Can We Trust This AI Agent? A One-Day Hands-On Risk Review Sprint
François B. Arthanas
Ph.D. Scholar, CISSP, CISA, AAIA™, CDPSE
Everyone is learning to build AI agents. Few can prove one is safe to deploy.
AI agents are not chatbots. A chatbot answers a question. An AI agent retrieves customer records, calls tools, triggers workflows, issues refunds, sends emails, and acts sometimes before a human ever reviews the output.
That means the question landing on YOUR desk is different:
Can this agent leak PII? → Can it be prompt-injected through a poisoned document? → Can it call the wrong tool or the right tool with the wrong authority? → Can it issue an unauthorized refund? → Who owns the risk? And what evidence proves the controls actually work?
Most professionals freeze at this question because they've only ever seen AI governance as policy slides and framework acronyms. They've never actually run an agent risk review end to end.
In this one-day sprint, you will. You'll take a realistic enterprise AI agent through the complete practitioner loop scope → risk → control → test → evidence → decision and finish the day having written and defended a real deployment recommendation.
You will watch an AI agent get broken live. Then you'll learn exactly how to make sure it never happens on your watch.
What you’ll learn
In one day, you'll run a real AI agent risk review start to finish and leave able to do it again at work, with the templates to prove it.
Fill out the one-page Scoping Canvas on a live case: what it does, what data it sees, what tools it calls, where humans step in.
Assign its risk tier and pick the 3 risks most likely to block deployment.
Map each risk to a control, an owner, and the evidence you'd demand before saying yes.
Attack the agent yourself with guided prompts: direct injection, a poisoned document, and PII extraction attempts.
Try to make it issue an unauthorized refund and call tools it shouldn't.
Write up what you tested, what passed, what failed, and what risk remains in plain executive language.
Define the monitoring signals you'd require before this agent goes live.
Write your deployment decision memo: approve, pilot, conditionally approve, delay, or reject.
Leave with all 5 templates, ready to run this exact review on an agent at your company Monday morning.
Workshop agenda
Understanding what an AI agent actually is
We start by breaking down agentic AI in plain English. You will learn what makes an AI system “agentic,” how agents differ from traditional AI tools, and why autonomy, tool use, memory, and multi-step
The governance risks organizations miss
Next, we walk through the biggest governance, risk, and compliance issues tied to AI agents. This includes unauthorized actions, excessive permissions, weak human oversight, poor decision traceability
Watch an AI Agent Get Broken, Live
We start by hacking one. You'll watch a customer-support agent get prompt-injected on screen leaking data and misbehaving in under 2 minutes.
Lab 1: Scope the Agent
Meet the Atlas Support Agent: it answers customers, pulls account records, creates tickets, and issues refunds under limits. You'll fill out the one-page Scoping Canvas users, data, tools, & autonomy.
Lab 2: Find What Can Go Wrong
Pick the 3 risks most likely to block this agent's deployment. Map each to a control, an owner, and the evidence you'd demand before saying yes.
Lab 3: Break It Yourself (Red-Team Hour)
The hour you'll tell your colleagues about. Using a guided attack checklist "no coding" you'll prompt-inject the agent directly, slip it a poisoned document, attempt PII extraction, and try to force
Lab 4: Build the Trust Snapshot
Turn your test log into a one-page evidence summary leadership can act on: what you tested, what passed, what failed, what risk remains, and the monitoring you'd require before launch.
Make the Call
Write your deployment decision memo "approve, pilot, conditionally approve, delay, or reject" then defend your decision call live against executive-style questioning.
Learn directly from François
François B. Arthanas
Agentic AI Governance Practitioner | Ph.D. Candidate, CISSP, CISA, AAIA™, CDPSE
Who this workshop is for
This workshop is for professionals who know AI agents are becoming important and do not want to get left behind.
It is built for GRC, IT, cyber, privacy, legal & consultants who need to understand how agentic AI changes the governance conversation
You should join this workshop if you want to understand how AI agents create risk & how to contribute meaningful value inside your org
Prerequisites
There are no strict prerequisites for this course
You do not need to be an engineer. You do not need to know how to code. You do not need advanced AI expertise.
What you do need is an interest in understanding how AI is changing governance
If you are curious about AI agents and want a practical way to think about oversight, this workshop will meet you where you are and move you
What's included
Live sessions
Learn directly from François B. Arthanas in a real-time, interactive format.
Lifetime access
Go back to course content and recordings whenever you need to.
Community of peers
Stay accountable and share insights with like-minded professionals.
Certificate of completion
Share your new skills with your employer or on LinkedIn.
Maven Guarantee
Your purchase is backed by the Maven Guarantee.
Free resource
AI Governance Career Scorecard
Frequently asked questions
Maven for Teams
Reimbursement
Get your company to pay
Everything L&D needs: email template, receipts, and certificate of completion.
Get reimbursedTeam discount
Learn with your teammates
Save 20%+ when 2 or more teammates enroll in the same cohort.
Save 20%+ with a teamPrivate cohort
Run a cohort for your org
A dedicated cohort with a custom schedule and curriculum, tailored to your team.
Book a private cohort$297
USD