The Boardroom Question Nobody Is Asking About AI

Most board conversations about AI go in one of two directions.

The first is an opportunity conversation. How do we move faster, adopt more, get ahead of competitors who are already deploying it?

The second is the risk conversation. What are the liability implications, what does the regulator think, should we have a policy?

Both conversations are legitimate. But there is a third conversation that many boards have not had yet, and it is arguably the most important one.

That conversation is especially important if your organization has deployed any kind of AI agent in the last eighteen months, and most organizations have. If you’re one of those, there is a very good chance that system is taking actions, accessing data, and making decisions without a human reviewing each step. After all, that is the whole point of an agentic AI system, and why you deployed it.

And if that’s the case, then here’s the most important question for a board:

What happens when AI starts making decisions on its own,inside your organization, and nobody is governing it?

Just to be clear, the problem is not the AI agent. The problem is that most organizations built the deployment before they built the governance; and governance is nowhere close to catching up.

The U.S. Secret Service Wants Your Board to Pay Attention

The 2026 Verizon Data Breach Investigations Report (DBIR) runs over 100 pages of breach data, trend analysis, and industry breakdowns. This annual report is one of the most prestigious and cited reports in the industry.

In this year’s report published in May 2026, tucked into the appendix, is a contribution from the United States Secret Service that deserves far more attention than appendix placement suggests.

Written by active investigators who work cybercrime cases for a living, it describes a shift they are watching happen in real time:

"Agentic AI — autonomous AI capable of independent action — is redefining cybercrime by creating adversaries that can operate without human limits. Traditionally, cyber criminals relied on human effort and technical skill to execute attacks. Now, Agentic AI systems can automate every stage of cybercrime: reconnaissance, phishing, data theft, and even laundering stolen and illicit assets."

Read that last part again. Every stage. Not just one part of the attack. The whole thing, start to finish, automated.

And then they write:

"Autonomous adversaries are pushing cybercrime into a new era, one where attacks are limited only by the imagination of the algorithms behind them."

This is not a think tank paper or a vendor white paper. This is the United States Secret Service, and they don’t write things like that for dramatic effect. They write it because they are seeing it. They say that agentic AI has already changed the threat landscape in a fundamental way.

That alone deserves a spot on a board agenda.

What Agentic AI Actually Means

Many people hear "agentic AI" and picture something futuristic. It is not futuristic. It is already in your organization, probably in several places. Since the term gets thrown around a lot, it is worth being precise about what it means and why it is different from AI tools that many people are already familiar with.

When an employee uses ChatGPT to rewrite an email or summarize a document, that is AI as a tool. The human decides to use it, inputs something, reads the output, and decides what to do with it. The human is in the loop at every step.

Agentic AI is different. An AI agent is given a goal and then acts on its own to achieve it. It browses the internet, reads files, calls APIs, writes and executes code, sends requests to other systems, places orders, and makes decisions along the way without a human approving each step. It operates more like a junior employee who has been told to get something done than like a calculator waiting to be used.

Organizations are already deploying these systems. Customer service bots that resolve tickets without escalating to a human. Coding assistants that write, test, and commit code. Research agents that gather information across dozens of sources and produce a finished analysis. Procurement systems that monitor inventory and automatically trigger purchase orders. And more.

All of these are agentic AI. All of them are already running inside organizations. The productivity case for all of these is real. But for most of them, if not all, the question of who is actually responsible for what they do has not been fully answered. In other words, the governance case for them is largely unbuilt.

VoidLink: Six Days to a Working Malware Framework

If the Secret Service quote is the strategic warning, the VoidLink story is the practical proof.

In November 2025, researchers documented the discovery of VoidLink, a malware framework that was written entirely by an AI agent in six days. Not assisted by AI. Written by an AI agent, making its own decisions about architecture, functionality, and implementation, from start to finish.

All that in six days. Less than a week.

The DBIR also describes LameHug, an experiment by the APT28 threat group using a large language model to generate polymorphic malware on demand. Code that changes its own signature each time it runs, so that traditional detection tools that look for known patterns cannot find it.

These are not theoretical scenarios. They happened in 2025, and the DBIR has them on the record.

Think about what this means for security teams. When it took a skilled attacker months to build sophisticated malware, defenders had time. Patches could be deployed, threat intelligence could be gathered, teams could respond. When an AI agent can produce the same result in six days and then run new variations continuously without breaks, without fatigue, without needing to be paid, without having to stop for eating or take bathroom breaks, the math changes in a fundamental way.

