Cybersecurity Insights, News & Resources | Avertro

When Agentic AI Learns What CISOs Know | Avertro CyberHQ®

Written by Ian Yip | Jul 15, 2026 11:30:00 PM

The cybersecurity industry is racing to deploy agentic AI. Nobody is asking what happens when it learns everything your best security people know, and who that knowledge actually belongs to.

 

When The Knowledge Walks Out The Door

The numbers on cybersecurity staff turnover are not new. But read together, they describe a governance failure that most organizations have never formally acknowledged.

The average CISO remains in the role for just 18 to 26 months, less than half the tenure of any other C-suite position. 41% of organizations have no succession plan for the role. 47% have no adequate internal successor identified. (Secureworks 2024; Heidrick & Struggles 2024.)

When leadership turns over that quickly, the operational consequences are real. Dark Reading’s January 2026 analysis of the CISO succession crisis was blunt: when cybersecurity leadership turns over too quickly, risk does not reset. It compounds. Projects stall. Controls slip. Incident response muscle memory: who to call, which vendors respond when it matters, which escalation paths actually work. All of it has to be rebuilt. Attackers do not pause while you hire.

The financial consequence is measurable. IBM’s 2025 Cost of a Data Breach Report puts the global average breach cost at $4.44 million, with UK organizations averaging £3.29 million. 92% of CISOs report that departing employees contribute to data loss events. A key security leader departure within a 26-month window is not a low-probability risk organizations don’t need to plan for. On the contrary, given average tenure data, it is a near-certainty.

The person is treated as a resource to be replaced. The knowledge is treated as gone.

 

Agentic AI changes the question

The institutional security knowledge that walks out the door every time a CISO or other key security employee departs has no continuity plan. The question nobody is asking is whether agentic AI should be the one to change that, and on whose terms.

MIT’s Project NANDA found that despite $30-40 billion in cumulative enterprise AI investment, 95% of AI pilots failed to deliver measurable results. The authors were clear that the failure was not about model quality. It was about organizational integration: AI deployed without the workflows, institutional context, and accumulated knowledge needed to make it useful. That finding points directly at the problem this article is describing. AI-based knowledge continuity, which would continuously capture decision rationale, policy history, risk reasoning, and operational context from the people who hold it, would address exactly that gap. A new CISO would then inherit not a blank page but a navigable record of every significant decision their predecessor made, and why.

The building blocks are already emerging in adjacent enterprise contexts. Microsoft Copilot, Google Agent Search (formerly Vertex AI Search), and other AI-powered workplace assistants, are all being deployed in 2026 as enterprise internal knowledge systems, enabling employees to query organizational knowledge in natural language, surface prior decisions, and retrieve institutional context across large document estates. Companies have been trying to capture institutional memory since organizations first existed. It is why some contracts still require formal handover periods. The difference now is that agentic AI makes genuine knowledge transfer technically feasible for the first time, not just aspirationally desirable. None of these platforms have been designed specifically for security leadership transitions. That gap remains open.

If an organization uses agentic AI to learn from its security leadership, capturing how they think, what they prioritized, how they assessed risk, who owns that knowledge? Does the employee need to consent to it being collected, retained, and used? Could an employer build a proprietary model trained on the expertise of their most valuable people and eventually use it to justify not replacing them at all?

These are not hypothetical questions. People are already building AI versions of themselves. Digital twins that capture and extend an individual’s intellectual presence exist today. The academic literature on the ethics of digital duplication has established a clear baseline: consent is not optional. The moment an organization begins capturing the decision-making patterns of its security team without explicit informed consent, it has crossed a line that both regulators and employees will notice, even if, in most of the world right now, nobody is formally empowered to stop it.

The incentive structure for misuse is not theoretical. AI played a role in 55,000 US layoffs in 2025 (Challenger, Gray & Christmas). Amazon, Salesforce, Accenture, Heineken, and Lufthansa have all cited AI as a contributing factor in eliminating roles. The WEF projects 92 million job displacements by 2030, with 39% of workers’ existing skill sets transformed or made obsolete. The pressure on organizations to use captured human knowledge to reduce headcount is real, active, and growing.

Amazon’s CEO said in June 2025 what most executives decline to state publicly: AI will reduce the corporate workforce in the coming years. His framing was careful, focusing on routine tasks, administrative functions, and roles where AI can automate what humans currently do. Senior security leadership was not on that list. The CISO, the GRC lead, the IR lead are judgment roles, accountability roles, built on regulatory relationships and contextual intelligence that no current AI system replicates. Today, that distinction holds.

Governance is moving. The Global Council for Responsible AI (GCRAI), operating across 77 countries, is actively working to build shared standards and influence legislators toward enforceable regulation, with a clear position: AI must evolve with transparency, security, and accountability. Singapore published the world’s first governance framework specifically for agentic AI in January 2026. In the UK, the ICO has begun auditing AI workplace tools under existing data protection law.

The challenge is that ambition and enforcement are not the same thing. The EU AI Act is currently the only binding legal instrument in existence. Full enforcement for high-risk AI systems, including those that affect workers, begins August 2, 2026, with fines reaching €35 million or 7% of global annual turnover, and extraterritorial reach covering organizations outside the EU whose AI systems affect people within it. The rest of the world is working toward something equivalent. It is not there yet. An organization that decides today to capture its employees’ institutional knowledge without consent, use it to train proprietary models, and quietly build the case for reducing headcount is, in most jurisdictions, operating in a space with no binding constraint. That is not a theoretical risk. It is the current reality.

This is where the line must be drawn deliberately, not left to chance or contract fine print.

On one side: an organization that implements AI-assisted knowledge capture with full employee consent, transparent governance, clear limits on how the data will be used, and a stated purpose of continuity for incoming talent. That is a legitimate, defensible, and long overdue investment.

On the other side: an organization that captures expertise without meaningful consent, uses it to build proprietary models that reduce dependence on human specialists, and presents employees with opt-out clauses buried in contract updates after the fact. That is not a continuity plan. It is an extraction program.

In 2026, with agentic AI accelerating faster than any governance framework can keep pace with, the difference between those two things is entirely down to the choices organizations make right now, before anyone requires them to.