply it in their decision making.

Topics

These topics come from conversations with CIOs, clients, friends and a common theme emerged: these are people who tend to have great long term insight but the AI cycle had caught them off guard and concerned.

Some of the topics I’ve wanted to explore in this series include:

• AI Operating models and architecture risks

• Building guardrails in your agentic rollouts

• Managing software supply chain risks in the agentic era

• Re-evaluating cloud architecture for disruptive tech

• Secure edge agents and managing orchestration

• AI Alignment with ESG reporting requirements

• Evaluating AI architecture based on workload risk

The goal of this series is to focus on the alignment between security and engineering needs beyond the traditional GRC focus from cyber experts.

I thought about writing one long piece that would cover all these topics but that could become a book so I decided to do it piecemeal.

Preface to the series

Before diving into the series I think it’s important that we establish a baseline of understanding. Below are some facts from my world view.

1. We’re no where near AGI. The current transformer architecture LLMs are based on aren’t capable of AGI. Agentic workflows are still very useful, but we need to understand their limitations.

2. Nobody knows everything about AI agentic workflows. It’s bleeding edge tech, we all are learning around the same time. Granted there are experts in respective fields, obviously PhDs focusing in this field. From a career of guiding rollouts of emerging tech, it never goes to plan. The point being if I write an article where you may have different insights than those that I considered, let me know - it’s best we all learn together.