What happens when the cybersecurity industry stops debating whether agentic AI is a future problem and starts treating it as a present-day reality?
In this episode of Tech Talks Daily, I sit down with Tim Freestone to unpack the biggest shift coming out of this year's RSA Conference. After attending RSA for more than two decades, Tim describes 2026 as the year the energy returned to the cybersecurity world, driven by one unavoidable topic: agentic AI.

We explore why the conversation has rapidly evolved from curiosity to urgency, and why organizations are suddenly confronting an uncomfortable truth. AI agents are already operating inside businesses, often without visibility, governance, or control. Tim explains how shadow AI is spreading faster than many leadership teams realize, with employees experimenting with autonomous tools that connect directly to company data and external AI models.
Our conversation also looks at the growing gap between visibility and control. Security teams may be discovering agents across their networks, but stopping risky behavior is an entirely different challenge. Tim argues that companies focusing purely on infrastructure are already falling behind, and that the real battleground is now the data layer itself. We discuss why data governance, audit trails, and access controls are becoming central to the future of cybersecurity strategy.
Tim also shares his thoughts on state-sponsored AI threats, the rise of autonomous espionage operations, and why open-source AI models present a completely new level of risk for defenders. At the same time, he offers practical advice for IT and security leaders trying to figure out where to start amid the noise, complexity, and endless flood of new tools entering the market.
If your organization is trying to understand how AI changes cybersecurity, governance, compliance, and risk management, this conversation offers a clear look at what security leaders are actually worried about right now, and why the next 12 months may redefine how companies think about protecting data altogether.
Useful Links
Please check the partners of the Tech Tech Talks Network
Learn more about the NordLayer Browser

[00:00:04] - [Speaker 0]
What happens when AI agents become part of the workforce before security teams have worked out how to govern them? Well, today, once again, I'm joined by Tim Freestone, chief strategy officer at Kiteworks, to unpack one of the biggest conversations that came out of the RSA event this year. Yep. A Genti k I, predictably, is the new attack surface. So two months after the conference, the message still holds.
[00:00:29] - [Speaker 0]
The industry has moved beyond asking whether AI agents matter. But the harder question now is how organizations can control what the agents can see, access, move, and modify across the business. And Tim will share today what he heard from CSOs, vendors, and customers at the event, and why the conversation has shifted from AI experimentation to AI containment. And we'll discuss why discovery alone is not enough, why audit trails might become possibly the most overlooked risk in agentic AI, and why data layer governance could matter more than model layer controls as AI systems continue to change. So ultimately, today is a practical conversation for security, IT, and business leaders that are all trying to understand and make sense of agentic AI governance, what it looks like.
[00:01:24] - [Speaker 0]
Because, yeah, the technology is moving fast, but the real test here is whether organizations can govern this data before autonomous systems start defining the risks for them. And on that note, it's time for me to now officially introduce you to Tim once again. So thank you for joining me on the podcast again. Big welcome back. For anyone that missed our previous conversation, can you remind them with a little about who you are and what you do?
[00:01:51] - [Speaker 1]
Sure. And thanks, Neil, for inviting me back. If I get invited back, it must not have been too bad of a first run at it, so I appreciate that. So, yeah, Tim Freestone. I'm the chief strategy officer at Kiteworks.
[00:02:04] - [Speaker 1]
Kiteworks is a data security and data control company. We have a platform that controls all of this, data that gets exchanged in and out of an organization, obviously, to deal with sensitive data. Been in the company about five years, but I've been in cybersecurity pretty much twenty, which is annoying to say at this point, but it is what it is.
[00:02:27] - [Speaker 0]
Love it. And one of the reasons I was excited to get you back on was to break down one of the biggest takeaways from the RSA conference this year, but not just what was announced, but what suddenly everyone agrees on because Agentic AI is here. It's everywhere. It's at every tech conference at the moment. But for the first time, the industry isn't debating if it's a problem, but it's more about just how bad that control gap really is.
[00:02:54] - [Speaker 0]
But you were there, or I wasn't. You walked the show floor. What stood out this year?
