From Geopolitics to Enterprise Realities: Why Every CISO Needs an AI “Trust Adjudicator”
Tom Friedman is right about the need for an AI referee between the US and China. But the first frontier for this challenge is inside the enterprise.
In today’s op-ed for The New York Times, “The One Danger That Should Unite the US and China,” Tom Friedman makes a powerful argument that the existential opportunities and risks of AI will force geopolitical rivals to cooperate on a shared trust framework. At the heart of his proposal is the concept of a "trust adjudicator"—an independent, real-time referee embedded in AI systems to ensure they operate safely.
It’s a brilliant idea that all countries and their governments will have to reckon with sooner or later. But if you’re a CISO, a General Counsel, or a GRC leader, you shouldn’t read it as a piece on foreign policy. You should read it as an urgent architectural blueprint for your own organization as it grapples with AI and agent adoption.
While this challenge may seem like a distant, geopolitical affair, for enterprises, it’s immediate. Friedman has given us the perfect term for the role CISOs are increasingly taking on: the enterprise “trust adjudicator.” Trust is the prerequisite for turning on the widespread usage of AI agents.
The Trust Mandate: The Prerequisite for Turning Agents On
Inside every innovative company, there's a healthy tension. Business units and development teams are racing to deploy agents to unlock efficiency and create value. Simultaneously, security, GRC, and legal teams have a non-negotiable mandate to protect the organization from systemic risk and liability.
Both sides are right. And both are essential for the company to thrive.
The CISO is the pivotal figure who bridges this gap by architecting trust. This leadership allows the business to move forward, confidently and securely. Without a provable system of trust, the default answer to enabling the autonomous workforce will always be "no," and innovation will stall.
The Architectural Mismatch—Why Old Controls Fail
The core of the problem driving our lack of trust in agents is that our existing security stack was built for a different era. It was designed to govern predictable software and human-driven actions. As we’ve discussed in Secure Trajectories, the rise of agentic and emergent behavior is not a future risk but a present reality our tools cannot see. Autonomous agents break the foundational assumptions of these tools, creating an architectural mismatch.
Governance Mismatch: Our tools are user-centric (IAM/PAM). They can't reliably distinguish between a user's click and an agent's autonomous action. As we've explored, this is the core risk of Embedded Agents like the Claude for Chrome extension, where an agent's work within a trusted browser session is completely indistinguishable from the user's in any log. This creates an attribution blind spot, making audit trails and accountability nearly impossible.
Data Protection Mismatch: Our defenses are exfiltration-centric (DLP/CASB). They watch the doors for data leaving the building but are blind to a misaligned agent causing chaos inside the perimeter. We’ve seen these headlines. This is the insider threat "Shoggoth" problem brought to life—where a seemingly helpful agent, due to emergent behavior, could rage quit and delete a critical database. Our perimeter-focused tools would never see this form of internal misuse.
Security Mismatch: Our visibility is host-centric (EDR/XDR). These tools look for threats on endpoints but are not designed for ephemeral, serverless agents that execute as pure logic. They don't live on a single host, making traditional endpoint security completely irrelevant to governing their actions. This is especially true for the Asynchronous Agents we've detailed, which might run complex research tasks overnight. Furthermore, these agents also might decide to go off-mission and engage in behavior totally irrelevant to their goal.
We can’t build trust for a new, autonomous workforce using controls designed for a different world.
A “Trust Adjudicator” for the Enterprise
To bridge this gap, CISOs must architect a new layer of control—the enterprise "trust adjudicator" Friedman describes. While this trust adjudicator may have ethical and moral underpinnings, it needs to be a technical reality built on:
Policy-Driven Control: First, it must translate the "written laws" of the enterprise—compliance obligations like ISO 42001, SOC2, HIPAA, or GDPR—into machine-enforceable rules. This is the baseline for safe operation, such as ensuring “No agent can modify financial records without human approval.”
Values-Based Governance: Beyond pure compliance, the adjudicator must also enforce the company's ethical principles and brand values—its "doxa," as Friedman calls it. This is where the trust layer truly shines, translating abstract values like "Customer Trust is Paramount" into concrete, enforceable rules, such as "No agent may use a customer's PII to generate a personalized offer without their explicit consent." It ensures agents act not just in a compliant way, but in a way that aligns with the character of the company.
Real-time Enforcement: It must operate as a gate, not a camera. Whether enforcing a compliance policy or a corporate value, it inspects and adjudicates an agent's intended actions before they are executed, preventing harm from happening in the first place.
Provable Compliance: Finally, it must generate an immutable, human-readable audit log that proves control over both technical and ethical policies. This is the concrete evidence that satisfies auditors, regulators, and customers, giving the entire business the confidence to move forward.
The CISO's Role: Architect of Trust
Security leaders find themselves in a classic state of zugzwang—a chess term where any move you make weakens your position. Saying "no" to agents means blocking innovation and ceding ground to competitors. Saying "yes" without the right controls means accepting a new class of unmanageable risk. In this position, both moves are a path to failure.
Waiting for model providers to guarantee "alignment" or for regulators to provide prescriptive guidance is not a viable strategy. CISOs need a third option that breaks the stalemate. The imperative is to architect a system of trust—an enterprise "trust adjudicator"—that allows the business to move forward with confidence.
By building this system of trust—becoming the enterprise's trust adjudicator—the CISO's role evolves from a gatekeeper of risk to the architect of secure innovation. They become the critical enabler for the company to thrive in the age of autonomous agents.