Most people are learning how to build AI Agents Very few know how to govern them
That is the opportunity.
AI agents are not normal chatbots.
A chatbot answers a question.
An AI agent can retrieve data, call tools, search documents, trigger workflows, draft customer responses, make recommendations, and interact with enterprise systems.
That means the risk is different.
A normal software review does not answer:
-> Can this agent leak PII?
-> Can it be prompt-injected?
-> Can it call the wrong tool?
-> Can it issue an unauthorized refund?
-> Can it act outside its authority?
-> Who owns the risk?
-> What evidence proves the controls work?
Most companies are not blocked by lack of AI tools.
They are blocked because they cannot prove their AI agents are trustworthy enough to deploy.
This course gives you the operating system.You will learn how to move from:
Framework → Risk → Control → Test → Evidence → Monitoring → Executive DecisionThat is what organizations need NOW. They need practitioners who can look at an AI agent and say:
“Here is what it does. Here is what can go wrong. Here are the controls. Here is the evidence. Here is what leadership should decide.”
That is what this course trains you to do.
What you’ll learn
By the end of this course, you will know how to evaluate an enterprise AI agent from first review to deployment decision.
Map the agent’s use case, users, data access, tools, autonomy, human review, and business impact.
Separate low-risk assistants from high-impact agents that need formal controls and approval.
Identify what is in scope, out of scope, unknown, and too risky to ignore before launch.
Identify security, privacy, safety, reliability, vendor, misuse, and accountability risks.
Map each risk to a control owner, evidence source, test method, and monitoring signal.
Move from vague AI concerns to practical governance artifacts leaders can act on.
Evaluate prompt injection, jailbreaks, indirect injection, data leakage, and unsafe outputs.
Test bad tool calls, privilege failures, unauthorized actions, and weak tool permissions.
Assess hallucinations, grounding, retrieval quality, citations, and response reliability.
Produce weekly artifacts covering scope, privacy, security, safety, reliability, and vendor risk.
Create monitoring signals, KRIs, retest triggers, evidence owners, and review cadences.
Package your work into a portfolio-ready Trust Evidence Pack you can reuse after the course.
Write a clear recommendation to approve, pilot, conditionally approve, delay, or reject.
Explain residual risk, missing evidence, control gaps, launch conditions, and monitoring needs.
Practice defending your decision in a mock deployment review board using evidence, not opinion.
Learn directly from Francois
Francois B. Arthanas
AI Governance Advisor & Ph.D. Scholar (CISSP, CISA, AAIA) | Founder, Cyber Pros
Who this course is for
This course is for the person who will be asked: “Can we trust this AI agent?”
You are a strong fit if your role touches AI Governance, risk, security, privacy, product, vendor review, compliance, audit, and legal.
You are also a strong fit if you know AI agents are coming into your organization and you want to become the person who can evaluate them.
Prerequisites
There are NO technical prerequisites
You do not need: Coding skills, Machine learning experience, AI researcher, Advanced Cybersecurity background
You should have
Basic familiarity with GRC concepts risk management, internal controls, compliance frameworks, audit fundamentals
What's included
Live sessions
Learn directly from Francois B. Arthanas in a real-time, interactive format.
Agent Scope, Architecture & Control Applicability Brief
Define what the agent does, who uses it, what systems it touches, what data it accesses, what tools it calls, where humans intervene, and which controls apply.
Data, Privacy & IP Evidence
Map prompts, outputs, logs, memory, retrieval, PII, IP, retention, deletion, model-provider use, tenant isolation, and data-handling evidence.
Security Threat Model & Adversarial Test Plan
Threat-model prompt injection, jailbreaks, indirect injection, endpoint abuse, tool misuse, unauthorized actions, privilege failures, and MCP/tool-interface risks.
Safety Risk Taxonomy & Human Review
Define harmful outputs, high-risk categories, out-of-scope behavior, escalation rules, severity levels, review workflows, and safety monitoring signals.
Reliability, Hallucination & Tool-Call Assurance
Evaluate hallucinations, grounding, retrieval quality, citation quality, tool selection, parameter correctness, authorization, rollback, and circuit breakers.
Accountability, Vendor Risk & Incident Response
Build the AI RACI, vendor due diligence checklist, acceptable use policy, incident response plan, logging requirements, disclosure approach, and regulatory mapping worksheet.
Production Monitoring & Control-to-Evidence Map
Create KRIs, alert thresholds, retest triggers, monitoring signals, evidence owners, review cadence, residual risk register, and customer-facing trust package.
Executive Deployment Decision Memo & Board Briefing
Present a clear recommendation to approve, approve for pilot, conditionally approve, delay, or reject deployment.
Office Hours & Community
Once a week for 60 minutes. Bring your deliverable drafts, your career questions, your workplace challenges and get personalized coaching. We also have a dedicate private community for ongoing discussions, updated templates, job opportunities, peer networking, and direct access to the instructor.
Certificate of Completion
Official program certificate. But more importantly a portfolio that proves you can do the work.
Maven Guarantee
Your purchase is backed by the Maven Guarantee.
Course syllabus
24 live sessions • 29 lessons • 18 projects
Week 1
Aug
4
Session 1 (Tue): The Enterprise Agentic AI Trust Problem
Aug
5
Optional: WEEK 1: Office Hours (Wednesday, 60 min) NOT 🔴 RECORDED
Aug
6
Session 2 (Thu): Agent Scoping, Architecture, and Risk Tiering
[Lab Exercise] Shadow AI Discovery Audit
Case Study: Amazon's AI Hiring Tool (The Algorithm That Learned to Discriminate)
BONUS Deliverable: Stakeholder Analysis Matrix
FAQ and Links
Week 2
Aug
11
Session 3 (Tue): Data, Privacy, IP, and Retention Controls
Aug
12
Optional: WEEK 2: Office Hours (Wednesday, 60 min) NOT 🔴 RECORDED
Aug
13
Session 4 (Thu): Data Leakage, PII, IP, and Tenant Isolation
[Lab Exercise] Designing Meridian’s AI Governance Charter, RACI, and Escalation
Case Study: Air Canada Chatbot Ruling (2024)
FAQ and Links
Schedule
Live sessions
3-5 hrs / week
Designed for working professionals
Tue, Aug 4
10:00 PM—11:30 PM (UTC)
Wed, Aug 5
10:00 PM—11:00 PM (UTC)
Thu, Aug 6
10:00 PM—11:30 PM (UTC)
Projects
2-5 hrs / week
Have Question? Schedule a Quick call w/ Francois
Frequently asked questions
AI Governance Career Scorecard
Your personal roadmap to becoming interview-ready in AI GRC. Score yourself across 28 items for FREE
Maven for Teams
Reimbursement
Get your company to pay
Everything L&D needs: email template, receipts, and certificate of completion.
Get reimbursedTeam discount
Learn with your teammates
Save 20%+ when 2 or more teammates enroll in the same cohort.
Save 20%+ with a teamPrivate cohort
Run a cohort for your org
A dedicated cohort with a custom schedule and curriculum, tailored to your team.
Book a private cohort$2,497
USD