[00:02:59] - [Speaker 1]
Well, I mean, you know, again, I've been doing this about twenty years as I just mentioned. I've been to RSA, I think, every single year. RSA had a dip, honestly, for the RSA conference had a dip for a while. It was sort of, you know, a humdrum, oh, new FUD, not really that important. Look at all the people spending way too much money on booths, and it just kinda drug on for five years.
[00:03:26] - [Speaker 0]
Yeah.
[00:03:26] - [Speaker 1]
The last five years. This year was, lit up, in more ways than than one. And you can't just manufacture that kind of buzz from a marketing standpoint even if everybody agrees we should do it as from a you know, as marketers. The buzz was driven driven, outside in, from, you know, industry analysts to customers, everyone looking at the same problem. And, thankfully, most of the vendors recognize that, and we're doubling down on, you know, what exactly is the solution to this uncontrolled ecosystem we're moving into, which is what it is.
[00:04:09] - [Speaker 1]
It's we're moving into, if we're not already there, an uncontrolled ecosystem that has a new entity that needs to be addressed that people are figuring out as we fly the plane, basically. So it was it was interesting. It was good to have the life back into that conference, and it was great to have, you know, a lot of the conversations directed towards the same endgame.
[00:04:36] - [Speaker 0]
And presumably, every major vendor was talking about agents. Right?
[00:04:40] - [Speaker 1]
Yeah. I mean, again, if you weren't talking about that, no one was coming by to talk to you. Right?
[00:04:49] - [Speaker 0]
Yes. So the industry agrees on on the problem then. Yeah. Absolutely. United.
[00:04:55] - [Speaker 1]
It's just how to solve the problem. Or everybody agrees on how to solve it their own way, but it the the true solution is a is a collection of of all of those approaches, the same way the true solution was layered security pre AI. So you have to, you know, you have to look at you have a new entity. This new entity has intent. The intent that that entity has, you know, agents, that intent is both inherited from a user, but it also creates its own intent, and then you have data.
[00:05:33] - [Speaker 1]
And that entity is useless without data. It just is. It's not gonna be able to do anything without data. So, you know, there's layers of security. How do we manage the identity of those identity of those entities, how do we manage the intent, which is controlling what they do, and then ultimately, how do we manage and control what data resources they have access to use and how they use it.
[00:06:02] - [Speaker 1]
And so you see vendors lining up on that spectrum, of of leverage, essentially, providing their own solutions. And and you do need the full suite. You know, I would argue, you know, coming from Kiteworks, having that data layer, data security mentality that that's where you start because if you don't have control over the data and access and use of the data, then everything else doesn't matter. But at the end of the day, we're all the the industry is focused on solving these problems for our customers, which is a good news.
[00:06:37] - [Speaker 0]
And it's been, what, two months since it all wrapped up with the dust settled. What was the big takeaway from the show that the show that that still held up once conference fatigue has worn off and, it's back to the office as normal? Any big takeaways that still held up there?
[00:06:52] - [Speaker 1]
Yeah. I think, you know, just knowing that customers and vendors have to pay very close attention every day to what's happening in the AI and agent space from an innovation standpoint. That's the you you can't be ignorant right now. You can't come back a month later and catch up. You do every day has to be, alright.
[00:07:20] - [Speaker 1]
Let me check my, feed on what's innovated in the AI space today. How do I direct my teams around this? You know, how do we build a team that's agile enough to be directed around this? So I think that big takeaway, you know, other than the obvious stuff I just said around control and security, is just you have to be agile, you have to be paying attention, and it's it's not a a question of if it's when, around how these systems are gonna impact your company. And I think people are getting that now.
[00:07:56] - [Speaker 1]
And they they didn't six months ago. Six months ago, it was a different conversation. People were asking what I'm sorry. What is go what is AI, in terms of agents, and how does it and now it's every man, woman, and child for themselves in terms of the information flow.
