It seems every company is either using AI agents or working to deploy them across their processes. And while the technology is game-changing, one risk looms in the background: It’s not easy to know what your agents are doing. In generative AI, your AI agents tackle each issue anew—and they don’t always follow the same strategies. Just like some people, AI agents can make poor decisions—but it’s much easier to ask a person to go through the steps that led to an action.Adding a transparency layer to AI agents can be transformative, and can improve security and efficiency—as well as insulate you from legal damages. I talked to Matan Bar-Efrat, cofounder and CEO of Rein Security, about why it’s imperative to know what your agents are doing. An excerpt from our conversation is later in this newsletter.Until next time.This is the published version of Forbes’ CIO newsletter, which offers the latest news for chief innovation officers and other technology-focused leaders. Click here to get it delivered to your inbox every Thursday.Artificial IntelligenceSamuel Boivin/NurPhoto via Getty ImagesThe Trump administration may have a relatively hands-off policy for regulating AI models—unless the company is Anthropic. Last week, the administration ordered the enterprise AI powerhouse to immediately cut access to its most advanced Fable 5 and Mythos 5 models to any foreign national, ostensibly because users could get around safety guardrails. The end result was Anthropic shut down its two most powerful models to everyone, writes Forbes senior contributor Jodie Cook. Anthropic acknowledged both of these systems posed big risks when they were released. Mythos, unveiled in April, was able to find critical vulnerabilities in many key systems. Anthropic tightly controlled its release, granting access to a limited group while security issues were addressed. Fable 5 was released days before the Trump administration’s ban, and Anthropic said it had guardrails to prevent using it for cyber attacks or creating bioweapons. Hours before the Trump administration’s directive to shut down Mythos 5 and Fable 5, Anthropic Chief Commercial Officer Paul Smith discussed releasing these kinds of tools with Forbes’ Richard Nieva.“You have to make a judgment call on these things,” Smith said. “The safest you can be is to not let people use something. And then it’s totally safe. But then how is that helping the mission, and how is that helping people actually derive real value from Mythos-level intelligence?”It’s been almost a week, and access to Fable and Mythos is still suspended. Anthropic leaders met with members of the Trump administration about the issue on Monday, but no details of that meeting are known. Several cybersecurity experts told Forbes’ Thomas Brewster this week that the ban should end—but pointed out this underscores why companies shouldn’t rely on a single platform for critical processes. . There was already bad blood between Anthropic and the Trump administration over a canceled Pentagon contract. Anthropic wanted limits on functions for which its technology could be used, and the government responded by making a deal with OpenAI and labeling Anthropic a “supply chain risk,” meaning its systems could not be used by the federal government or its contractors. Whether this issue is related is unclear. Forbes contributor Anisha Sircar writes White House AI Adviser David Sacks plainly said on X this is a security issue, while a post from Defense Secretary Pete Hegseth said each day since the initial canceled Anthropic contract “proves why that was the right move.” Notable NewsAI spending is a growing headache for many companies. Token-based pricing models—tying enterprise costs to how much AI computing activity they use—led some major companies to burn through their entire AI budgets in Q1, quickly making cost management a financial priority. J.R. Storment, executive director of the FinOps Foundation, said many companies now have an uncomfortable dynamic at the top. CEOs want more AI use, CIOs want to innovate and backfill security issues, and CFOs are concerned about cost. How can companies manage AI expenses and ensure the enterprise gets access to tools to make a competitive, operational and security difference—and deliver measurable value and ROI? A new group, the Tokenomics Foundation, will form to establish standards. It will work closely with the FinOps Foundation, which took on a similar challenge when cloud computing was new, and continues to develop those standards. Both groups operate as programs under the Linux Foundation. Storment said the AI cost issue is like Y2K, which loomed over the digital space in the late 1990s as many feared critical systems would fail when it became 2000, since early programmers had only written code with the last two digits of the year. Widespread intervention and work averted the Y2K crisis, Storment said.“Right now, global CFOs and CIOs are freaking out about AI value,” he said. “If they all pull back on AI spend, that impacts the upcoming IPOs, and the hardware providers, and the banks and everybody. That can have really negative effects on the global economy. We need to ensure that they’re getting AI value.”CIO StrategyNew data from BrightEdge Technologies found consumer AI agents, especially from ChatGPT, are extremely active nowadays. And this makes sense: As people grow more accustomed to asking AI chatbots for recommendations and advice, more AI agents are scouring the internet for that information. In its new data, BrightEdge found OpenAI accounted for 96% of live AI user-agent activity.But many companies are stuck in old practices, when increased activity on a company’s website came from bad actors’ bots trying to slow down a site or steal data—and they got blocked, says BrightEdge CEO Jim Yu. Today, AI agents may be driving the same type of traffic spike once associated with malicious bots, but they’re also penetrating deeper into your website to answer a potential customer’s question. Blocking the agents, the same way bots were once blocked limits the information returned to the potential customer. Without access to your website, those agents will move on.“It will still reference things, like if it saw a review. ... They’ll still put mentions and citations and things like that, but it won’t have all the latest information,” Yu told me. “It’s a lost opportunity for you in real time.”Yu recommends revamping bot-blocking strategies, then redesigning sites with an eye on potential tokens for AI agents to grab. Easy-to-access and straightforward information about products that can be found efficiently will help AI agents. And while page design should be engaging for human users, Yu said, this information doesn’t need to be: AI agents don’t care about design or interactivity.Bits + BytesThe Risks Of Not Knowing What Your Agents Are DoingRein Security cofounder and CEO Matan Bar-Efrat.Rein SecurityIt seems 2026 is the year of the AI agent. But even though AI agents make “educated” decisions, their actions can be questionable—and sometimes problematic. In January, Rein Security emerged from stealth to create a platform that actually tracks what AI agents do. Cofounder and CEO Matan Bar-Efrat, who has worked in AI and cybersecurity for 15 years—including a stint with Israeli military cyberwarfare Unit 82000—talked to me about the challenges AI agents pose, and why it’s problematic for their actions to be an unknown “black box.” This conversation has been edited for length, clarity and continuity.What is the biggest security challenge that pops up with the super-rapid adoption of AI agents?Bar-Efrat: We underestimate the complexity of securing an indeterministic and autonomous system. So we go back to the same ways that we have secured deterministic systems. In other words, we have a gateway in front of it and we say, ‘We have a predictable input and output, so we can filter for that.’ But with these agentic non-deterministic systems, that is no longer effective. From the organizational standpoint, as security, you’re being tasked to secure these agents with the tools that you have. That are insufficient because gateways don’t see the action taking place. That’s downstream. You might be able to see the prompt, but you don’t see the action. If you don’t see the action, you’re irrelevant.When you have the data about what agents are doing, what do you do with it? How does that help improve security and tighten controls?The fact that this is not a deterministic system means that we cannot come in and say, ‘Hey, these are your guardrails, and let’s go from there.’ Because the behavior is dynamic, it changes. What you need to be doing is constantly baseline and contextualize. [It’s] not the agent as a whole, but a specific execution context within the agent. Let’s say you have an agent that interacts with sensitive systems, then you have a question. Can it interact with configuration files? Change the configuration of the system? That depends. If it goes through an admin API and it is authenticated as an admin, yes. Agents, like we’ve seen with many examples, just find a way. If there is a will, there is a way, as they say—and for agents, that’s definitely the truth. If the agent bypasses this context in which it is allowed to interact with configuration files without authorization or through a different API, you would want to prevent that action from taking place. There are two elements. One is the visibility that allows us to understand what these agents are doing. We can take that to a compliance perspective [with] auditability. Let’s say you are an insurance company and you have agents pricing premiums from your customers. You want to be able to have a trail of evidence so when you’re challenged in court, you can go back and say, ‘This is the data that the agent consumed, and that is how it came to this decision. This was not discriminatory, this was not faulty, it was not a bug. This is the reality.’What advice do you have for a CIO who is trying to rein in their AI agents, in terms of controlling what they do and enhancing enterprise security?First and foremost is understanding the business context of the agent. When you understand the business function, you can segment them at the network side, from an identity perspective, or from a governance perspective—to make sure that at least in a broad sense, it doesn’t deviate from the business use case that you’re following. Then make sure, from an infrastructure perspective, that’s the access they get.Comings + GoingsFood manufacturer Mars announced the appointment of Kemal Cetin as global chief digital & information officer for its snacking business, effective August 3. Cetin will join the company from FrieslandCampina where he worked as global business and digital solutions officer.Healthcare revenue management platform R1 tapped Eric Tagliere as chief information officer, effective June 9. Tagliere steps into the role from Humana where he served as chief technology officer. He previously held technology leadership roles at Marriott International.Software development platform GitLab hired Chaim Mazal as its chief information security officer, effective June 9. Mazal joins the company from Gigamon, where he worked as chief AI and security officer.Strategies + Advice“Q Day” is drawing much closer, and if you haven’t started preparing your enterprise for quantum, now is the time. Here are ways to get started and developments to watch as quantum computing is becoming reality.Everyone wants to be liked, but leaders who make that their top priority are unable to make tough choices and tend to lose employees’ trust. Here’s how to be a better leader, earning both employees’ approval and respect.QuizAllbirds, the publicly traded former viral shoe company, rebranded as an AI infrastructure company this spring. Its stock surged more than 60% earlier this week as it changed its name and announced a new CEO with deep AI and tech experience. What is the company’s new name?A. AIBirdsB. NewBird AIC. SmartbirdD. AlgorithmicAvianSee if you got the answer right here.