The global AI boom is accelerating faster than corporate governance can keep up. As large language models (LLMs) and autonomous agents become embedded in everyday business tools, they’re not just transforming workflows — they’re quietly creating a new class of unmanaged risks. Experts say the next phase of enterprise AI adoption demands not just innovation, but institutional discipline, led by dedicated AI Security Centers of Excellence (CoEs).
AI’s shadow IT problem
At 10 a.m. somewhere in a corporate cloud, an AI agent could be sending an executive’s data to an external service — or granting itself new permissions. Few people would know.
A recent Okta survey revealed that while 91% of companies already use AI agents for coding, forecasting, or process automation, only 10% have well-developed strategies to
manage their “non-human identities.” These agents operate autonomously, often connecting applications through protocols like Anthropic’s Model Context Protocol (MCP) and Google’s Agent2Agent (A2A) — both designed for cross-app collaboration but
neither capable of active supervision.
[Editor's Note: This is part SC Media's partnership to unpack OWASP's Top 10 for LLM Applications.] Without governance, this creates a digital ecosystem akin to early shadow IT — systems built outside official oversight, vulnerable to exploitation. In one recent example, a customer-service bot from an AI coding platform hallucinated a company policy and
locked users out of their accounts. It’s a symptom of what Okta calls “AI agents running wild,” with enterprises racing ahead without guardrails or clear ownership.
Compliance gone awry
Even sectors built on control and compliance aren’t immune. A Fortune 500 firm integrating AI into its governance, risk, and compliance (GRC) platform recently discovered its “intelligent compliance assistant” had been exporting sensitive audit data to
an external LLM for six months. The oversight triggered a failed SOC 2 audit and a costly remediation effort.
This scenario illustrates a paradox: AI is being used to enforce compliance, yet it often undermines the very frameworks it’s supposed to strengthen. “Traditional GRC models are static,” noted Strike Graph CEO Justin Beals. “They weren’t designed for systems that evolve their behavior in real time.”
To avoid these pitfalls, experts recommend “Secure-by-Design” AI architecture — self-hosted, auditable, and isolated from external training systems. Such setups align with OWASP’s CoE framework, which emphasizes zero-trust principles, cross-departmental governance, and continuous monitoring as the
cornerstones of AI security.
Building AI security from the ground up
The OWASP AI Cybersecurity Center of Excellence Guide (2024) outlines how organizations can shift from reactive to proactive AI governance. It recommends creating multidisciplinary CoEs that unite cybersecurity, data science, risk management, legal, and compliance teams. Their shared mission: to embed security into every phase of AI deployment — from development and testing to operational use.
These centers should adopt “shift-left” practices, moving risk analysis earlier in the AI lifecycle, and establish metrics for ethical use, stakeholder transparency, and incident response. OWASP advises organizations to regularly audit AI systems, maintain ethical standards, and engage external experts to fill skill gaps.
As the guide warns: “creating a CoE is not just about structure — it’s about continuous learning and adaptability.”
Five strategies for safer AI integration
In practice, AI CoEs should operationalize risk mitigation using techniques now emerging from the cybersecurity field.
Gutsy’s Aqsa Taylor proposes five strategies that align closely with OWASP’s framework:
- Adversarial testing — simulate malicious prompts before deployment.
- Explainability — build tools that make AI decisions auditable.
- Continuous monitoring — detect anomalous outputs in real time.
- Human-in-the-loop oversight — require human approval for high-impact actions.
- Sandboxing — test in isolated environments before scaling.
These methods help counter the unpredictability — or “non-determinism” — of LLMs that makes them both powerful and dangerous. AI systems can hallucinate, misclassify, or even act on embedded malicious prompts, much like SQL-injection attacks on legacy databases.
From chaos to governance
The answer, experts agree, lies in robust identity-based control. Okta’s new
Cross App Access extension for OAuth allows organizations to centrally authorize and monitor AI agents, tracking exactly which data they touch and when. Combined with OWASP’s CoE blueprint, this model promises to restore human oversight and accountability.
The AI revolution, like the dot-com boom before it, carries both transformative potential and catastrophic risk. Establishing Centers of Excellence won’t just keep organizations compliant — it will keep them in control. As the OWASP guide concludes, “Starting now is key to avoiding the next generation of security crises and ensuring AI technologies contribute positively to business growth and innovation."
This article is part of SC Media’s editorial series on the OWASP Top 10 for LLM Applications 2025. Produced in partnership with the OWASP Generative AI Security Project, the series highlights actionable steps for secure, transparent GenAI application development.