[00:08:14] - [Speaker 0]
Wow. Absolutely incredible. And Stanford's twenty twenty six AI index, that says security and risk are now the number one barrier to scaling AgenTic AI. Now that's ahead of technical limitations and even regulatory uncertainty, which is a a slight surprise. I'm curious when you look at that index compared with what talking what people were talking about on the show floor and the CSOs you might have had conversations with, do those two match up?
[00:08:43] - [Speaker 1]
Not really. I mean, it's scaling AI in a controlled manner? Sure. Yeah. Yeah.
[00:08:49] - [Speaker 1]
That those are the two considerations. I'm telling you right now, it's scaling. There are there are people in your organization who have agents on their laptops, who have personal access keys to, you know, all of them foundational models, and are doing stuff to make them more productive or more lazy, depending on the person. And it's it's a flywheel right now because if someone sees another person in their organization being more productive, getting the spotlight, they look over and they say how they do that, then they do it. And it it is scaling.
[00:09:31] - [Speaker 1]
So I wouldn't say it's an impediment to scaling unless you con unless the context was in an organized fashion. It's just simply a absolute must because it's scaling and because there's shadow AI happening everywhere.
[00:09:47] - [Speaker 0]
Another thing I was excited to ask you about, because I was reading your Tech Republic piece, which is a great, post, by the way, and I will link it in the show notes for anyone that's not read that, but you highlight a gap between seeing agents and stopping them. What what does that look like in the data?
[00:10:02] - [Speaker 1]
Yeah. I mean, it it's it's sort of a springboard over what I just just said.
[00:10:08] - [Speaker 0]
Yeah.
[00:10:09] - [Speaker 1]
There wasn't an in there wasn't an industry for, agent observability. It just didn't exist
[00:10:16] - [Speaker 0]
Yeah.
[00:10:16] - [Speaker 1]
Six months ago. So you see all of these vendors popping up, to look at this, create identities so you can see what they're doing. There's a lot of vendors that don't need that. They're looking at signatures of activities, and they're correlating, and they can understand what's happening on their network for for agents. So but so there's there's a confluence happening right now, but the the fact of the matter, it's all new.
[00:10:45] - [Speaker 1]
So this this observability and monitoring and seeing what's happening, in your network, is again flying the plane as the risk, escalates. But there's a key phrase there, which is in your network. There's a lot happening outside of your network leveraging data, that also leaves your network. So there's this whole new third party risk layer that's popping up as well. The companies you do business with that access your data in order to do business with you in an information supply chain have agents that you have no visibility into or control over.
[00:11:26] - [Speaker 1]
Oh my god. And the worst thing to do would be to send them a survey asking them about their agents in this sort of antiquated third party risk management model. So, you know, it's visibility over your own agents as a challenge, and there are vendors and and great technology, popping up to support that. But you have to think about your whole information supply chain, outside of your organization too. And, I just kinda circle back to, really, the only way that you can get clarity or at least some level of confidence that you're reducing risk as much as possible is not as much to focus on the agents.
[00:12:06] - [Speaker 1]
I mean, you have to, but the data that they have access to and controlling that access layer and use layer and sharing layer. Because if an agent that you don't know exists in your network or in your third party supplier's network tries to access data and that data itself has attribute based access controls that ring fences what can happen to it, it doesn't matter if it's a rogue agent. Can't do anything. So that's really where the gate needs to come down to is every single sensitive asset in your company.
[00:12:40] - [Speaker 0]
And from the outside looking in at the event, there was a lot of vendor announcements this year that focused on agent discovery. I figured that might even be a trigger point for you there. But is discovery enough?
[00:12:53] - [Speaker 1]
Yeah. No. That's not enough. It's a good start. Like I said, you can't go into a board meeting and say, you know, we're not doing anything to try to discover our agents and our ecosystem.
[00:13:06] - [Speaker 1]
You'd not have a job anymore. But it's part and parcel of the full picture. Right? Yeah. I would rather go into a board meeting and say, and just turn the conversation to, look.
[00:13:19] - [Speaker 1]
At the end of the day, we're not it's not about infrastructure. What we're protecting is the data. So let's have the right conversation and say, we're going to control data access use and sharing. We're gonna monitor and find all of the agents that could potentially have access use and use of that data, and we're gonna ensure the infrastructure is in place to monitor and control all of it. And then you have a strategic conversation with your board.
