You Don’t Need to Learn AI. You Need to Learn What You Are About to Let It Decide.

Audit-ready is not risk-ready

By Eckhart Mehler for CISOsCISO — a perspective on cybersecurity leadership, governance and the decisions that determine whether organizations retain control.

I keep seeing the same pattern. CISOs rushing into courses, certifications, vendor briefings. Trying to “get up to speed” on AI. And I understand the instinct. It feels like cloud did a decade ago. You don’t want to be late.

But here’s the uncomfortable truth:

If you approach Agentic AI as a knowledge gap, you will completely miss the problem. Because this isn’t about understanding AI.

It’s about understanding what you are about to delegate.

Most learning paths right now are built around:

• prompt engineering
• model capabilities
• tool ecosystems

All useful. None sufficient.

They keep you in a familiar role:

evaluating technology

But Agentic AI doesn’t want to be evaluated. It wants to act.

And the moment it does, your role changes.

You are no longer the person who assesses controls. You are the person who decides which decisions can be given away.

So let me be blunt.

If you want to learn Agentic AI as a CISO, stop consuming and start losing control on purpose.

Build something small. It doesn’t matter what.

Use frameworks like LangChain or CrewAI. Give it access to data. Give it tools. Give it a goal.

And then watch it do something you didn’t expect.

Because that’s the moment you actually learn.

Not when it works. But when you ask yourself:

“Why did it decide that?”

And you don’t have a clean answer.

That question is the beginning of real competence.

Because Agentic AI systems don’t fail like traditional systems.

They don’t crash.

They drift.

They interpret. They optimize. They take shortcuts that look reasonable — until they aren’t.

And if you haven’t seen that behavior firsthand, you will underestimate it in production.

The next thing you need to unlearn is identity.

Most environments are still built around a simple idea:

Users act. Systems support.

Agentic AI breaks that.

Now systems act. And nobody is entirely sure who the “user” is anymore.

An agent:

• has access
• uses tools
• operates in context
• produces outcomes

But ask a simple question:

Who owns that agent?

Not technically. Governance-wise.

Who is accountable for its decisions? Who defines its boundaries? Who signs off on its risk?

If your answer is vague, your problem is not AI.

It’s unassigned responsibility at machine speed.

And then there is logging.

I still hear: “We log everything.”

Do you?

Do you log:

• the goal the agent was given?
• the intermediate reasoning?
• the alternatives it considered?
• the uncertainty it operated under?

Or do you log outputs and API calls and call it observability?

Because if you cannot reconstruct why a decision happened, you are not in control.

You are documenting the aftermath.

Let’s talk about human-in-the-loop.

It’s the most comforting phrase in AI governance right now.

It also happens to be one of the most misleading.

Because in most implementations, it means:

• humans approve
• systems execute

Until speed matters.

Then:

• systems decide
• humans review (sometimes)

So the real skill is not designing approval workflows.

It is deciding:

Where do we refuse to delegate at all?

Not because we can’t automate it.

But because we shouldn’t.

Here is what I would actually learn if I were starting today.

Not in a course. Not in a certification.

In practice.

I would deliberately create situations where:

• the agent misinterprets intent
• the context is incomplete
• the outcome looks plausible but is wrong

I would provoke failure.

Because only then do you see where your control ends.

And that is the boundary that matters.

At some point, you will notice something else.

Your existing frameworks start to feel… insufficient.

Yes, ISO/IEC 27001:2022 still applies. Of course it does.

But many controls assume:

• stable processes
• clear actors
• predictable behavior

Agentic systems violate all three.

So instead of forcing them into your controls, use them to expose where your controls rely on assumptions that are no longer true.

That is where your real work is.

And this is where most CISOs hesitate.

Because the shift is uncomfortable.

You move from:

• defining controls

to:

• defining decision rights

From:

• mitigating risk

to:

• making explicit which risks you are willing to automate

From:

• asking “Are we secure?”

to:

• asking “What are we already letting happen without a decision?”

Let me make it very simple.

If an agent in your environment makes a wrong decision tomorrow:

• Can you explain who authorized that type of decision?
• Can you show where its boundaries were defined?
• Can you point to the moment the risk was accepted?

If not, you don’t have a learning problem.

You have a governance gap that scales with every automated action.

So don’t ask what course to take.

Ask something harder:

Which decisions in my organization am I not even aware are being delegated already?

Because Agentic AI will not wait for you to understand it.

It will integrate itself into workflows, tools, platforms — quietly.

And by the time you “learn AI,” it may already be deciding.

Without you.

And that’s the real risk.

Not that AI becomes too powerful.

But that you never explicitly decided where your control should stop.

Publication Note & Disclaimer
This article was originally published on LinkedIn on May 13, 2026 and may have been edited or updated for publication on this site.

It reflects my personal professional perspective and does not represent the official policy or position of my employer. Drafting and editorial refinement may have been supported by commercially available AI-assisted tools. The analysis, conclusions and final curation are entirely my own.

For information regarding image credits, copyrights, trademarks and other intellectual property rights, please refer to the Imprint.