
Download Transcript (pdf)
AI Governance Fails at Runtime: Billy Spears on Agent Identity, Accountability and MCP Risk
AI governance cannot stop with a policy document.
Once AI agents begin accessing data, calling tools and taking action inside enterprise systems, organizations need controls that work in real time.
In this episode of ClearTech Loop, Jo Peterson speaks with Billy Spears, a technology and cybersecurity executive, strategic advisor and CEO of a stealth cybersecurity startup, about what it takes to move AI governance from written intent to enforceable control.
The conversation examines how organizations should assign accountability when an agent makes an unauthorized decision, prevent agents from inheriting excessive authority and evaluate third-party MCP servers before connecting them to enterprise systems.
Billy’s position is direct: AI does not remove enterprise accountability. It increases the speed and scale at which weak controls can fail.
Listen to the full episode: https://www.buzzsprout.com/2248577/episodes/19490397
Watch more ClearTech Loop episodes:
https://www.youtube.com/@ClearTechResearch
Episode Overview
Organizations are moving quickly to adopt copilots, agents, plug-ins and other AI-enabled tools. Governance efforts, however, are still often centered on acceptable-use policies, approved-tool lists and oversight committees.
Those measures matter, but they cannot determine whether an agent should be allowed to take a specific action at a specific moment.
Billy and Jo discuss why identity must become the control plane for agentic AI. Every action should resolve to an identifiable user, service or approved process with clearly defined authority.
As Billy explains:
“AI is not eliminating risk; it’s amplifying the consequence of weak controls.”
The episode also explores why agent permissions need to be constrained, why authorization should be checked when an action is executed and why third-party MCP servers should be treated as part of the broader technology supply chain.
The Season 3 Questions We’re Asking
How do we operationalize AI governance, and who is accountable when an agent makes an unauthorized decision?
Billy draws a clear distinction between documenting a policy and enforcing governance.
Organizations may approve the use of an AI agent without approving every action that agent can technically perform. An agent might be permitted to review an account but not change it, summarize a contract but not approve it, or identify a vulnerability without pushing a fix into production.
Those boundaries must be enforced while the action is taking place.
Accountability also remains with the enterprise. Leadership owns the risk model, technology and security teams own control design, and business owners remain accountable for how AI is used inside their workflows.
AI has not removed accountability. It has made failure faster.
How do we prevent agents from exceeding the user’s authority?
The confused deputy problem occurs when a user has limited access but the agent acting on their behalf has broader credentials.
Billy argues that agents should use constrained permissions rather than shared or system-level credentials. Each action should be revalidated based on the identity making the request, the authority that identity holds and the action the agent is attempting.
If those elements do not align, execution should stop.
Helpful does not mean authorized. Giving an agent broad access and trusting it to exercise good judgment is not governance. It is an access-control failure moving at machine speed.
How should organizations evaluate third-party MCP servers?
Third-party MCP servers can connect AI systems to tools, data, APIs and internal platforms. That convenience can also create privileged access paths into enterprise environments.
Billy’s recommendation is simple: do not trust them by default.
MCP servers should have a verifiable identity, limited access and clear authorization boundaries. Their execution should be isolated, and their behavior should be monitored over time.
Organizations should also understand the models, plug-ins and dependencies behind the service. An MCP server is not simply an AI feature. It is part of the technology supply chain and should be reviewed accordingly.
Calling it AI should not earn it a hall pass.
Key Takeaways
- AI governance requires runtime enforcement. Policies define expectations, but technical controls determine what agents can actually do.
- Every AI action needs an identity. Organizations must be able to trace an action back to the user, service or approved process whose authority was used.
- Agent permissions need clear boundaries. Agents should receive only the access required for the task and should be reauthorized when consequential actions occur.
- MCP security is third-party risk. MCP servers should be verified, isolated, monitored and treated as part of the enterprise technology stack.
- The enterprise still owns the outcome. AI does not absorb legal, operational or executive accountability.
From AI Policy to AI Control
The next phase of AI governance requires organizations to apply controls where agents actually operate.
Resolve the identity
Know who or what is acting and whose authority is being used.
Constrain the delegation
Give agents only the access required for the task.
Authorize the action
Revalidate consequential actions at execution time.
Verify the connection
Treat MCP servers and third-party tools as supply chain components.
Monitor the behavior
Maintain visibility into tool calls, data access and policy decisions.
Prove the outcome
Preserve the evidence needed for audits, investigations and accountability.
Bottom line: Policy defines intent. Runtime controls enforce it.
About the Guest | Billy Spears
Billy Spears is a technology and cybersecurity executive with more than 25 years of experience across information security, IT, software development, privacy and business operations.
He has held executive roles at organizations including Dell, Hyundai and LoanDepot and has served as an adjunct professor of cybersecurity. Billy currently advises executives, boards and investors on AI adoption, cybersecurity risk, cloud strategy and technology transformation while building a stealth cybersecurity startup.
He is also a speaker, author, investor, board advisor and U.S. Marine veteran.
Listen • Watch • Subscribe
Listen to the full ClearTech Loop episode with Billy Spears: https://www.buzzsprout.com/2248577/episodes/19490397
Watch more ClearTech Loop conversations and subscribe on YouTube:
https://www.youtube.com/@ClearTechResearch
Stay in the Loop with new episodes from ClearTech Research.
Additional Resources
- NIST AI Risk Management Framework
https://www.nist.gov/itl/ai-risk-management-framework
- OWASP: A Practical Guide for Securely Using Third-Party MCP Servers
https://genai.owasp.org/resource/cheatsheet-a-practical-guide-for-securely-using-third-party-mcp-servers-1-0/
- Model Context Protocol: Security Best Practices
https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices
- MITRE ATLAS: Adversarial Threat Landscape for AI Systems
https://atlas.mitre.org/