Convergence¶
All three learning tracks end here. This is where the roles come together.
Why convergence matters¶
AI runtime security is never a single team's problem:
- Security architects design controls, but they need governance requirements to know what to control and engineering capacity to know what's buildable.
- Risk and governance professionals set oversight requirements, but they need architectural patterns to know what controls exist and engineering input to know what's observable.
- Engineering leads build and operate, but they need security requirements to know what to instrument and governance context to know what evidence to produce.
The Phantom Compliance failure wasn't caused by any one role's oversight; it emerged in the gaps between them. Agent B's retrieval was an engineering observability gap. The lack of chain-level controls was a security architecture gap. The absence of agent delegation governance was a risk framework gap.
Fixing it requires all three perspectives.
The exercise¶
The cross-functional exercise puts you in a scenario where security, governance, and engineering must collaborate on an agent chain risk assessment.
If you can, do this exercise with colleagues from the other roles. If you're working solo, take each perspective in turn, as the exercise is designed to highlight the tensions and trade-offs between them.