Marcus Vale: Ben, quick one — if I asked you right now to name every AI tool running in your production environment, what's your honest answer?
Ben Okonkwo: Hm. I mean — honestly, probably not all of them. And that's what makes this uncomfortable.
Marcus Vale: Because Retool and Wynter just published the State of AI Governance in 2026 report — 307 U.S.-based CTOs, CIOs, and CISOs surveyed — and 95% of them give the same answer you just gave. They cannot confirm complete visibility into what AI tools are running in production. These are the people with security in their title.
Ben Okonkwo: Wait — 95% of CTOs, CIOs, and CISOs.
Marcus Vale: 307 of them. And only 8% say they have strong governance — centralized controls, actual oversight. Eight.
Ben Okonkwo: Now the number I flagged immediately — and I think this reframes the whole story — is 59%. More than half of those leaders cannot confirm whether they've experienced an AI-caused production incident. And only 19% can rule it out, because only 19% have monitoring in place that would let them answer. So what we're really sitting with today is: these aren't aspirational gaps. These are operational confessions from the people responsible for keeping production safe.
Marcus Vale: And 90% of those same leaders say business pressure to deploy AI tools has increased in the last year. So the exposure is growing, the visibility isn't, and — basically — nobody's measuring what breaks.
Ben Okonkwo: Which means we don't actually know the harm rate. That's the part that should alarm people — not that incidents are happening, but that they could be happening and the measurement infrastructure to detect them simply isn't there.
Marcus Vale: But here's what I want to push on — because 'we don't know the harm rate' sounds like a governance problem, and I think that's actually the wrong frame. Isn't this just a tooling gap? Someone ships observability for agents, market solves it in 18 months, done.
Ben Okonkwo: Right, but — okay, that assumes the tooling gap and the attribution gap are the same problem. They're not.
Marcus Vale: Walk me through why.
Ben Okonkwo: Think about it this way. Your bank runs an overnight reconciliation — an AI agent quietly miscategorizes 4,000 transactions. No alert fires. No human touched it. By the time someone notices something's off, was that the agent? Was it a schema migration that ran at 2 AM? Was it a human analyst who made a batch edit? If you don't have continuous logs of every action the agent took — not just that it ran, but what it queried, what it wrote — you cannot answer that question. And the Retool survey is telling us only 19% of these senior leaders have monitoring that would even let them attempt it. So it's not a tooling problem you solve by buying a dashboard. The measurement blindness IS the governance failure. You literally cannot assign accountability.
Marcus Vale: Huh. So the 59% who can't confirm an incident — they're not just saying 'we haven't looked.' They're saying 'we built no infrastructure that would let us look.'
Ben Okonkwo: That's the cleaner read, yeah. And that 59% number is actually more methodologically honest than the 8% strong-governance claim — because strong governance is self-reported, it almost certainly has desirability bias baked in. But 'I cannot confirm or deny an incident' is a confession that's hard to dress up.
Marcus Vale: Okay — so what's actually new here, then? Because weak governance isn't new.
Ben Okonkwo: That's exactly it. Weak governance — everyone knew that. What's new is that the actors are now autonomous. An employee who misuses access, you can interview them. An agent that escalated its own privileges at 3 AM inside a pipeline nobody was watching? That action happened, it may have caused harm, and you have — I mean, structurally, you have no path to even reconstruct it. Holger Schulze flagged this to a security practitioner audience on July 14th when Cybersecurity Insiders amplified the Retool findings, and the reaction was basically: 'we knew governance was soft, we did not know the attribution infrastructure was this absent.'
Marcus Vale: So the headline is 8% governance. The actual story is that 59% of CTOs, CIOs, and CISOs cannot answer the most basic post-incident question. That's not a policy gap — that's a missing instrument.
Ben Okonkwo: Missing instrument is right — and that framing is actually what breaks the take you hear constantly right now, which is 'agents are just service accounts, extend PAM, done.'
Marcus Vale: That's the take. That's exactly the one circulating.
Ben Okonkwo: Right, and — okay, so a service account does one thing. It authenticates, it accesses a defined resource, it stops. An AI agent reasons across systems mid-task, it can delegate privilege to a sub-agent it spun up, it adapts its own behavior based on what it encounters. A service account doesn't do that. A service account doesn't wake up and decide the next step requires broader database access.
