TL;DR: As AI agents move from generating content to taking actions, traditional controls such as DLP, RBAC, and prompt filters lose visibility into runtime behavior and cumulative context, according to Lasso Security. Intent security shifts the decision point from what the model said to whether the action belongs in context, which is now essential for governing production agents.
NHIMG editorial — based on content published by Lasso Security: Why Agentic AI Needs Intent Security
Questions worth separating out
Q: How should security teams govern AI agents that can take actions in production systems?
A: Security teams should govern AI agents as runtime actors, not just content generators.
Q: Why do traditional IAM and DLP controls fall short for agentic AI?
A: Traditional IAM and DLP controls assume risk can be judged at a point in time from one request or one response.
Q: What is the difference between content filtering and intent security for AI agents?
A: Content filtering checks whether text looks risky, while intent security checks whether the resulting action belongs in context.
Practitioner guidance
- Define runtime approval boundaries for agent actions Map which agent actions can execute autonomously, which require step-up approval, and which must be blocked even when the underlying credentials are valid.
- Instrument agent behaviour monitoring Log the full decision chain, including prompt context, retrieved data, tool calls, and downstream side effects so that drift can be detected across a session rather than inside a single prompt.
- Separate content risk from action risk Keep content inspection, but add an independent control for whether the resulting action fits the user intent, application purpose, and policy boundary.
What's in the full article
Lasso Security's full article covers the operational detail this post intentionally leaves for the source:
- How the Intent Security Framework maps user goal, application purpose, external data, and agent action into one decision model
- The specific ways prompt inspection fails once agents chain decisions across enterprise platforms
- Examples of operational drift such as wrong dataset deletion, invalid workflow execution, and policy-bypassing actions
- The report's framing for combining content inspection with behaviour evaluation in production deployments
👉 Read Lasso Security's analysis of why agentic AI needs intent security →
Agentic AI intent security: are your controls keeping up?
Explore further
Intent security is now an identity governance problem, not just an AI safety problem. The article shows that the decisive risk is not what an agent says, but what it is authorised to do at runtime across enterprise systems. That moves the governance burden from content review into action control, with implications for IAM, PAM, and access decisioning. Practitioners should treat agent behaviour as an access problem first and a model problem second.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What should organisations measure to detect drift in agent behaviour?
A: Organisations should measure whether the agent’s actions still match the user’s goal, the intended workflow, and the normal pattern for that agent or role. Changes in action sequence, tool use, or side effects are stronger governance signals than prompt content alone. That is how behavioural drift becomes visible.
👉 Read our full editorial: Why agentic AI needs intent security for runtime behavior control
Intent security is now an identity governance problem, not just an AI safety problem. The article shows that the decisive risk is not what an agent says, but what it is authorised to do at runtime across enterprise systems. That moves the governance burden from content review into action control, with implications for IAM, PAM, and access decisioning. Practitioners should treat agent behaviour as an access problem first and a model problem second.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What should organisations measure to detect drift in agent behaviour?
A: Organisations should measure whether the agent’s actions still match the user’s goal, the intended workflow, and the normal pattern for that agent or role. Changes in action sequence, tool use, or side effects are stronger governance signals than prompt content alone. That is how behavioural drift becomes visible.
👉 Read our full editorial: Why agentic AI needs intent security for runtime behavior control