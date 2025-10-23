As enterprise AI adoption surges, from autonomous email processing to AI-driven workflow automation, security leaders face a new reality: AI agents are now insiders. These agents have access to sensitive data, third-party systems and decision-making authority.



Yet most organizations still treat them as unmanaged assets rather than high-risk identities subject to the same security controls as human workers. That gap is a growing concern for AI governance experts like Meghan Maneval, director of community and education at Safe Security and a key contributor to ISACA’s Advanced AI Security Management (AAISM) certification. Speaking to Infosecurity at the ISACA Europe 2025 conference in London, Maneval argued that mandatory security awareness training must extend to AI agents – just as it does for employees. “It may not be as candid as what humans would do during those sessions, but AI agents used by your workforce do need to be trained. They need to understand what your company policies are, including what is acceptable behavior, what data they're allowed to access, what actions they're allowed to take,” she explained. During her talk at ISACA Europe 2025, Maneval extended her insights beyond AI agents to all enterprise AI tools, outlining a best-practice framework for AI auditing.

Infosecurity selected some of her key recommendations, drawn from both an exclusive interview at ISACA Europe 2025 and her subsequent presentation on AI governance and auditing best practices.

The Five Commandments of AI Auditing Write Everything Down When people reach out to Maneval for advice on launching an AI auditing program, she generally starts with the same recommendation: write everything down. “I kind of joke, but I do tell people to start by writing everything down, build and inventory, a list of the AI tools used and how they are used,” she told Infosecurity. This can go from a simple list of critical application inventory listed on a piece of paper to a machine-readable software bill of materials (SBOM) or AI bill of materials (AIBOM) depending on the organization’s maturity. She said that this inventory could be built using response from an employee survey, asking every employee how they are using AI. “Inevitably, people are using it and potentially downloading software off the internet without any company oversight,” she said. These inventories should ideally go beyond the organization’s workforce and include third-party systems, including how partners (suppliers, software providers, clients, etc.) are using AI. “If you already have third party listing with all the companies you deal with and all the applications they use, you should ask them how they use AI in both internal use cases and customer-facing ones,” she said. Don’t Start with Checkboxes While listing applications, systems and use cases is a critical first step, Maneval also warned against limiting AI audit programs to checkbox exercises only. “I think we all started the audit journey as a checkbox activity and now, with experience, are all saying it shouldn’t be. Don't start with checkboxes. You have to be intentional,” she said during her talk at ISACA Europe 2025. By being intentional, she explained that audit managers should understand not only what AI is used for, but how it is used. This means actively examining the AI’s inner workings: Understanding what machine learning algorithms and AI models are underlying the user-friendly AI interfaces

Validating the training data which these models have been trained on

Identifying the potential biases and weaknesses in these datasets

Understanding how each AI tool is making decisions, from answering questions (AI chatbots, AI assistants) to acting on behalf of the user (AI agents) “Most AI tools are just trained to do the same thing over and over and so it means decisions are based on assumptions from limited information,” she explained to Infosecurity. “Additionally, most AI tools solve real problems but also create real risks and each solve different problems and creates different risks.” While some cybersecurity experts argue that auditing AI tools is no different to auditing any other software or application, Maneval disagrees. “With AI, you're not starting from scratch, but it's also not a carbon copy. There's this grey space in the middle where you want to look at what you're already doing – you probably already have some policies on things like data protection, third-party risk management, preferred encryption methods. You can apply some of those to AI,” she said. “But then there will be some extra verifications you will have to do. Those are the gaps that a lot of people don't know yet. Identifying those gaps are where people are going to have to focus.”

You probably do a background check before anyone is hired. Do the same thing with your AI agent. Meghan Maneval, Director, Community and Education, Safe Security