TL;DR
Chances are your enterprise AI is moving a lot faster than your visibility into it, and Alison Cossette, Founder and CEO of ClariTrace, has a lot to say about that. She breaks down the risk debt that's quietly piling up and what leaders need to put in place before something goes wrong.
Here’s a question worth sitting with: if your AI systems went sideways tomorrow, would you know?
And I’m not talking about after a customer complaint or a compliance flag. Like, actually know - in real time with enough context to understand why?
If you already see the problem here, great! That's exactly why we made this episode.
We sat down with Alison Cossette, Founder and CEO of ClariTrace, on the Curiouser & Curiouser podcast and she had a lot to say about it.
And we’re so glad she did.
Because the conversation she and Mo had is one that a lot of leaders need to be having right now.
The Risk Debt You’re Already Sitting On
There was a time when deploying AI meant months of validation, data integrity checks, compliance reviews, and enough testing to make your engineers question their life choices.
Then generative AI showed up and, let’s just say, the rigor isn’t quite keeping up with the velocity.
And look, it’s not like everyone is being reckless. The pressure to move is real. But there's a difference between understanding your business risk and understanding your AI risk, and a good chunk of organizations are only fluent in one.
That's the risk debt Alison keeps coming back to. It's not something that shows up on a balance sheet, but it's quietly building in every organization that has deployed agents without the infrastructure to understand what those agents are actually doing. As Alison puts it, you can't govern what you don't understand. So what are most organizations doing about it? Reaching for guardrails.
Why Bolt-On Guardrails Aren’t Enough
Here's the thing about guardrails...
They've become the default answer to AI risk and honestly it makes sense, right? I mean, they're tangible, they're deployable, and they give you something concrete to point to when someone asks what you're doing about it. But what Alison is really asking in this episode is whether they're enough on their own, especially now that we're in a world where agents are collaborating, running overnight, and pursuing goals in ways that are genuinely hard to anticipate.
That's the gap she's focused on. Not whether you have protection in place, but whether you have visibility into everything happening around it.
In this clip, Alison breaks down why guardrails made a lot of sense before agentic AI, and why the rules of the game have fundamentally changed since.
The bowling alley works great as a mental model until, plot twist, the balls can fly. And believe it or not, in agentic systems, they can fly.
So the question stops being "did we block the bad output" and starts being "do we actually understand where this system is heading and why." For some enterprises right now, the honest answer to that second question is, unfortunately, no.
What You Actually Need: Observability + Traceability
When Alison talks about what enterprises are actually missing, she keeps coming back to two things. And look, I know these terms get thrown around a lot so let's actually define them.

Traceability is the unit level. The ability to follow a decision or outcome from an AI back through all the agents, all the data sources, all the way to the origin of that data. The full decision path, traced end to end. Observability is one layer up. Not just seeing all the traces and movement, but understanding what they mean. Drift in an agentic system is not one anomalous output. It is a pattern crossing a threshold. The signal to watch is not whether something looks obviously wrong. It is the velocity of change. How fast is something shifting and what is driving it? By the time it looks wrong, you are probably already behind.
Three Things to Implement Now
So, where do you actually start?
Alison's answer isn't a 40 page framework or a massive budget ask. It's three things:

And honestly? None of this is out of reach. The only question is whether you get ahead of it now or wait until something forces your hand.
Where to Go From Here
Listen, Alison isn't doom and gloom about where we are, she's actually pretty clear that the path forward exists and that the organizations willing to take it seriously now are going to be in a much better position than the ones that wait.
You can catch the full conversation on Spotify or Apple Podcasts.
For those of you already thinking about what this looks like inside your own stack, WonderFence gives you the runtime visibility layer Alison is describing, and WonderCheck makes sure that protection holds up as your AI changes over time. Which, if you've been paying attention, is kind of the whole point!
Stay curious.
Related Reading
- WonderFence: Runtime AI Oversight
- Key Security Risks Posed by Agentic AI and How to Mitigate Them
- The OWASP Top 10 for Agentic AI, Explained
What’s New from Alice
Curiouser Soundbites: What a Former Google Cloud CISO Wants Leaders to Know About AI
Everyone's watching the flood of new AI vulnerabilities. Former Google Cloud CISO Phil Venables is watching something else, and it's the shift leaders can't afford to miss.
The Former Google Cloud CISO's Take on AI, Agents, and What Comes Next
There's a lot of noise around AI and security right now, and not many people who can cut through it the way Phil Venables can. He was CISO at Goldman Sachs, then the first CISO for Google Cloud, and he's now a partner at Ballistic Ventures. In this episode, he tells us why attackers scaling up worries him more than the vulnerabilities themselves, what trust even means when an agent is acting in your environment, and why the answer to most of this comes back to the same fundamentals we've leaned on for years.
It Takes AI to Break AI: The Case for AI Red Teaming
As AI systems gain autonomy, organizations need security approaches built specifically for AI behavior. Learn why AI-driven red teaming is becoming a critical defense layer.
Demystifying AI Red Teaming
Your AI passed every check. That doesn't mean it's safe. Learn how to red team AI systems before adversaries find the gaps you missed.

