Skip to content
Go Back
CyberHQ® Executive Notes

What Happens When Agentic AI Learns Everything Your CISO Knows?

By Ian Yip 8 min read

The cybersecurity industry is racing to deploy agentic AI. Nobody is asking what happens when it learns everything your best security people know, and who that knowledge actually belongs to.

 

When The Knowledge Walks Out The Door

The numbers on cybersecurity staff turnover are not new. But read together, they describe a governance failure that most organizations have never formally acknowledged.

The average CISO remains in the role for just 18 to 26 months, less than half the tenure of any other C-suite position. 41% of organizations have no succession plan for the role. 47% have no adequate internal successor identified. (Secureworks 2024; Heidrick & Struggles 2024.)

When leadership turns over that quickly, the operational consequences are real. Dark Reading’s January 2026 analysis of the CISO succession crisis was blunt: when cybersecurity leadership turns over too quickly, risk does not reset. It compounds. Projects stall. Controls slip. Incident response muscle memory: who to call, which vendors respond when it matters, which escalation paths actually work. All of it has to be rebuilt. Attackers do not pause while you hire.

The financial consequence is measurable. IBM’s 2025 Cost of a Data Breach Report puts the global average breach cost at $4.44 million, with UK organizations averaging £3.29 million. 92% of CISOs report that departing employees contribute to data loss events. A key security leader departure within a 26-month window is not a low-probability risk organizations don’t need to plan for. On the contrary, given average tenure data, it is a near-certainty.

The person is treated as a resource to be replaced. The knowledge is treated as gone.

 

Agentic AI changes the question

The institutional security knowledge that walks out the door every time a CISO or other key security employee departs has no continuity plan. The question nobody is asking is whether agentic AI should be the one to change that, and on whose terms.

MIT’s Project NANDA found that despite $30-40 billion in cumulative enterprise AI investment, 95% of AI pilots failed to deliver measurable results. The authors were clear that the failure was not about model quality. It was about organizational integration: AI deployed without the workflows, institutional context, and accumulated knowledge needed to make it useful. That finding points directly at the problem this article is describing. AI-based knowledge continuity, which would continuously capture decision rationale, policy history, risk reasoning, and operational context from the people who hold it, would address exactly that gap. A new CISO would then inherit not a blank page but a navigable record of every significant decision their predecessor made, and why.

The building blocks are already emerging in adjacent enterprise contexts. Microsoft Copilot, Google Agent Search (formerly Vertex AI Search), and other AI-powered workplace assistants, are all being deployed in 2026 as enterprise internal knowledge systems, enabling employees to query organizational knowledge in natural language, surface prior decisions, and retrieve institutional context across large document estates. Companies have been trying to capture institutional memory since organizations first existed. It is why some contracts still require formal handover periods. The difference now is that agentic AI makes genuine knowledge transfer technically feasible for the first time, not just aspirationally desirable. None of these platforms have been designed specifically for security leadership transitions. That gap remains open.

If an organization uses agentic AI to learn from its security leadership, capturing how they think, what they prioritized, how they assessed risk, who owns that knowledge? Does the employee need to consent to it being collected, retained, and used? Could an employer build a proprietary model trained on the expertise of their most valuable people and eventually use it to justify not replacing them at all?

These are not hypothetical questions. People are already building AI versions of themselves. Digital twins that capture and extend an individual’s intellectual presence exist today. The academic literature on the ethics of digital duplication has established a clear baseline: consent is not optional. The moment an organization begins capturing the decision-making patterns of its security team without explicit informed consent, it has crossed a line that both regulators and employees will notice, even if, in most of the world right now, nobody is formally empowered to stop it.

The incentive structure for misuse is not theoretical. AI played a role in 55,000 US layoffs in 2025 (Challenger, Gray & Christmas). Amazon, Salesforce, Accenture, Heineken, and Lufthansa have all cited AI as a contributing factor in eliminating roles. The WEF projects 92 million job displacements by 2030, with 39% of workers’ existing skill sets transformed or made obsolete. The pressure on organizations to use captured human knowledge to reduce headcount is real, active, and growing.

Amazon’s CEO said in June 2025 what most executives decline to state publicly: AI will reduce the corporate workforce in the coming years. His framing was careful, focusing on routine tasks, administrative functions, and roles where AI can automate what humans currently do. Senior security leadership was not on that list. The CISO, the GRC lead, the IR lead are judgment roles, accountability roles, built on regulatory relationships and contextual intelligence that no current AI system replicates. Today, that distinction holds.

Governance is moving. The Global Council for Responsible AI (GCRAI), operating across 77 countries, is actively working to build shared standards and influence legislators toward enforceable regulation, with a clear position: AI must evolve with transparency, security, and accountability. Singapore published the world’s first governance framework specifically for agentic AI in January 2026. In the UK, the ICO has begun auditing AI workplace tools under existing data protection law.

