AI Agents Are the Newest Unscannable Asset. Boards Need a Dollar Figure.
9 MIN READ
The gap between adoption and visibility just got wider
Ninety-two percent of security professionals said in Darktrace's 2026 State of AI Cybersecurity report that they are worried about the impact of AI agents on their organisation. That number is not a mystery. Autonomous agents are being deployed by finance, marketing, engineering, HR and customer support — often outside the security team's line of sight — and they take actions in the real world, not just make suggestions.
The worry is real. The visibility is not.
Almost no board in Australia today can answer the follow-up question that comes next: and what does that risk cost us if it goes wrong, in dollars, this year? Cyber Security Alliance's 2026 industry survey shows CROs and directors are being pushed to quantify cyber risk in financial terms — for DORA, for NIS2, for APRA CPS 234, for the SOCI CIRMP attestation. AI agents are entering enterprise stacks at exactly the moment boards are being told to price cyber risk in the same language they price everything else.
If your risk register has a row for "AI agents" today, it almost certainly reads "emerging risk — monitoring." That will not survive the next twelve months.
The uncomfortable truth: AI agents are the newest member of an old and familiar family — the unscannable asset. And every existing CRQ tool on the market was built on the assumption that it can scan the thing it is pricing.
What "unscannable" really means — and why AI agents fit
Cyber risk quantification (CRQ) is not new. FAIR — Factor Analysis of Information Risk — has been the reference methodology for more than a decade. Boards ask "how bad, in dollars, over the next year?" and CRQ answers with Annual Loss Expectancy (ALE) plus confidence intervals.
The problem is not the maths. The problem is the inputs.
Every mainstream CRQ platform derives its inputs from scans: vulnerability scanners, EDR telemetry, cloud posture tools, SIEM feeds. Point the scanner at the asset, watch it emit a signal, translate the signal into a probability, feed the probability into Monte Carlo, get a distribution.
That entire pipeline breaks the moment the asset can't be scanned. And there is a large, well-known family of assets that can't.
CyQuantiFi has been shipping the two-mode approach — telemetry for the scannable, expert consensus for the unscannable — since 2024. The pattern is familiar. What is new is that AI agents have quietly joined this list, and they are already in your building.
An autonomous or semi-autonomous agent is unscannable for a different reason from the others, but the practical result is identical:
- Its behaviour is non-deterministic — the same prompt does not always produce the same output.
- Its attack surface is composite — the model, the tool bindings, the systems it can write to, the humans it displaces.
- Its risk propagates through actions it takes, not through packets on a wire.
- No CVE will ever fully describe it.
You cannot point a vulnerability scanner at Claude, or GPT-5, or an internal agent your engineering team wired up in April. You will get back nothing that resembles cyber risk. And yet the agent may hold write access to your CRM, your ledger, your customer-support inbox, your internal Slack, or your production database.
Every existing CRQ tool assumes it can scan. AI agents break that assumption in the same way OT and Defence assets broke it — just faster, and across every industry at once.
The compliance wall is arriving quicker than the market thinks
Regulators are catching up faster than the vendors are.
The world's first international management-system standard specifically for AI — now certifiable. Expect it to follow ISO 27001's path from "nice to have" to "required by RFP" through 2026–2027. That is not a five-year runway. That is the current fiscal-year procurement conversation.
Guidance published on AI risk in regulated financial entities. Direction of travel is clear: quantified, board-attested AI risk oversight will not be optional for banks, insurers or superannuation trustees.
Revised early 2026 — explicitly requires AI risk to be tracked in the same governance rhythm as cyber risk. Same dashboards, same board reports, same dollar figures.
Negotiated before the current wave of agentic systems. Legal counsel across APAC now advises boards to assume regulators will retroactively expect quantified risk artefacts for autonomous agents.
Boards are about to be asked, in writing, whether they are comfortable with the AI agent risk in their organisation. "We are actively monitoring it" is not an answer. Neither is "our GRC platform tracks it as amber." Both fail the same test: they do not translate into a defendable dollar figure.
