Get the report: How to Achieve CIO-CEO Alignment in the Era of AI

close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
Securing Generative AI for Dummies
Securing Generative AI for Dummies
Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
chevron Get the eBook
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Watch the demo
The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
Netskope One Private Access is the only solution that allows you to retire your VPN for good.
chevron Get the eBook
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Achieve Business Value with Netskope One SSE
Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
chevron Get the study
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners

What Santa Claus Can Teach Us About Agentic AI

Dec 17 2025
By James Robinson

No matter what industry you’re in, if you are a technology or security professional, you’ve likely been inundated with questions about agentic AI and how it can either supercharge your workforce or turbo charge your threats exposure.

With a few years of experience under my belt, I wanted to write a blog with advice around finding the right way to approach and secure whatever is the latest “shiny new thing”… but it’s the holiday season, so I would be remiss not to labor a fun festive analogy. 

So here’s some holiday-themed advice I can offer about securing and enabling agentic AI.

Make a list and check it twice

The best place to start is to make sure you’re listening to what the organization wants to use.

Sorta how everyone makes a Christmas list, you need to know what applications and tools your organization wants to be using. As we’ve found with many shiny new tools over the years, people will find a way to use what they want whether security knows about it or not. This year, agentic AI is probably very high on those wishlists.

As we all learned with generative AI a few years ago, there’s no sense in just blocking these sort of tools sight unseen. Instead, it’s best to find a way to enable them accordingly. But please remember, while it’s a key tactic among children on Christmas Eve night, hope is not a strategy in cybersecurity. As a security leader, you need to have a plan for how you’re going to enable and secure these tools and applications. And that means starting with visibility.

Know who’s naughty or nice

If there’s one thing we know about the big man in red, it’s that he is always watching.  Santa has constant visibility into who is naughty and nice, and you want to be mirroring this kind of visibility when adding any new tool to your organization.

This is no less important for agentic AI solutions, which move very fast once they’re implemented and can lead to major exposure or even abuse if not configured properly.

Make sure you know what apps have access to your organization’s data and how it is being used. From there, you need to have the proper policies in place to make sure you control  access and usage of sensitive or confidential data. 

Say I deploy a bunch of agents within a company and one of those agents gets instructed to do something wrong. It’s important for us to have visibility as a starting point, but we still need to venture into uncharted territory and discover how much damage has really been done.

And to do that, you need the right folks leading the charge… which leads to my next tip:

Let the reindeer pull the sleigh

As a CISO, I am a big believer in a developer-led approach when it comes to finding ways to secure and enable AI. 

When you’re dealing with such a new area of evolving technology, there will always be limitations to what you personally can know. That’s why you need to be able to turn to a trusted team to help move things forward, just as Santa does with his trusty team of reindeer pulling the sleigh.

I rely on my developers to help ask and answer the tough questions that come up. Questions like “What happens if a malicious agent goes rogue?” We need to be able to work out, How do I investigate that? Do I go to the server? Do I go to the server and capture the memory? Do I use traditional forensics and incident response characteristics to do this or do I have to rethink the entire process? Do I have to use something totally different?

None of these are easy questions to answer. But hey—nor is it easy to be a flying reindeer! But starting the team on this mindset now—before agentic AI feels out of control in the organization—enables them to start thinking and feel comfortable working through these sorts of questions if and when they ever wind up in this situation.

Build a team of hardworking elves

At the same time, we also know one of the big reasons why Santa is so jolly is because he has a trusty team of elves who do the important work to keep things running smoothly. 

Beyond just developers, another area I would recommend to every security team is to build out your AI Ambassadors. These are the hardworking team members across the departments in the organization who focus on sharing information from the security team and AI governance committee with their team. Also like elves, they can take on some more of the  work by reviewing the proposals before they come to the AI governance committee as well as the security team for review. 

A team of trusty AI ambassadors will help give you an internal layer of visibility, while also helping to contextualize some of the key best practices every department should be using when it comes to new AI tools.

May your days be merry and bright (and secure)

The holiday season and the new year can be a stressful time, especially if you’re trying to implement and secure those new tools your organization has been asking for. But if you know what kinds of tools you’re dealing with, making sure visibility is built into your plan from day one, and you have developers leading your approach, you’re at least starting off on the right foot. 

Just make sure you remember to leave out plenty of milk and cookies (or pizza and energy drinks) for the people helping make these plans a reality.

< Full Skope
Next Story >
< Back
Next >
author image
James Robinson
James Robinson is a seasoned professional with over 20 years of experience in security engineering, architecture, and strategy.
James Robinson is a seasoned professional with over 20 years of experience in security engineering, architecture, and strategy.
Read More
More Articles by James Robinson
Read full Bio
More articles

Related Articles

card shape
Full Skope

AI Predictions for 2026 from Netskope Threat Labs

By Netskope Staff
chevron Read the blog
card shape
Full Skope

AI, Quantum, & Data Sovereignty: Security Predictions for 2026

By Netskope Staff
chevron Read the blog
card shape
Full Skope

The Crucial Conversations CIOs and CEOs Need to Have Right Now

By Mike Anderson
chevron Read the blog
Show More
Connect with Netskope

Subscribe to the Netskope Blog

Sign up to receive a roundup of the latest Netskope content delivered directly in your inbox every month.
Subscribe now