The rise of Agentic AI—autonomous systems capable of executing tasks with self-directed decision-making—presents transformative potential for cybersecurity operations. However, as these systems begin to operate across threat detection, response orchestration, and policy enforcement, they introduce novel attack surfaces, decision-making opacity, and governance complexity. This paper introduces the Model–Control–Policy (MCP) framework as a structured approach to governing agentic AI workflows in cybersecurity. Through deep technical analysis, case studies including autonomous SOC agents and adaptive threat mitigation bots, and an evaluation of existing controls (e.g., explainability, human-in-the-loop, red-teaming), we explore how governance strategies must evolve to meet this new paradigm. We also propose specific policy recommendations and architectural safeguards to ensure accountability, resilience, and trust in AI-driven cybersecurity systems.