What CRQ has to do differently for AI agents
Quantifying AI agent risk is not a new problem. It is the unscannable asset problem, applied to a new category. The methodology CyQuantiFi built for OT, SCADA and Defence assets works here for the same reason it works there: you do not need to instrument the asset to price it. You need calibrated expert input, structured scenario modelling, and Monte Carlo — anchored to real business impact.
The steps are the same. The vocabulary shifts.
| Step | Traditional asset | AI agent equivalent |
|---|---|---|
| Inventory | CMDB, EDR, cloud tags | Who owns which agent? Which model, which tools, which systems can it write to? |
| Scenario modelling | Attack graph, MITRE ATT&CK | Prompt injection, data exfiltration, wrong action taken, model drift, tool-chain compromise |
| Probability | CVE / EPSS / scan output | Expert elicitation from the operators, calibrated over time |
| Impact | Business impact analysis | Same. The dollar consequence of the wrong action does not change because the actor was silicon. |
| Aggregation | Monte Carlo → ALE | Same. Distribution, not a single number. Confidence intervals, not a colour. |
The two hard bits — inventory and probability — are exactly where AI agents cause the most quiet damage. If IT does not know the agent exists, IT cannot price it. If nobody has been asked to give a calibrated probability for a prompt-injection attack succeeding against the ledger-writing agent Finance stood up last month, the risk sits at zero on the register.
Silent zeros are the most expensive numbers in a cyber risk portfolio.
Five steps to quantify an AI agent your organisation already deployed
You do not need a full CRQ platform to start. You do need discipline.
Inventory the agents
Not just the ones IT deployed. Ask Finance, Marketing, HR, Customer Support and Engineering. In our experience, the first honest inventory is 3–5× larger than the last one anybody drew.
Draw the scenario
For each agent, name the two or three worst outcomes if it were compromised or if it acted incorrectly. Wrong money paid. Wrong customer contacted. Wrong data disclosed. Wrong record updated. Attach a dollar range to each outcome using the same business-impact analysis you use for a ransomware scenario.
Elicit probabilities from the operator, not the scanner
The person closest to the agent — usually the engineer who wired it up, or the operations manager who uses it every day — has better calibration than any external tool. Ask them for a range, not a point. Track their accuracy over time.
Run the maths, honestly
Monte Carlo over the ranges. Present the P50, the P95, and the tail. Do not present a single number and do not present a colour.
Show the board the same view you show for scannable assets
Same ALE. Same confidence intervals. Same currency. The whole point of quantification is that it produces one language for every risk on the register — and the board should not be asked to switch languages when the conversation turns to AI.
If your risk platform cannot do these five steps for AI agents today, it is not an AI problem. It is a tooling problem.
The bottom line
The 92% number from Darktrace is not the story. The story is that ninety-two out of a hundred security leaders are worried, and fewer than a handful of boards can defend a dollar figure that represents that worry.
That gap is not going to close by itself. It will close either because (a) organisations do the work now, or (b) regulators, insurers and shareholders do the work for them — retrospectively, punitively, and expensively.
AI agents are the newest unscannable asset. The tooling for pricing them is the same tooling that already exists for OT, Defence, legacy and third-party assets. What is required is not new mathematics. What is required is the discipline to inventory the agents you already deployed, name the scenarios that keep the operators awake, and translate the answers into dollars.
Boards will not accept another year of "emerging risk — monitoring." The next attestation cycle is real. The dollar figure is either yours to author, or someone else's to impose.
We would rather it was yours.
Founder & CEO, CyQuantiFi. 9 years at the Australian Department of Defence building risk quantification frameworks for classified systems. Founders Institute Sydney 2026.
Related reading
- Darktrace — State of AI Cybersecurity 2026: 92% of Security Professionals Concerned About the Impact of AI Agents
- Cloud Security Alliance — Understanding ISO 42001: Responsible AI Governance in an Evolving Regulatory Landscape
- Harvard Business Review — AI Is Reshaping Cyber Risk. Boards Need to Manage the Threat.
- CyQuantiFi — Genchi Genbutsu: Why Good Cyber Risk Quantification Starts at the Substation, Not the Spreadsheet