[00:13:53] - [Speaker 0]
So a special thank you to Denodo for supporting the Tech Talks Network and helping us keep these conversations going because moving beyond AI pilots all starts with connecting your models to trusted enterprise data. So if you're ready to move beyond AI pilots, Denodo can help you connect your AI models to trusted enterprise data in real time. So you can scale faster and reduce risk. So if you're interested in turning AI into business value, simply visit denodo.com. And I was also reading that you've written about audit trails being the most overlooked issue in agentic But why is this why is it still such a sleeper problem, do you think?
[00:14:39] - [Speaker 1]
Yeah. So there's two things. There's control, and then there's tracking. Yeah. Control is what can and can't something do, and then tracking is what did it do or didn't do.
[00:14:51] - [Speaker 1]
The tracking really comes in to play, especially in the this era of regulatory compliance because regulators, you know, regulators that will assess fines for HIPAA violations, for GDPR violations, for CMMC two point o violations, and on and on and on. They really come in and ask both of those questions. What are the controls you have in place, and then what has happened to that data that we regulate? So the the audit trails and the tracking are incredibly important. And, basically, we you know, you what happened in the last six months is the surface that you have to track and audit all of that data movement depending on the company in a minimum doubled and in many places, 100, 1,000 x, the surface area that you have to track because depending on how many agents are deployed in an organization.
[00:15:54] - [Speaker 1]
So the tracking becomes incredibly important from a regulatory compliance standpoint. It also comes in, into play post breach. You know, there's a lot of defensive, movements that you have to do as an organization to reduce your exposure, your your brand impact, your, legal impact, and all a a ton of answers need to or questions need to be answered in terms of what happened to the data and what caused the data to do what it did so that tracking and auditing is not just a regulatory requirement. It's also a a legal requirement in the case of a breach. And, you know, everybody's playing catch up right now.
[00:16:39] - [Speaker 1]
But if you try to catch up again at the infrastructure layer, you're just gonna it's gonna take too long and you're you're gonna you're gonna miss spots. But if you if you focus everything on the data layer, and honestly, you couldn't do that before because it was just too the breadth of data in across an organization was too high. Really, AI is the enabler in even being able to do this. But if you focus the audit trail tracking on individual assets irrelevant of what moved or what did what with an asset, you're gonna be in a lot better position.
[00:17:11] - [Speaker 0]
Yeah. Completely agree. One of things I picked up on a lot of the news coming out of there is they they just seem to be increasing almost architectural debate underneath all of it. Should governance live in the model layer or the data layer? Is is that what you saw as well, presumably?
[00:17:27] - [Speaker 1]
Yeah. Model layer model layer governance, data layer governance, and then just the sort of Venn diagram of of model or agent data, and humans. So in the center of that is is what, you know, organizations need to focus on because all three of those things are are interacting. You know, at somebody has to tell an agent to do something.
[00:17:54] - [Speaker 0]
Yeah.
[00:17:55] - [Speaker 1]
Now down a chain, an agent can tell an agent to do something, but there's always a start, with that's bio biological. So all three of those things, AI, humans, and data, in terms of a Venn diagram of governance need to happen.
[00:18:12] - [Speaker 0]
And looking back to last year, I think it was the Anthropic disclosure last November. It was the CTG one zero zero two campaign They showed a state sponsored actor using Claude code plus MCP tools to run 80 to 90% of an espionage, operation, do it all autonomously. And I think, they detected it in September. Is that a canary in the coal mine? What did you think when you saw that?
[00:18:38] - [Speaker 1]
Look. No. Nobody knows what's gonna happen, unfortunately. It's both an exciting time for people who've worked in this industry for as long as I have, but it's also an incredibly frightening time. So when I saw that and many other examples, it was some variation of, oh, shit.
[00:18:58] - [Speaker 1]
Where's my bunker? And, oh, but on the flip side, the the defenders have access to the same capability set
[00:19:09] - [Speaker 0]
Yeah.
