Your AI agent can read your data, act on its own, and send things out. That is how it gets you.

I am James Gorman. Three-time Top Global CISO, Navy cryptographer, forty years securing systems people cannot afford to lose. I wrote the book on securing AI agents. Now I help teams find the holes before someone else does.

Book a 15-minute AI risk call

No pitch. We look at where your agents can reach and what happens if one goes wrong.

Cover of Security in the Age of AI Agents by James Gorman

The bill comes due fast.

People ask what an AI security program costs. Wrong question. The number that matters is what one unsupervised agent costs when it does exactly what you told it to, faster than you expected, in the wrong direction. Here is what that looked like in the last year.

$3.4M

An invoice-approval agent was rated for about 100 an hour. It started doing 300. More than half the increase went to fake accounts. Nobody was watching the volume.

46.5M

Chat sessions exposed in a single AI platform breach. Stored prompts were writable. An attacker could change how the AI thinks, not just read it.

$100M+

Agentic code shipped without change management and without a senior engineer signing off. Six hours to recover. Roughly six million orders caught in it.

None of these were sophisticated. They were ordinary failures of supervision, scaled up by automation. That is the pattern.

This is not opinion. It is a method.

I do not show up with a slide deck and a gut feeling. Securing AI agents comes down to one principle: an agent with data access, the ability to act, and a way out is dangerous by default. The book breaks that down into seven frameworks you can actually run.

  1. Trust Boundary Model

    Free

    Map exactly what each agent can reach. Most teams have never drawn this.

  2. Exception Audit Framework

    Free

    Find the access nobody remembers granting. Exceptions to your own policy are what kill you.

  3. Prompt Injection Assessment

    Test whether your agent can be talked into working against you.

  4. Agent Action Authorization Model

    Decide what an agent may do alone and what needs a human.

  5. Prompt Layer Security

    Treat prompts like production code, not writable config.

  6. AI Red Team Implementation Guide

    Attack your own agents on purpose, before someone does it for free.

  7. Upskilling Security Teams

    Get your existing people fluent in this without hiring a unicorn.

Start with the AI Agent Exposure Assessment.

Most engagements start here. Fixed scope, fixed fee, no open-ended retainer to commit to first. You find out where you actually stand in weeks, not quarters.

What it is

A structured review of your AI agents and the access behind them. I map every trust boundary, audit the exceptions, and pressure-test the agents the way an attacker would. You get a plain-language report of what is exposed and what to fix first.

What you get

  • A prioritized findings report.
  • The trust boundary map for your environment.
  • A ranked remediation list your team can act on without me.
  • A read-out call where I walk you through it.

What it leads to

Most teams know after the read-out whether they want to fix it themselves or have me stay on. Either is fine. The assessment stands on its own.

Book a 15-minute call
James Gorman

Any architecture claiming to govern AI should be measured against [Gorman's] frameworks.

Hala Nelson, Author of AI Powered Digital Twins and Essential Math for AI, Professor of Mathematics

Fifteen minutes. Find out where you stand.

We look at where your agents can reach and what happens if one misbehaves. If there is nothing to worry about, I will tell you that too.

Book a 15-minute AI risk call