In our webinar March 5, I was joined by Jon Erik Bjøre, Vice President Technology Management at the energy company Equinor and Adithya Narayanan, Product Manager at Microsoft to discuss security, privacy, and compliance for AI and Agents.
Equinor saved 130 million USD last year by using AI and Agents, and I will in this blog post share some of the key insights on how to enable AI and agents to deliver business value without compromising security, privacy, or compliance.
1. AI Strategy Should Be Directional, Adaptive, And Incremental
“We actually only need the direction, because the world is changing so fast.” — Jon Erik Bjøre, Vice President Technology Management, Equinor
Recommendations:
- Shift from static 3-year strategies to rolling 6–12-month horizons.
- Review and adjust strategic priorities quarterly.
- Focus on clear directional statements, not rigid roadmaps.
2. AI Must Deliver Measurable, Bottom-Line Value
Recommendations:
- Define value metrics before building anything.
- Tie AI projects to KPIs like efficiency, cost reduction, safety, or compliance.
- Track and report measurable results throughout the AI lifecycle
3. Strong Foundations Are Essential For Scaling AI
Recommendations:
- Establish unified data and identity platforms.
- Create consistent development patterns and governance processes.
- Define roles and responsibilities across business and IT.
4. Data Quality And Access Governance Determine AI Reliability
“If you feed it with not‑so‑good data, you’re not gonna get the result you expect.” — Jon Erik Bjøre, Vice President Technology Management, Equinor
Recommendations:
- Implement classification, labeling, and lineage.
- Apply least‑privilege, identity‑based access controls.
- Continually audit and monitor data flows into AI systems.
5. AI Agents Introduce New Governance Requirements
Recommendations:
- Register agents and assign identities.
- Classify agent risks by function and impact.
- Apply oversight—especially human‑in‑the‑loop—for sensitive operations.
6. Balance Innovation And Control
Recommendations:
- Provide safe environments and approved tools to prevent shadow AI.
- Introduce guardrails that enable innovation without creating exposure.
- Apply proportional governance and security: stricter for high‑risk, lighter for low‑risk use cases.
7. Prioritize High‑Impact Use Cases First
Recommendations:
- Start with areas where data is ready and business value is highest.
- Select use cases that demonstrate fast wins to build organizational momentum.
- Avoid spreading resources across too many initiatives early on.
8. Failure Is A Necessary Part of AI Maturity
Recommendations:
- Encourage rapid prototyping in controlled sandboxes.
- Document and analyze the reasons for failure.
- Sunset solutions quickly when they fail governance or value tests.
9. Business Owns The “Why”; IT Owns The “How”
Recommendations:
- Business defines value, outcomes, and prioritization.
- IT designs secure, scalable architecture and enablement.
- Ensure both share responsibility for adoption and change management.
10. AI Governance And Security Must Be Evergreen
Recommendations:
- Review policies, risks, and agent behavior frequently.
- Update governance to reflect new technologies and regulations.
- Treat AI governance and security as a permanent, living discipline.
How Infotechtion Helps Organizations Build Secure, Governed & High-Value AI Programs
- Establishing a Responsible AI Model https://www.infotechtion.com/responsible-ai
- Securing and Governing AI and Agents https://www.infotechtion.com/agent-security
- Designing and Evolving an Agentic Blueprint https://www.infotechtion.com/agentic-blueprint
Contact us today to speak with an expert and learn how to enable AI and intelligent agents to deliver real business value—without compromising security, privacy, or compliance. Our team is here to support you at every step of your journey.
Check out the webinar recording if you missed the webinar Know Your Data. Control Your Risk. Enable AI. | Infotechtion
