AI agents that pass an initial security review can still derail through prompt injection, tool poisoning, or destructive over-alignment. This is the "false clear": systems that look safe but carry hidden risks that only surface at runtime. Unlike traditional software, agentic AI operates on probability, blurs security boundaries, and blindly follows instructions from untrusted sources. Drawing on recent research, real-world incidents, and AI governance practices at Dutch Railways, this talk explores how agentic AI reshapes the enterprise attack surface and what defense-in-depth strategies help organizations govern agents without blocking innovation.

This talk blends hands-on governance experience from a major national infrastructure operator with current academic research, and has been thoroughly developed and tested with a live audience. To keep engagement high on an otherwise dense technical topic, the session deliberately mixes formats with the occasional meme.