The challenge is that ambition and enforcement are not the same thing. The EU AI Act is currently the only binding legal instrument in existence. Full enforcement for high-risk AI systems, including those that affect workers, begins August 2, 2026, with fines reaching €35 million or 7% of global annual turnover, and extraterritorial reach covering organizations outside the EU whose AI systems affect people within it. The rest of the world is working toward something equivalent. It is not there yet. An organization that decides today to capture its employees’ institutional knowledge without consent, use it to train proprietary models, and quietly build the case for reducing headcount is, in most jurisdictions, operating in a space with no binding constraint. That is not a theoretical risk. It is the current reality.

This is where the line must be drawn deliberately, not left to chance or contract fine print.

On one side: an organization that implements AI-assisted knowledge capture with full employee consent, transparent governance, clear limits on how the data will be used, and a stated purpose of continuity for incoming talent. That is a legitimate, defensible, and long overdue investment.

On the other side: an organization that captures expertise without meaningful consent, uses it to build proprietary models that reduce dependence on human specialists, and presents employees with opt-out clauses buried in contract updates after the fact. That is not a continuity plan. It is an extraction program.

In 2026, with agentic AI accelerating faster than any governance framework can keep pace with, the difference between those two things is entirely down to the choices organizations make right now, before anyone requires them to.

 

Peer Perspectives

I put this question to two of my peers for their point of view: is AI-based knowledge continuity a legitimate investment in operational resilience, or a liability waiting to happen? And where does the ethical line sit in practice? I also answered it myself.

Knowledge continuity and knowledge extraction are not the same problem and conflating them is how organisations end up doing the second while telling themselves they are doing the first.

From a human risk management perspective — the lens I work in every day — consent is not a legal afterthought. It is the leading indicator of whether the deployment will work at all. If an organisation cannot get explicit, informed consent from its security leaders to capture how they think, it has already failed the cultural posture that determines whether any AI deployment stays aligned over time. The same employees you cannot be transparent with are the ones who will quietly route around the controls, withhold the context that actually matters, or leave — taking the most valuable knowledge with them precisely because they were not trusted with the conversation.

There is also a regional reality the piece does not fully address. Across MENA and the Gulf, financial and critical-sector regulators assume a named, accountable human officer. The CISO is not a knowledge worker who can be abstracted into a model. They are a regulatory relationship. The trust built with a supervisor over years of audits, incident reports, and quiet phone calls is not in the decision log. It is not training data. An agent trained on every email and ticket the CISO ever touched still cannot make the call the regulator is waiting for, because the regulator was never talking to the artifact. They were talking to the person.

Agentic AI absolutely should carry the operational toil — the 3am triage, the audit evidence collection, the vulnerability noise. That work is overdue for automation. But the same systems should be deployed under three non-negotiable conditions: explicit consent on what is captured, contractual clarity that the captured knowledge cannot be used to displace the people who contributed it, and a governance log accessible to those employees.

The organisations that get this right will retain better people. The ones that do not will discover, the hard way, that the knowledge they thought they captured was never the knowledge that mattered.

Organisations should not shy away from the operational objective to become as efficient as possible to deliver maximal capital towards their mission; be that profit or philanthropic endeavour.  The main balancing factors impacting their investment choices are risk and timeline and their decisions are impacted by ethical considerations, including their investor expectations.

Against a backdrop of increasing pace of change (economic, political, technical), investments in AI to increase corporate knowledge, remove friction and reduce decision cycles for improved insight and enhanced value are an essential and legitimate strategy for optimising survival and growth.  However, any investment strategy needs to balance effective implementation of AI with appropriate governance to mitigate risks from regulatory fines or the reputational damage of runaway errors; essentially applying institutional judgement.

In a rapidly changing world, it is judgement that arbitrates between the size of any current legal and regulatory risk compared with ethical considerations that may lead to a future legal and regulatory risk. Or potentially, a future reputational brand impact from failing the future pub test on your decisions albeit ones made in today’s world context.

Unfortunately, the very efficiency that an AI agentic approach can unlock (i.e. current workforce obsolescence ), might well be based on historic insights of those workers whose institutional knowledge capture has contributed to their demise.  In many ways, this is not dissimilar to experiences during previous revolutionary changes (agricultural, industrial, automation, digitisation, etc), when existing employees educated and informed the designs of the very transformations that replaced them; from the seed drill through to the standardisation of manufacturing production lines to digital everything.  In all those previous epochs, new activities and job roles were created from the ashes of the revolutions.

So yes, on balance, AI-based knowledge continuity is a legitimate investment in operational resilience and with the appropriate guard rails of transparency and judgement, it can be an ethically coherent strategy to the future. Ultimately, it’s all about the data – and the human interface.

