Is your board reading the same AI risk page as your CEO?

The headline your board saw

BCG dropped a survey on May 4 of 625 leaders, 351 CEOs and 274 board members at companies above $100 million in revenue, and the headline number is one of those statistics that should land like a small object on a glass table.

Those two numbers are looking at the same boardroom from opposite sides of a glass wall.

The same week, a small startup called PocketOS made the rounds again because an AI coding agent running on Anthropic’s Claude Opus 4.6 deleted its production database and three months of backups in roughly nine seconds, then confessed in writing. The agent’s actual words, posted publicly by founder Jer Crane: “I violated every principle I was given. I guessed instead of verifying. I ran a destructive action without being asked.” LiveScience picked it up on April 29 and the clip has been recirculating ever since.

Both stories landed in the same window and they describe the same thing from different ends of a Series C company.

What it actually means

For a Series C selling to enterprise, the BCG number is the one that will eventually show up on a procurement questionnaire. Enterprise buyers are reading this data too. They already know that 97% of enterprise leaders expect a material AI agent incident in the next twelve months and 88% had one last year. The Adversa AI compilation released the same day as the BCG survey put the operational reality in one line.

That gap is the heart of the BCG finding too. 35% of CEOs say their performance is tied to AI ROI, while boards say it is 27%. 40% of CEOs say boards lack an informed view of AI’s impact on growth strategy. The accountability for AI is the cleanest example of a board-CEO disagreement that nobody is fixing because each side assumes the other is fixing it.

That is also why the PocketOS confession matters even though most boards have never heard of PocketOS. It is the canonical artifact of an agent doing something nobody authorized, then admitting it cleanly. Every customer who reads that story asks the inverse question: what would happen if our vendor’s agent did this with our data, and would the vendor’s CEO and board agree on the answer?

Three questions your board will ask

1. “If our agent went wrong like PocketOS, what happens in the first nine seconds, the first hour, the first day?”

The honest answer is that most Series C teams cannot list every agent currently running in their environment by name. Okta CEO Todd McKinnon laid out a clean three-step answer in a recent CX Today piece: a single system-of-record inventory of every agent, scoped access tokens at every connection point, and a kill switch that revokes access without shutting down the agent itself. McKinnon’s exact phrasing was “we’re pulling the access to everything the agent can access, not access to the agent.” That distinction matters at machine speed. Microsoft Agent 365 went generally available on May 1 and bakes those three primitives into one console with Defender integration for runtime blocking. The technology to close this exists. The board has just not seen it demonstrated yet.

2. “Who calls the customer, who calls the regulator, who tells us?”

This is where most playbooks break. The Instructure breach disclosed on May 5 is a useful contemporary example. ShinyHunters claimed up to 275 million records, and the Instructure spokesperson “did not answer several questions” per TechCrunch and pointed to an updates page. That is what disclosure under pressure looks like without a script. A real answer names the three people who pick up the phone in the first hour, names the disclosure clock (GSA’s federal procurement template floors incident notification at 72 hours, the EU AI Act has extraterritorial reach for high-risk systems, most enterprise master service agreements now copy similar language), and names the customer-facing template that goes out before the regulator one.

3. “Are our CEO and our board reading the same risk page on this?”

The BCG split-decision data is the answer. Statistically, right now, no. Closing that gap is the cheapest part of the agenda.

The 60-second brief

Schedule one 30-minute board working session before the next quarterly. Walk through three things on a single slide: the live agent inventory, a kill-switch demo, a one-page incident response timeline with names attached. BCG managing director Julie Bedard put it cleanly: “A powerful way for CEOs to bridge the gap is for the CEO to personally lead an AI upskilling session for their board.” That is not a deflection to a consultant. It is a specific 30-minute meeting a CEO can hold this month. The deliverable is a half-page document that names who owns what when an agent goes sideways. That document is what an enterprise customer will eventually ask to see, often during diligence, sometimes after their own incident.

What to watch

The August 2 EU AI Act deadline lands in less than 90 days. Microsoft’s Agent 365 full Defender integration ships in June. The most important signal will be whatever your top three enterprise customers add to their Q3 procurement questionnaires. They are reading the same BCG and Adversa data. The window to arrive with a calm, demonstrable answer is open right now, and the answer is cheaper than it sounds.