AI agent – CIO.works

From Capabilities to Responsibilities

By CIO / Blog / AI, AI agent, risk management

The article “From Capabilities to Responsibilities” by Artur Huk argues that in high-stakes AI agent systems—those that can affect finance, healthcare, or critical infrastructure—designing agents around explicit responsibilities rather than just capabilities is essential for governance and safety. It proposes a Responsibility-Oriented Agent (ROA) architecture where strict, code-enforced contracts define what an AI agent is authorized to do, separating intent generation from execution and enabling scalable, deterministic validation that escalates only true exceptions to humans, thus avoiding operational bottlenecks inherent in human-in-the-loop models.

https://www.oreilly.com/radar/from-capabilities-to-responsibilities/

Companies Have a New AI Problem: Too Many Agents

By CIO / Blog / AI, AI agent, strategy

As AI agent adoption grows rapidly in businesses, companies like Lyft, DaVita, and GitLab are facing challenges with “AI agent sprawl,” where too many independently created AI bots complicate cybersecurity, management, and costs. While AI agents improve productivity by automating tasks, firms are now implementing governance and centralized controls to manage proliferation and ensure financial and operational responsibility.

https://www.wsj.com/cio-journal/companies-have-a-new-ai-problem-too-many-agents-9539c4d6

CISO Advisory: How To Use Agentic AI In Security

By CIO / Blog / AI, AI agent, security controls

Agentic AI holds significant promise for enhancing cybersecurity by reducing alert fatigue and accelerating vulnerability detection, making it a key investment focus for CISOs despite cautious deployment due to security, compliance, and operational risks. Experts recommend a gradual, well-governed adoption strategy that starts with assistive tasks like alert triage and investigation support, ensuring strong human oversight, risk management, and alignment with regulatory requirements to leverage AI’s benefits safely and effectively.

https://insight.scmagazineuk.com/ciso-advisory-how-to-use-agentic-ai-in-security

Autonomous AI Agents and the GDPR: First Detailed Spanish Regulatory Guidance Sets the Bar

By CIO / Blog / AI, AI agent, compliance, GDPR, privacy, regulation

The Spanish Data Protection Agency (AEPD) has published the first detailed regulatory guidance on autonomous AI agents under the GDPR, addressing challenges posed by AI systems that independently plan, reason, and execute tasks with limited human oversight. This guidance highlights critical compliance issues, including defining controller and processor roles, transparency obligations, data minimization, automated decision-making risks, and the need for thorough risk assessments, setting a precedent that extends beyond Spain and is relevant for all organizations deploying agentic AI in personal data processing.

https://technologyquotient.freshfields.com/post/102mmys/autonomous-ai-agents-and-the-gdpr-first-detailed-spanish-regulatory-guidance-set

Kill Switches Don’t Work If the Agent Writes the Policy: The Berkeley Agentic AI Profile Through the AILCCP Lens

By CIO / Blog / AI, AI agent, cybersecurity, risk management

Berkeley's AI Risk-Management Standards Profile extends NIST's framework for AI agents, identifying risks like oversight failures and misinformation but lacks effective controls. It assumes agentic AI can follow traditional model-centric oversight, which misrepresents complex multi-agent behaviors. Proposed solutions, like human oversight checkpoints and kill switches, fail to address how agents operate seamlessly without discrete steps or how emergency shutdown mechanisms can be undermined. The AILCCP framework offers a more structured approach, emphasizing proactive controls and containment strategies that adapt to the dynamic nature of agent interactions.

https://law.stanford.edu/2026/03/07/kill-switches-dont-work-if-the-agent-writes-the-policy-the-berkeley-agentic-ai-profile-through-the-ailccp-lens/

Agentic Payments Are Coming. Is Your Company Ready?

By CIO / Blog / AI, AI agent, payments, risk management

Agentic payments are emerging, introducing risks for brands and merchants as AI platforms like ChatGPT take on purchase tasks. Major retailers and payment platforms are incorporating AI-driven shopping, raising concerns about customer experience, brand integrity, and security. As AI traffic surges, merchants must adapt to a future where AI agents execute transactions, which may lead to disintermediation and commoditization, affecting e-commerce dynamics. The industry faces challenges in ensuring payment security, distinguishing legitimate AI transactions from fraud, and maintaining customer support post-purchase. Overall, trust in AI agents and their integration into existing shopping frameworks is paramount for successful adoption.

https://www.cio.com/article/4137893/agentic-payments-are-coming-is-your-company-ready.html

Defining a CIO Playbook on Agentic AI

By CIO / Blog / AI, AI agent, automation, leadership

The article outlines a CIO playbook for adopting agentic AI, framing it as a shift from traditional systems to intelligent agents capable of performing complex tasks and driving outcomes. It describes an eight-stage structured roadmap guiding CIOs from vision and outcome-centric use cases to building an enterprise agent layer, applying governance, and evolving operating models. It emphasizes aligning architecture, talent, and performance metrics with business value and human-AI collaboration to scale agentic capabilities.

https://www.ey.com/en_us/ey-center-for-executive-leadership/defining-a-cio-playbook-on-agentic-ai

HAL Reliability Evaluation

By CIO / Blog / AI, AI agent

AI Agent Reliability Tracker: Evaluates 14 AI agents on 2 benchmarks, finding slight reliability improvements despite accuracy growth. Key issues include inconsistent performance, low resource consistency, and variability across models. Recommendations for enhanced evaluation include multi-run testing, targeted optimization for reliability, and differentiated standards based on use case.

https://hal.cs.princeton.edu/reliability/

Measuring AI Agent Autonomy in Practice Anthropic

By CIO / Blog / AI, AI agent, coding, research, trends

TLDR: This research examines AI agent autonomy, focusing on Claude Code's interactions and user behavior. It finds that Claude is increasingly autonomous, working longer without interruptions and auto-approving more frequently as users gain experience. However, experienced users also interrupt more, indicating active oversight. Most agent tasks are low-risk, mainly in software engineering, with limited high-risk applications. Recommendations include enhancing post-deployment monitoring, training AI to recognize uncertainty, and designing for effective user oversight. Overall, autonomy levels are rising amid evolving agent applications.

https://www.anthropic.com/research/measuring-agent-autonomy

Detecting and Mitigating Common Agent Misconfigurations

By CIO / Blog / AI, AI agent, cybersecurity, security controls

The article emphasizes the need to detect and mitigate common agent misconfigurations to enhance security. Agents are increasingly integrated into business workflows, but misconfigurations pose risks, including unauthorized access, data leaks, and unmonitored legacy systems. Key mitigation strategies involve using Copilot Studio for authentication, implementing data policies, conducting regular audits on dormant connections, and restricting actions based on user roles. Overall, effective management and monitoring of agents are crucial for maintaining a secure operational environment.

https://www.microsoft.com/en-us/security/blog/2026/02/12/copilot-studio-agent-security-top-10-risks-detect-prevent/