[00:19:10] - [Speaker 1]
Which has always been the case. You know, it's it's bad actor versus good actor, white hat versus black hat, but the technology that's leveraged for both of those has been equal. The only thing that gets a little bit different is the regulations to use of to use of the of the technology, and, you know, the bad guys are relatively unencumbered, let's say. But, you know, Mythos, who knows really what's going on there with with, Anthropic and this latest model, which, you know, apparently can do even more from a damage standpoint, a cyber risk standpoint. We will see if that ever actually makes it into the ecosystem.
[00:19:59] - [Speaker 1]
But what really concerns me as a springboard off of these public threats or these public vulnerabilities that we've seen is and this is a whole another podcast. But Yeah. Yeah. How close the the sort of Chinese models are behind. And those those are open source, some are open weight, I think.
[00:20:23] - [Speaker 1]
And, you know, act bad actors use of these these types of models, concerns me a little bit as well or more actually as well.
[00:20:33] - [Speaker 0]
And going back to the RSA conference, all the people that you spoke with and the conversations you've had in the week since, what are people actually asking for? Is it tools, architecture, something else? What what's the one thing that people are after at the moment?
[00:20:49] - [Speaker 1]
Information?
[00:20:50] - [Speaker 0]
Yeah.
[00:20:51] - [Speaker 1]
You know, it kinda gets back to what I said. You asked what are people walking away with. And, you know, even the conversations I have with customers or or potential customers, a lot of the conversation is just discovery. What's going on in the industry? Where are people focusing?
[00:21:12] - [Speaker 1]
How bad is the threat? What should we be paying attention to? What are others doing? It's a lot of just information and action. I mean, people are taking action.
[00:21:23] - [Speaker 1]
Obviously, they're they're buying what they need. But it's it's not sort of like, oh, I need this tool. I need that tool. I need this tech. I need that tech.
[00:21:31] - [Speaker 1]
It's what the hell is going on? Where do I start and focus? And what's my strategy? And the other pieces fall into place, you know, we're okay. Now what tech do I need to layer on?
[00:21:49] - [Speaker 1]
But, you know, it's from my career, it's one of the first times where I've seen a collective reset in terms of the conversation around how do we approach cybersecurity moving forward.
[00:22:03] - [Speaker 0]
Yeah. 100% with you. And I always try and give people this thing a a valuable takeaway of sorts. So for listeners who are maybe running security or in an IT department today, anything that they think you should or anything you think they should be doing in the next ninety days that they can take this pod take from this podcast and get out there and start working on something? I know it's not as simple as that, but anything you would advise?
[00:22:26] - [Speaker 1]
Yeah. The other thing I see is, especially as companies get larger enterprises, is that, security groups have historically been a little bit siloed. You got your email group. You got your network group. You got your data governance group.
[00:22:44] - [Speaker 1]
And they they they look at their universe with through that lens. What's the what's in my title? I'm the VP of infrastructure security. I'm the senior director of email risk. And I think those days are over.
[00:23:00] - [Speaker 1]
I think companies need to start departments need to start looking across each department with a sort of layer of data governance and data intelligence and saying, look, all of these groups are challenged with the exact same thing now. Whatever agent risk is happening and AI risk is happening is a trickle down into these groups and affects their departments the same. So we need a a level up layer. Potentially, we need to look at what new roles need to exist in in our IT and our security department to break down silos and start looking at this as a data problem, not a technology problem, and sort of building a road map around agent and data interaction. That's that's what I would recommend.
[00:24:00] - [Speaker 0]
Fantastic advice. And anybody that even if they did go to the RSA conference, they're going to another tech conference. I would say any tech conference you go to in 2026, you're gonna be hearing about Agentic AI in some shape or form along with a few buzzwords like human in the loop and this is our north star. That's the the one that I keep hearing again and again. But what's the one thing you'd want any listener or any future attendee at any conference to remember about AgenTiKi governance after at the end of this episode and and take away with them.
[00:24:30] - [Speaker 0]
What what would you advise?
