Agentic AI behavioral baselining: what IAM teams need to know

TL;DR: Agentic AI introduces memory, tool use, and execution paths that make stateless prompt inspection insufficient, while Lasso Security says its Intent Security framework evaluates behaviour across sequences of decisions, with risky actions blocked in under 50 milliseconds and detection accuracy improved by up to 80 percent. The core issue is that existing controls assume isolated interactions, but agentic systems create cumulative behavioural risk that must be governed over time.

NHIMG editorial — based on content published by Lasso Security: Introducing Intent Security, a behavioral baseline framework for agentic AI

By the numbers:

• Risky actions can be blocked in under 50 milliseconds, with broader session-level behavioral analysis completing in under five seconds.
• Detection accuracy across AI threat categories improves by up to 80 percent compared to stateless inspection models.
• The multi-model evaluation engine operates up to 570 times faster than conventional sequential approaches, enabling continuous behavioral monitoring across users, agents, and tool chains.

Questions worth separating out

Q: How should security teams govern agentic AI that can change behaviour mid-session?

A: Security teams should govern agentic AI with controls that evaluate the full decision chain, not only isolated prompts or outputs.

Q: Why do stateless AI controls fail for agentic systems?

A: Stateless controls fail because agentic systems carry memory forward, chain tool calls, and adjust plans across multiple steps.

Q: How can organisations tell whether an AI agent is drifting out of scope?

A: Look for divergence between the agent's observed actions and its historical baseline for mission, authority, and typical tool use.

Practitioner guidance

• Map agentic workflows to decision chains Document where each agent retains memory, selects tools, and changes plan across a session.
• Separate intent checks from baseline checks Validate the current request against the stated goal first, then compare the resulting behaviour against historical patterns for the same user, agent, or application.
• Attach enforcement to the execution path Design blocking, masking, and escalation so they can intervene before a harmful action completes, rather than waiting for downstream review or alert triage.

What's in the full article

Lasso Security's full research covers the operational detail this post intentionally leaves for the source:

• The step-by-step stateful evaluation flow for monitoring users, agents, tools, and applications across a live session.
• The enforcement logic behind real-time blocking, data masking, and escalation when behavioural thresholds are exceeded.
• The performance and accuracy claims that sit behind the framework, including speed, false positives, and multi-model evaluation.
• The implementation view for complex multi-agent environments that need continuous monitoring without disrupting user experience.

👉 Read Lasso Security's analysis of intent security for agentic AI environments →

Agentic AI behavioral baselining: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →