AICIO PulseCybersecurity

Governing AI Agents at Scale: Identity, Scope, and Observability (with Glean and Cvent)

CXOTalk
CXOTalkMar 25, 2026

Why It Matters

Without dedicated governance and observability, AI agents expose enterprises to security, compliance, and operational risks that can outweigh their productivity gains.

Key Takeaways

  • Education on AI agents required from board to staff.
  • Traditional IAM controls fail for non‑deterministic AI agents.
  • Observability gaps hinder compliance with EU AI Act.
  • Glean’s AWARE framework maps intent, context, guardrails, risk, ecosystem.
  • Mandatory AI literacy training drives cultural shift and faster adoption.

Summary

The discussion centers on governing enterprise AI agents at scale, featuring Cvent’s CIO Pradeep Manakkara and CISO Ben Mayrides alongside Glean’s Work AI Institute. They highlight the rapid adoption of over 6,000 agents within Cvent’s SaaS platform and the urgent need for a structured governance model such as Glean’s AWARE framework.

Key challenges include a pervasive education gap from the boardroom down, the mismatch of traditional deterministic IAM architectures with the non‑deterministic nature of AI agents, and limited observability that hampers both security incident response and compliance with regulations like the EU AI Act. The AWARE framework addresses these by defining five pillars—intent, context, guardrails, risk scoring and blocking, and ecosystem observability—providing purpose‑built technical controls.

Notable moments include Ben’s remark that “agents are valuable for what they can do for us, but also to us,” the pilot that saved Cvent nine months of development time, the creation of an AI Council, and the rollout of mandatory AI‑literacy training attended even by the CEO. These examples illustrate how cultural shifts and concrete processes can turn AI potential into measurable ROI.

The implications are clear: enterprises must blend rapid innovation with disciplined risk assessment, embedding frameworks like AWARE into product development, finance, and security workflows. Doing so enables faster, compliant deployments while protecting against opaque agent behavior, ultimately safeguarding both the bottom line and regulatory standing.

Original Description

Pradeep Mannakkara (CIO) and Ben Mayrides (CISO) of Cvent explain how they govern AI agents at scale across their 5,500-person organization, which now has over 6,000 agents in production. In this fireside chat recorded at a Glean event in NYC, they walk through the AWARE framework developed by Glean's Work AI Institute with Databricks and Palo Alto Networks, and describe the practical tradeoffs of moving fast while managing risk.
The conversation covers agent identity, observability, cultural adoption, CIO/CISO dynamics, and what enterprise-grade AI governance looks like in practice.
You'll discover:
✅ Why traditional IAM and observability controls fail in agentic architectures where agents reason, delegate, and act autonomously
✅ How Cvent deliberately encouraged 6,000 agent creations to build AI fluency before layering in moderation and metrics
✅ The AWARE framework's five pillars: identity, context, guardrails, risk scoring, and ecosystem observability
✅ Why "risk is too high" is never the final answer, only "risk is too high for now"
✅ How Cvent filters AI demand through ROI gates before projects reach security review
✅ Why replacing gut-feel security objections with shared criteria moves the CISO from gatekeeper to business partner
✅ The sandbox-first approach that separates experimentation from production deployment
✅ Why SOC 2 control criteria for AI agents are likely within 18 to 24 months
⏱️ TIMESTAMPS
0:00 Introduction and the AWARE framework
0:34 Core challenges of agent governance
2:43 What agents do for us and to us
4:36 Applying the AWARE framework in practice
7:09 Choosing platforms with built-in controls
9:25 Making governance a cultural shift
11:51 Earning trust through deliberate risk decisions
13:49 Replacing gut reactions with shared criteria
15:20 Managing the CIO/CISO tension
18:54 Shared language for hard tradeoffs
22:01 Go/no-go decisions are never one and done
24:48 Advice for putting AWARE into practice
26:38 Scaling to 6,000 agents
🔔 Subscribe to CXOTalk and hit the bell for new episodes every week.
📩 Get the CXOTalk newsletter: https://newsletter.cxotalk.com
🎙️ ABOUT CXOTALK
CXOTalk features unfiltered conversations with C-suite executives from major companies about AI, digital transformation, and business strategy. Hosted by Michael Krigsman.
Episode 913 | Recorded March 10, 2026
#CXOTalk #AIGovernance #AIAgents #CISO #CIO #EnterpriseAI #AgenticAI #AWAREFramework #AICompliance #CyberSecurity

Comments

Want to join the conversation?

Loading comments...