Likelihood: MODERATE
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is moderate because exploitation of agentic AI supply chain gaps does not require a novel attack — adversaries can compromise upstream model providers or plugins through established techniques, and the governance gap means organizations lack detection capability rather than lacking exposure; impact is high because autonomous agents operating on compromised logic or exfiltrating through approved API channels can affect broad business workflows, sensitive data, and regulatory standing before any alert fires.
Treatment rationale: The risk stems from a structural governance and visibility gap — the absence of AI BOM controls — which is directly addressable through inventory, provenance tracking, and runtime permission scoping, making mitigation the appropriate primary treatment rather than transfer or acceptance of an undefined blast radius.
Third-Party / Supply-Chain Risk
Exposure is inherently multi-party: agentic AI systems embed third-party foundation models, fine-tuned layers sourced from external providers, and plugins with runtime tool permissions that extend into enterprise systems. Per NIST SP 800-161, organizations lack the component inventory required to assess, monitor, or respond to supplier compromise events — when an upstream model provider or plugin vendor is compromised, there is no documented dependency map to scope the impact or isolate affected agents. Shared platform exposure (cloud-hosted model APIs, model-as-a-service providers) amplifies this because the same compromised upstream component may affect multiple enterprise workflows simultaneously.
Loss Exposure (illustrative)
Magnitude: High — illustrative $500K–$5M per realized supply chain compromise event, reflecting scope of autonomous agent access across enterprise workflows, potential data exfiltration volume, and regulatory exposure in jurisdictions with maturing AI governance requirements.
Frequency: Illustrative 1-in-5 to 1-in-3 year event frequency for an organization with material agentic AI deployment and no AI BOM controls in place, given increasing adversary interest in AI supply chain vectors and the structural invisibility of the gap.
Annualized: Illustrative ALE: $100K–$1.67M annually, derived from loss magnitude midpoint (~$2.75M) multiplied by illustrative frequency (0.2–0.33); range is wide due to high variance in agent scope and data sensitivity across organizations.
Basis: Magnitude driven by: autonomous agent access breadth (agents operating across business workflows implies wide lateral reach), absence of detection (no AI BOM means no isolation capability, extending dwell time and exfiltration window), and regulatory cost layer (AI governance enforcement is nascent but accelerating). Frequency driven by: governance gap is present now and exploitable through existing supply chain attack patterns; no active KEV listing moderates frequency from high to the lower end of moderate. Figures are illustrative constructs from these factors — no external benchmark or third-party report data was incorporated.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Autonomous agent exfiltration of personal or regulated data through approved API channels, undetected due to absence of AI BOM controls, may invoke data breach notification obligations under applicable privacy regulations — verify with counsel.
• Compromised agentic AI executing business workflows on behalf of the organization may implicate representations or warranties in vendor agreements or AI service contracts regarding acceptable use and security controls — verify with counsel.
• Regulatory AI governance frameworks maturing globally (EU AI Act, emerging U.S. sector guidance) may create compliance obligations tied to AI system documentation and provenance that interact with existing cyber insurance policy conditions — verify with counsel and broker.