01
Agentic Control Failure Workshop
Engagement contextRisk and compliance training leads who need their teams to understand agentic AI control failure at the operational level — and what to do about it.
Regulated institutions are deploying agentic AI faster than the teams governing it can interpret what the control failures actually look like. This workshop gives risk and compliance teams a working framework they can apply to systems already in production — not principles, but a structured method. The curriculum covers four areas: the AI Control Failure Taxonomy and its five failure modes, examined through incident-based case analysis; why existing penetration testing and compliance review methodologies do not detect agentic control failure; the EU AI Act and FINMA regulatory obligation map for deployed agents; and a structured assessment method participants leave with and can apply to their own deployments. Two booking models: institutional session for one organisation, or open enrolment with participants from multiple institutions.
Approach
Practitioner curriculum for risk, compliance, audit, and security teams in regulated institutions — designed for the people who govern deployed AI systems
Output
Working knowledge of the five control failure modes · regulatory obligation map · structured method for assessing a deployed agentic system
Format
Half-day · Virtual or on-site · Fixed curriculum · Institutional booking or open enrolment · English and German
02
Interim AI Risk Management
Engagement contextRegulated financial institutions that need AI risk management leadership embedded in the function now — before a permanent hire is in place and while active compliance deadlines apply.
The EU AI Act places deployer obligations on regulated institutions from August 2026. FINMA Guidance 08/2024 applies now. Most institutions subject to both do not have a dedicated AI Risk Manager in place — and building the function from scratch while navigating active compliance timelines requires someone who understands both the regulatory architecture and the operational layer of deployed AI systems. This engagement embeds that capability directly into the institution's risk and compliance function for a defined period — typically three to six months at 20–30% FTE — producing a functioning AI risk framework, documented control architecture, and a governance structure the institution owns after the engagement ends.
Approach
Embedded practitioner model — working inside the institution's risk and compliance function, building alongside the team rather than advising from outside
Output
Functioning AI risk framework · Agentic Control Plane design · Regulatory evidence package for FINMA and EU AI Act · Documented handover to permanent function or ongoing advisory
Format
3–6 months · 20–30% FTE · Fixed weekly rate · FINMA-supervised and EU-regulated institutions · Swiss and EU markets
03
Agentic Governance Advisory
Engagement contextRisk and compliance leadership at regulated financial institutions operating agentic AI in production who need the governance layer between the policy document and the deployed system.
Most regulated institutions have an AI governance policy. Few have the operational architecture that makes it enforceable at the deployment layer. This mandate closes that gap — translating governance commitments into the control structures a regulator can audit and a risk committee can act on. Work covers AI control framework design, Agentic Control Plane architecture, EU AI Act and FINMA readiness, behavioural governance implementation, and board-level reporting structure. The Agentic Control Plane is the live operational layer giving every department real-time visibility into what an agent is doing, under whose authority, and within what boundaries — the difference between a governance document and a functioning control system. Each mandate is scoped in a discovery call, with a written proposal returned within one week.
Regulatory anchors
EU AI Act Articles 9, 14, 26 · FINMA Guidance 08/2024 · GDPR Articles 5, 25, 32 · EBA AI/ML risk guidelines where applicable
Output
Agentic Control Plane design · control framework documentation · regulatory evidence package · board reporting structure
Format
Fixed-scope or phased engagement · All deliverables documented for risk committee and regulatory review
04
Agentic Control Assessment
Engagement contextSecurity leadership inside the organisation operating the deployed agentic system — who need to know what it is actually capable of doing, not what it was designed to do.
This assessment exists for an operational decision. Traditional penetration testing examines whether someone can break into a system. An Agentic Control Assessment examines what the deployed system does when it pursues its objective by a route no one authorised. The output is not a risk score for a third party — it is a behavioural capability map for the team responsible for the deployment. Four structured assessment categories are applied to live production systems: goal displacement through context manipulation and crafted inputs, permission escalation by chaining individually authorised actions, audit completeness to determine whether unauthorised actions leave a traceable record, and cascading failure to assess whether one agent's output can function as malicious input to a second agent in the same environment.
Approach
Structured behavioural assessment of live agentic deployments — conducted on production systems, not models in isolation, not pre-deployment simulation
Output
Behavioural capability map showing what the deployed agent is actually capable of doing, including what was never designed or authorised · remediation priorities at tool, permission, and audit layers — structured for internal security decision-making, not external reporting
Format
Fixed-scope · Structured assessment of production deployments · Confidential engagement
05
AI Agent Control Assessment for Underwriting
Engagement contextUnderwriters and emerging risk leads who need to price agentic AI exposure before binding coverage — and insured organisations required to demonstrate control architecture as a coverage condition.
This assessment exists for a risk transfer decision. Agentic AI liability is being underwritten without a methodology built for systems that pursue objectives. Traditional cyber questionnaires were designed for systems that wait for instructions — they do not reach the behavioural control layer. This assessment evaluates a deployed agentic system's control architecture against five failure modes and produces output structured for an insurance decision: a per-failure-mode risk score, an aggregated underwriting rating, and a one-page carrier summary. Two delivery models: carrier-commissioned as pre-bind due diligence, or insured-commissioned as a condition-of-coverage requirement.
Covers
Tool permission architecture · behavioural logging · human oversight design · rollback capability · regulatory exposure — EU AI Act Articles 9 and 14, FINMA Guidance 08/2024
Output
Risk score per failure mode · aggregated underwriting rating · one-page carrier summary · red flag register with remediation priority — structured for a coverage or pricing decision, not internal use
Format
Fixed-scope · Remote-first, on-site interviews available · Carrier-commissioned or condition-of-coverage delivery models
06
Forensic Second Opinion
Engagement contextCompliance and legal leadership at institutions whose prior AI governance assessment did not reach the execution layer, or who are facing regulatory scrutiny the prior work leaves unanswered.
Governance frameworks delivered as advisory documents typically name the right principles but do not reach the control architecture of the deployed agents. This review identifies exactly what the prior assessment missed at the agentic execution layer — and documents it with the specificity a regulator or an incident investigation would require. The scope is fixed to that gap: not a repeat of the prior engagement, but a forensic review of what it did not reach.
Approach
Gap analysis against the AI Control Failure Taxonomy at the execution layer, not the policy layer
Output
Ranked control failures with regulatory exposure per finding · remediation architecture for the highest-priority gaps · one-page executive summary suitable for board or regulatory reporting
Format
Fixed-scope · Examiner-ready documentation · Confidential review
07
Speaking
Engagement contextConference organisers, institutional event leads, and association programme committees seeking a practitioner session on agentic AI control failure, behavioural governance, and the regulatory response.
Available for keynote and panel engagements on agentic AI control failure, behavioural governance, and the gap between current compliance frameworks and the execution layer of deployed AI systems. Sessions draw directly from primary research, regulatory analysis, and the AI Control Failure Taxonomy. Delivered in English and German. Current topics include: AI Agents Don't Break the Rules — They Follow the Wrong Ones; The Governance Gap EU AI Act Does Not Close; and What Forensic Investigation Reveals About Agentic AI Control Failure. Upcoming: WIC Day 2026, Kongresshaus Zürich, September 17.
Output
Keynote or panel session · Practitioner-led · Primary research grounded · Audience: risk, compliance, security, and legal leadership
Format
By enquiry · English and German · In-person and virtual · DACH and international