[00:24:32] - [Speaker 1]
Yeah. Whatever problems you have had with the biological entities in your organization and the pain that has caused you times a thousand. So get ready. That's what I say. Get some big decisions coming your way.
[00:24:49] - [Speaker 0]
I think that's a great moment to end on. And as always, I would add a link to that Tech Republic piece. I urge everyone listening to check that out. Anywhere else you'd like me to point everyone?
[00:24:59] - [Speaker 1]
Yeah. I mean, I could always make a new friend or two digitally on LinkedIn. You know, it's linkedin.com/timfreestone, and then we also have a good substack. You just search Kiteworks. We keep that we probably keep our substack information stream more alive than than anything else.
[00:25:18] - [Speaker 1]
So I'd say those two things.
[00:25:20] - [Speaker 0]
Awesome. Well, I'll add links to that as well. Love chatting with you again. Any big tech conferences coming up? Maybe we can bump into each other and have a drink, or was that your big one?
[00:25:29] - [Speaker 0]
Any more coming up this year?
[00:25:30] - [Speaker 1]
Yeah. You know, that's the big one. We skip out on Black Hat. Whatever we're starting to do is go to AI conferences. So shocker.
[00:25:38] - [Speaker 1]
So AI I think it's AI four in in Vegas at the same time as as Black Hat. We'll be at that. So, yeah, if you're at Black Hat, I won't be there, but I'll be right next door.
[00:25:48] - [Speaker 0]
Perfect. I'll have links to everything there. Big pleasure as always. I love to get you back on later in the year. Let's see what you pick up from there as well, but thanks as always.
[00:25:57] - [Speaker 0]
Appreciate you, Tom.
[00:25:58] - [Speaker 1]
Yeah. Thanks, Ian.
[00:26:00] - [Speaker 0]
Big thank you to Tim as always for joining me on Tech Talks Daily. One of the many things that stood out to me this week was just how quickly the AI security debate has changed. A year ago, many teams were still asking whether a JNTKi was really enough to worry about. Now, the concern is much more immediate. Who can see these agents?
[00:26:20] - [Speaker 0]
Who can stop them? And what data are they allowed to touch? Because, yes, discovery is a starting point, but it doesn't solve the control problem. Organizations really need to understand now the relationship between humans, agents, and data, and then build governance around the information itself rather than chasing every new model or tool. And there's also that compliance angle that leaders simply cannot ignore too.
[00:26:45] - [Speaker 0]
If an organization cannot reconstruct what an agent did and with regulated data, monitoring alone will not satisfy auditors, regulators, or customers after an incident. So you can connect with Tim on LinkedIn. Follow Kiteworks for more insights on data security governance and agentic AI risk. There'll be links to everything in the show notes and the blog post associated with this episode over at techtalksnetwork.com. But let me know your thoughts.
[00:27:14] - [Speaker 0]
Are organizations ready to govern AI agents properly? Or do you think we could be heading into a new wave of shadow AI risk? Let me know. Techtalksnetwork.com. I'll be back again real soon.
[00:27:27] - [Speaker 0]
A big thank you to NordLayer for backing the podcast and supporting the kind of real world cybersecurity conversations that we need more of. Because as someone that records 65 plus interviews a month, I've personally seen a huge increase in browser based attacks over the past year, whether that be phishing, malicious extensions, account takeovers, the list is long. And it's all happening where people spend most of their time inside the browser. So NordLayer's new business browser, that's built to address exactly that. It blocks malicious sites before they load.
[00:28:04] - [Speaker 0]
It limits risky behaviors like uncontrolled downloads or data sharing, and gives you visibility into how your team interacts with web apps. And it also helps you stay compliant by controlling access and enforcing policies without the need to rely on multiple disconnected tools. So for anyone listening that is thinking seriously about reducing risk in SaaS heavy environments, this feels like a smarter and more focused approach. And you can learn more about it by visiting nordlayer.com/browser. Let me know what you think.
[00:28:39] - [Speaker 0]
Thanks for listening. Bye for now.