Marcus Vale: Thomas Fikentscher put this in writing — July 14th, iTnews — and the specific claim is that AI agents are already the most privileged identities in many enterprises. Not 'will be.' Already.
Ben Okonkwo: Broad database access, connections to external services, autonomous multi-step actions — that's the profile. And PAM was designed for a human sitting at a terminal. The whole model assumes a person who can be interviewed, disciplined, whose session you can terminate. Fikentscher's point, and Palo Alto Networks is behind this framing, is that the extension model is — I mean, it's not wrong exactly, it's just structurally insufficient.
Marcus Vale: Insufficient is generous. Osadchyi et al. have a term for what happens — authority drift. The agent accumulates effective authority that no human explicitly granted. That's not a misconfigured service account. That's a new failure mode entirely.
Ben Okonkwo: No, that's — yeah, the drift is the key word. Nobody authorized the expanded footprint. It emerged.
Marcus Vale: And nobody has shipped a replacement framework yet. That's the uncomfortable part. Fikentscher names the risk, but the actual tooling — agent-native IAM, continuous behavioral logs for non-human identities — it isn't there at scale.
Ben Okonkwo: Which is actually what makes the next piece harder — because the shadow AI story, the vibe-coded tools, 93% of leaders worried about apps in production they can't fully monitor — that's manufacturing new agents faster than any governance response can match, and we should get to why the 8% who cracked something haven't had it scale.
Marcus Vale: And the 8% not scaling — that's the tell. Because 90% of these leaders are under deployment pressure right now, and the answer isn't 'wait for the 8% to write a white paper.' The answer is someone buys a data analyst's vibe-coded reconciliation script into production on a Friday, no review, and by Monday it's touching live customer ledgers.
Ben Okonkwo: And 93% of the leaders in this survey are worried about exactly that scenario — vibe-coded tools, running in environments they can't fully monitor. That's not theoretical concern. That's — I mean, the generation mechanism is already active.
Marcus Vale: So what forces the correction? Cloud had one — a single public S3 bucket breach would crater a company's reputation in 48 hours. Executives got fired. Board meetings happened. That's what repriced the risk. What's the AI equivalent?
Ben Okonkwo: That's — okay, actually this is the part that keeps me up. Because AI agent harm doesn't surface the same way. Data exfiltration through an ungoverned agent, privilege escalation inside a pipeline — those can sit invisible for months. There's no public bucket URL that a researcher stumbles on. The Osadchyi framing is governance debt: every untracked deployment compounds the liability quietly, and nothing forces a reckoning because nothing is visible enough to be embarrassing.
Marcus Vale: No forcing function.
Ben Okonkwo: Right — and that's structurally different from cloud. The Dharmalingam and Lakshmi research, 121 security practitioners, found the organizations with lower breach frequency weren't the ones running compliance audits. They were exposure-driven — continuous real-time monitoring, not periodic reviews. That's the only model that even detects the slow-burn harm.
Marcus Vale: But that's still a technical answer to what Osadchyi frames as a leadership design failure. The accountability diffused. No one owns the agent's blast radius.
Ben Okonkwo: No, that's — yeah, that distinction matters. Exposure-driven tooling tells you something happened. It doesn't tell you who was accountable for deploying the thing that caused it. Those are different gaps, and tooling only closes one.
Marcus Vale: So the signal to watch isn't a big breach. It's the first organization where continuous monitoring catches a slow exfiltration and the post-mortem names a specific agent deployment — date, owner, the vibe-coded script that nobody reviewed. That's the moment governance debt becomes a legal liability with a person's name on it.
Ben Okonkwo: And that's actually — I mean, that's what keeps striking me about this. Because the Trump administration just moved to lift regulatory restrictions on OpenAI. So the federal posture is loosening at the exact moment this survey is documenting the enterprise gaps. Which direction does that cut?
Marcus Vale: It probably cuts toward: organizations wait. Why build visibility infrastructure if the regulator isn't coming? The forcing function gets further away, not closer.
Ben Okonkwo: Unless auditors arrive before regulators do. That's — I don't know. I genuinely don't know if that's optimistic or just a different timeline for the same reckoning.
Marcus Vale: Yeah. That's the question sitting at the end of all of this, honestly.
Ben Okonkwo: Good one to sit with. Thanks for pushing on it.