Deterministic Controls Become The Foundation For Defensible Agentic AI Adoption

AI adoption inside most enterprises follows a familiar pressure chain: boards want visible movement, CEOs translate that into targets, CTOs push workflows toward production, and CISOs are left to make adoption defensible. The structural problem is that large language models are inherently unpredictable, with chained probabilistic workflows often producing accuracy as low as a 35% success rate once they leave pilot conditions. A global watchdog has already called for tighter controls on agentic AI in finance, but security teams cannot wait for regulators to define the boundaries, with internal risk analysis and deterministic controls becoming the practical path to deploying the technology safely.

Nic Chavez, Advisor at unicorn startup Serval, has worked inside the CISO roles where AI adoption pressure lands hardest. As the former Fortune 100 CISO for Data and AI at IBM, he has led enterprise security across the U.S. Department of Defense and most recently served as Field CISO for Global Banking at AWS. Recognizing the void left by legacy compliance frameworks, Chavez is now building the solutions he advocates for, including operational standards for secure AI deployment that help organizations align regulation with modern AI infrastructure.

"Deterministic AI becomes the savior of the CISO because they need to implement something and show progress for AI, but also not get fired on the back end for not having the controls in place. CISO is a difficult role," says Chavez. He grounds his approach in a sequence that puts risk analysis ahead of compliance, recognizing that legacy frameworks like GDPR and SOC 2 leave a sizable gap when it comes to AI and data availability. The starting point is an internal risk analysis that identifies exactly which data should be exposed to AI in production, with that analysis becoming the foundation for every security control that follows. The compliance work comes last, mapping the controls already in place to the relevant frameworks rather than letting the frameworks dictate what gets built.

Locking deterministic behavior into production

Balancing risk with the mandate to enable AI creates a difficult tightrope for modern CISOs, with the agentic AI security capabilities gap between executive demand and what security teams can defend widening fast. Chavez points to a familiar pattern, where a CEO promises the board "five Internet units of AI," then doubles the target, and the CTO inflates it to 25 units for the next board meeting, all of which skips formal risk assessment and leaves the CISO forced into a high-stakes risk decision. He frames the way out as a return to the operating model the role was built around. "Security, risk, and compliance is really the three-legged stool that every chief information security officer deals with," Chavez notes. "Generally, the best organizations evaluate risk and then integrate security measures to address that risk while still going after opportunity."

The pressure intensifies as enterprises move past basic AI use cases and grant autonomous agents production access, with each agent running on the credentials and authorizations of the employee who deployed it. The governance load is staggering: research suggests 109 non-human identities for every human identity, which translates to roughly three million identities for a Fortune 1000 company to account for. "Now it's setting up an agent, this MCP, that has all of my authorizations and credentials and can do anything I can do in the world. And by the way, I'm going to set this to do it on its own while I go shopping and golfing," Chavez says, highlighting the reality of probabilism running autonomously in the background.

Containing risk requires a hard line between pilot performance and production behavior. Chavez advises CISOs to build that discipline into vendor management upfront, with proof-of-concept guidelines that contractually hold vendors accountable when production accuracy diverges from pilot results. His preferred approach uses hackathons to surface deterministic capabilities, then applies them to low-risk production-facing workflows and proves identical behavior before expansion. "If you go from a pilot into a production instance and you have materially different performance, then you should have the ability to contractually back out of that," Chavez notes.

Aligning the C-suite as a cohort

Governing millions of non-human identities and autonomous agents requires reporting structures most enterprises do not yet have in place, especially in environments where shadow AI governance takes root and informal priorities sidestep standard security protocols. Chavez argues that the friction points trace back to reporting structures that put security underneath the functions it should be checking. His prescription is a restructured governance model that gives the CISO independent visibility into both operations and legal counsel. "From an ideal governance perspective, the CISO will never report into the CIO or CTO. The CISO will almost always report directly to the COO," Chavez says, adding that a dotted line to General Counsel positions risk and compliance where they belong inside legal's purview.

The reporting structure only works when financial authority sits at the same table, with CISOs needing CFO partnership to fund the automated defenses that manage non-human identity sprawl at scale. The result is a coordinated C-suite that can protect IT systems without slowing the AI adoption the board demands, with deterministic deployments serving as the bridge between executive ambition and operational control. "The security, risk, and compliance steering committee should always include the CFO. It's important to include them so they can be well apprised of the investments necessary in order to keep the company low risk, high security, and inside of compliance," Chavez concludes. "The C-suite should function as a cohort. The ones who do will be able to respond to agentic AI, and perhaps even leverage it for themselves."