AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

Derek Fisher on AI Governance, AI Agents & MCP Risk

ClearTech Research / Jo Peterson Season 3 Episode 3

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 14:06

AI governance is no longer just a policy conversation. As AI moves into business workflows, sanctioned platforms, employee tools, local models, agents, and third-party services, organizations need to understand where AI is being used, what it can access, who approved it, and who owns the outcome when something goes wrong. 

In this episode of ClearTech Loop, Jo Peterson speaks with Derek Fisher, founder of Securely Built, cybersecurity educator, author, and Director of Temple University’s Cyber Defense and Information Assurance Program. 

Derek brings a practical security lens to AI governance, AI agents, and third-party MCP risk. The conversation covers why governance needs clear ownership, how organizations should think about AI agents as non-human actors with access and authority, and why MCP servers and AI-enabled services should be evaluated through a third-party risk management lens. 

This episode is especially relevant for security leaders, technology leaders, compliance teams, and business executives trying to move AI from experimentation into controlled, accountable use. 

In This Episode:

  • Why many organizations still do not know where AI is being used 
  • Why AI governance needs executive ownership, cross-functional standards, and business accountability 
  • How AI agents create new access control and auditability challenges 
  • Why agents should be treated more like privileged non-human actors than simple tools 
  • What organizations should ask before adopting third-party MCP servers or AI-enabled services 
  • Why AI governance is not about slowing the business down, but making the approved path usable enough that people follow it 

Key Questions:

  1. How do we operationalize AI governance, and who is legally accountable when an AI agent makes an unauthorized decision? 
  2. How do we prevent agents from executing actions the user should not be allowed to perform? 
  3. How do organizations verify the authenticity and security of third-party MCP servers and services? 

Featured Guest:
Derek Fisher 
Founder, Securely Built 
Director, Cyber Defense and Information Assurance Program, Temple University 

Derek Fisher is a cybersecurity leader, educator, author, and speaker with experience across product security, secure software development, governance, risk management, regulatory compliance, incident response, and cybersecurity education. 

Host:
Jo Peterson 
CIO, Clarify360 
Chief Analyst, ClearTech Research 

Additional Resources: 

  • Securely Built 
    https://securelybuilt.substack.com/ 
  • The Application Security Program Handbook https://www.manning.com/books/application-security-program-handbook 
  • Derek Fisher on SecureWorld News 
    https://www.secureworld.io/industry-news/author/derek-fisher 
  • Your AI Coding Assistant Has Root Access—and That Should Terrify You https://www.secureworld.io/industry-news/your-ai-coding-assistant-has-root-access 

Watch More ClearTech Loop: 

Subscribe to ClearTech Research on YouTube: 
https://www.youtube.com/@ClearTechResearch 

Stay in the Loop

Follow ClearTech Research for more conversations on cybersecurity, AI governance, cloud, enterprise technology, and emerging risk.

🎧 Listen: In Buzzsprout Player
Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/