The DBIR makes another observation worth noting. The more advanced attackers are now chaining together multiple stages of an attack and letting the AI agent make its own decisions about targets and techniques as it goes. Not just automating individual steps. Automating the decision-making between steps.

The Risk You Are Building From the Inside

Here is where a lot of board conversations stop short.

They hear about AI-powered attackers, and they frame it as an external threat problem. Something for the security team to handle. Stronger defenses, better detection, updated incident response plans.

That framing misses half the picture.

Organizations are not just facing agentic AI from attackers. They are deploying agentic AI themselves. The agentic AI systems your organization is deploying internally carry their own governance risks, and right now those risks are not being managed well in most organizations. Or managed at all, for that matter. Not because people are negligent. Because the tooling and the frameworks to manage those internal systems largely do not exist yet.

Think about some basic questions that come with an AI agent operating inside your business. What data can it access, and what is it explicitly blocked from accessing? What actions can it take without human approval, and where does the escalation threshold sit? What happens when it makes a mistake, and how do you even know it made one? If it connects to external services, what data is flowing out? If it sends data somewhere unexpected, would any system catch that? If something goes wrong and a regulator asks what your AI agent was doing and why, can you produce a coherent answer?

For most organizations deploying agentic systems today, the honest answer to most of those questions is: we are not sure.

That is not governance. That is hope.

Regulators Are Starting to Notice the Gap

The EU AI Act places real obligations on organizations deploying AI systems classified as high risk. Those obligations include human oversight requirements, documentation of how the system makes decisions, and the ability to demonstrate control over what the system does. An AI agent making consequential decisions without a documented control framework is not just a security risk. It is also a compliance risk.

And there is a layer beyond compliance. The liability layer. If an AI agent your organization deployed takes an action that harms a customer, a business partner, or a third party, the accountability lands on your organization. The fact that an algorithm made the decision rather than a human does not shift that accountability somewhere else. Moreover, "we did not know what it was doing" is not a defense that boards, regulators, or courts are likely to find convincing. Organizations that cannot demonstrate they had proper oversight in place are going to have a very difficult time in those conversations with courts and regulators.

This is not a hypothetical future risk. The regulatory frameworks are live. The legal precedents are starting to form. Boards that are not asking these questions now will be answering harder questions later.

Three Things Worth Putting on the Next Board Agenda

None of this means organizations should slow down their AI adoption. The competitive pressure is real, the productivity gains are real, and the organizations that govern AI well will be better positioned than the ones that avoid it.

But governance has to be part of the conversation from the beginning, not something bolted on after the fact.

There are three questions that boards must ask at the next board meeting. It’s not a comprehensive list, just the three questions that matter most right now.

First, do we have a complete inventory of every AI agent running in the organization, including ones deployed by individual teams without central IT or security involvement? If the answer is "no", that is the starting point. You cannot govern what you do not know exists.

Second, for the AI agents you do know about, is there documented clarity on what each one is permitted to do, what it cannot do, what data it can (and cannot) access, and what actions it can take without human sign-off? What the escalation path looks like when something falls outside those boundaries? If one of those agents behaved in an unexpected way last week, would we know? Informal understanding is not sufficient when something goes wrong.

Third, on the external threat side: does our security program account for the possibility that an attack against us might be conducted by an automated system that does not keep business hours, does not need breaks, and can run hundreds of variations of the same attack simultaneously? Are our detection and response capabilities built for that?

The Secret Service is already adapting to answer that last question. They said as much in the DBIR. The question for every board is whether the organization they govern is adapting at the same pace.

Most are not. Yet.

The Honest Reality

Agentic AI is not a future risk. It is a current one, on both sides of the security equation.

Organizations that get ahead of it will be the ones that treated it as a governance problem before it became a crisis. That means knowing what AI agents are doing inside the business, building the controls to manage them, and having the documentation to demonstrate oversight when someone asks.

Boards do not need to understand the technical details of how AI agents work. But they do need to ask the right questions. And right now, in most organizations, those questions are not being asked at all, or often enough.

--------------------

Data and quotes in this post are drawn from the 2026 Verizon Data Breach Investigations Report. The U.S. Secret Service contribution on agentic AI appears in Appendix B, page 113. The VoidLink and LameHug references are from page 109. The DBIR's analysis of AI-assisted attack chaining is from page 28.