Firstly, capturing the knowledge and behaviours of employees without their knowledge for the purposes of training agents and then replacing said people crosses the ethical line. Without correctly written contracts, it would indeed be a liability waiting to happen. In cases where it may be legally defensible due to carefully worded employment contracts, there should still rightfully be serious concerns regarding the culture of a company that would do it.

Provided transparency is in place, AI-based knowledge continuity should be part of an organisation’s resilience agenda. Whether it does get implemented and for whom comes down to the criticality of the functions in question, and the risk to the business should key people not be available during times of crisis.

From the perspective of individuals who may feel insecure about their job being taken by AI, the reality is that agents can automate a lot of operational decisions and tasks that would otherwise be handled by humans. But they do not have a human’s learned experience, taste, and decision-making prowess from undocumented situations. Agents can only learn from training data, and much of one’s professional experience throughout one’s career lives in our heads.

I do not believe that agents can fully replace CISOs and senior cybersecurity professionals, at least not for some time. Agents should be used to cater for the times that senior professionals would prefer not to have to deal with in real time, or at all: the 3am phone calls because a critical alert is pinging, the manual toil of having to find the 500 pieces of evidence because of the audit next week, the triage process of 5,000 “critical” vulnerabilities that the scanner found last week.

Ultimately, the best people in the industry will see this as an opportunity to differentiate by augmenting themselves with technology. To show the world how good they really are. To evolve. To level up. To finally have the time to do impactful work. To take command of their organizational cyber resilience.

The View From Here

The tools to begin building AI-based knowledge continuity exist, though none, to our knowledge, have yet been designed specifically for the CISO transition, the GRC handover, or the IR lead departure. That gap is telling.

The question worth putting to every leadership team is not whether a perfect solution exists today. It is whether your organization has even had the conversation. The organizations that begin thinking about knowledge continuity now, before the departure, before the scramble, before the gap becomes a vulnerability, will be measurably better positioned than those waiting for the market, or a regulator, to hand them a solution.
We believe the gap for human knowledge continuity is real, urgent, and technically solvable, but only if approached with the same governance rigor organizations apply to the systems they are protecting. 

That gap will close. The question is whether it closes by deliberate design, with transparency, consent, and human-first principles built in from the start, or by accident, after organizations have already used it in ways that damage the people it was supposed to help.

Agentic AI is not standing still. The same systems now capturing institutional knowledge, mapping decision rationale, and encoding how experts think are also the systems being trained to act on that knowledge autonomously. Whether that evolution eventually reaches into security leadership, whether the captured knowledge of a CISO becomes the foundation for an autonomous system that no longer needs a CISO, is not a question the current data can answer. It is, however, a question worth asking before the answer arrives.

Translate Technical noise into board-ready intelligence

Quantify exposure in financial terms. Align security investment to business outcomes. See how security leaders use CyberHQ® to make the case for what matters.

Ian Yip

Ian Yip

Ian is the Founder and CEO of Avertro, a cybersecurity software company helping organizations validate their defense, justify spend, or prove a state of resilience with confidence. Ian has 25+ years of cybersecurity, business, and leadership experience in a variety of global roles spanning advisory, strategy, sales, marketing, product, services, and technology functions in some of the world’s leading companies including McAfee, EY, and IBM. Avertro's flagship product, CyberHQ® is the Resilience Command Platform that directs your defense. It translates technical signals into quantifiable, governance-ready intelligence, empowering you to validate cyber effectiveness, prove defensible resilience, and optimize security-per-dollar with absolute confidence.

Share: LinkedIn

Turn cyber risk into board-ready intelligence

Quantify exposure in financial terms. Align security investment to business outcomes. See how security leaders use CyberHQ® to make the case for what matters.

Latest Articles

What Happens When Agentic AI Learns Everything Your CISO Knows?
CyberHQ® Executive Notes

What Happens When Agentic AI Learns Everything Your CISO Knows?

Agentic AI is absorbing what your best security people know. Find out who that knowledge belongs to, and what it means for CISO succession planning.

July 15, 2026

Is Compliance Automation the Next Biggest Threat to Cyber Resilience?
Insights

Is Compliance Automation the Next Biggest Threat to Cyber Resilience?

Compliance automation cannot replace judgment. Ian Yip explains why SOCI Act, NIS2, and CIRCIA mandates demand defensible resilience, not audit theater.

July 13, 2026

CyberHQ® supports the AICD CSCRC Cyber Security Governance Principles
News

CyberHQ® supports the AICD CSCRC Cyber Security Governance Principles

Avertro announces support for AICD/CSCRC Cyber Security Governance Principles through CyberHQ®. Learn how this aligns with your goals.

July 03, 2026