
Download Transcript (pdf)
ClearTech Loop kicks off Season 3 with Phil Stafford, AI security architect and researcher, in a conversation about AI governance, agent permissions, fractional identity, MCP servers, and why AI security is becoming an operational risk issue.
ClearTech Loop: Derek Fisher on AI Governance, AI Agents, and Third-Party MCP Risk
In this episode of ClearTech Loop, Jo Peterson speaks with Derek Fisher, founder of Securely Built, cybersecurity educator, author, and Director of Temple University’s Cyber Defense and Information Assurance Program.
The conversation focuses on a challenge many organizations are facing now: AI governance is becoming an operational ownership issue. As AI shows up inside sanctioned platforms, employee workflows, local models, third-party tools, and agentic systems, organizations need more than policy language. They need visibility into where AI is being used, what it can access, who approved it, and who owns the outcome when something goes wrong.
Derek brings a practical security lens to the discussion. His perspective is grounded in product security, secure software development, governance, risk management, regulatory compliance, and cybersecurity education. In this conversation, he makes the case that AI governance has to move beyond theory and into clear operating structure.
Listen to the full episode: https://www.buzzsprout.com/2248577/episodes/19429925
Watch more ClearTech Loop episodes: https://www.youtube.com/@ClearTechResearch
Episode Overview
AI governance is no longer just about acceptable use policies or approved tool lists. Those still matter, but they are not enough when AI systems and agents are beginning to act inside real business workflows.
In this episode, Derek and Jo discuss why organizations first need to understand where AI is already being used. AI may be embedded in enterprise platforms, adopted by employees through public tools, connected to local models, or extended through agents and third-party services. Without that visibility, governance becomes difficult to enforce and even harder to prove.
The conversation also explores how organizations should think about AI agents as non-human actors with access, permissions, and the ability to trigger actions across systems. That shift creates familiar security questions around access control, approved services, logging, monitoring, and auditability.
Derek also connects third-party MCP risk back to a discipline security teams already understand: third-party risk management. The technology may be new, but the questions remain practical. What business need does this solve? What data does it touch? Who manages it? Who provides oversight? What regulatory concerns apply? And what happens if the output is wrong?
The Questions Security Leaders Should Be Asking
How do we operationalize AI governance, and who is legally accountable when an AI agent makes an unauthorized decision?
Derek’s answer starts with visibility. Many organizations do not yet know where AI is being used, how it is being used, or how company data is interacting with these systems. That creates a governance gap before the conversation even gets to accountability.
He recommends a cross-functional governance model. Executive leadership should own the organization’s AI risk appetite. A governance board should set standards, review exceptions, and define approval paths. Product and business owners should be accountable for the use cases and outcomes inside their areas.
That structure matters because AI governance cannot sit only with technology. Legal, compliance, HR, security, and the business all need a role in understanding how AI impacts the organization.
How do we prevent agents from executing actions the user should not be allowed to perform?
Derek compares AI agents to privileged accounts, with an important caveat: agents are more dynamic than traditional service accounts. They may connect to services, call tools, generate outputs, and take action in ways that require tighter oversight.
That means organizations need to define what agents can access, what services they are allowed to connect to, what actions they can take, and how those actions are logged. Role-based access control, approved service registries, guardrails, and auditing all become critical.
The goal is not just prevention. It is also evidence. If something goes wrong, the organization needs to be able to trace what happened and understand whether the agent had appropriate authority in the first place.
How do organizations verify the authenticity and security of third-party MCP servers and services?
server or AI-enabled service, organizations need to ask whether the tool solves a real business problem, whether the capability already exists internally, who will manage it, what data it touches, and whether there are regulatory or compliance concerns.
That framing is especially important for smaller and mid-sized organizations. The teams may be capable, but they are often stretched thin. When the bench is limited, the questions have to be sharper.
AI may be a new way to solve technical problems, but organizations should still apply the security disciplines they already know.
Key Takeaways
- AI governance needs ownership Policies matter, but they are not enough. Organizations need to know who owns the risk appetite, who approves use cases, and who is accountable for outcomes.
- Visibility comes first Before organizations can govern AI, they need to understand where it is being used, what systems it touches, and how company data is involved.
- AI agents require access boundaries Agents should not automatically inherit broad permissions. Organizations need controls around what agents can access, what actions they can take, and what services they can connect to.
- Third-party MCP risk is still third-party risk MCP servers and AI-enabled services should be evaluated with the same discipline organizations use for other third-party tools, with added attention to data access, oversight, and auditability.
- AI can reduce load, but only if it is trusted Security and technology teams are already overloaded. AI has the potential to reduce cognitive load, but only when organizations govern it well enough to trust the outcomes.
From AI Governance to AI Ownership

About the Guest | Derek Fisher
Derek Fisher is the founder of Securely Built and serves as Director of Temple University’s Cyber Defense and Information Assurance Program. He is a cybersecurity leader, educator, author, and speaker with experience across product security, secure software development, governance, risk management, regulatory compliance, incident response, and cybersecurity education.
Derek works with organizations on strategic planning, risk management, regulatory compliance, secure SDLC, vulnerability management, and security program development. He is also the author of The Application Security Program Handbook and the Alicia Connected cybersecurity book series for younger readers.
Listen • Watch • Subscribe
Listen to the full ClearTech Loop episode with Derek Fisher: https://www.buzzsprout.com/2248577/episodes/19429925
Watch more ClearTech Loop conversations and subscribe on YouTube:
https://www.youtube.com/@ClearTechResearch
Stay in the Loop with new episodes from ClearTech Research.
Additional Resources
- Securely Built
https://securelybuilt.substack.com/
- The Application Security Program Handbook
https://www.manning.com/books/application-security-program-handbook
- Derek Fisher on SecureWorld News
https://www.secureworld.io/industry-news/author/derek-fisher
- Your AI Coding Assistant Has Root Access—and That Should Terrify You
https://www.secureworld.io/industry-news/your-ai-coding-assistant-has-root-access