Agentic AI permissions: what breaks without identity guardrails?

TL;DR: A company AI assistant exposed salary data because it was granted broad access without identity guardrails, showing how agentic systems can query HR, code, and financial data without verification, logging, or purpose-bound scoping, according to Defakto Security. The core failure is not model capability but treating an actor-like system as infrastructure, which collapses existing access assumptions.

NHIMG editorial — based on content published by Defakto Security: When AI Knew Too Much, a cautionary tale about agentic systems without guardrails

By the numbers:

• 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
• Only 5.7% of organisations have full visibility into their service accounts.
• 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.

Questions worth separating out

Q: How should security teams govern agentic AI that can access enterprise data?

A: Security teams should govern agentic AI like a privileged identity with bounded purpose, not like a generic application.

Q: Why do agentic AI systems create more access risk than normal applications?

A: They create more risk because they can interpret intent and choose actions dynamically, which makes broad permissions far more dangerous than in static software.

Q: What do teams get wrong when they treat AI assistants as infrastructure?

A: They miss the fact that infrastructure controls do not automatically solve identity risk.

Practitioner guidance

• Inventory every agentic AI system Map where agentic systems exist, what data sources they can reach, and whether they can initiate actions without human approval.
• Assign a distinct identity to each AI agent Treat every agent like a privileged user or service account, with scoped access tied to purpose and context rather than broad inheritance from the hosting application.
• Enforce real-time policy at the request point Do not rely on audit logs alone.

What's in the full article

Defakto Security's full blog post covers the operational detail this post intentionally leaves for the source:

• Specific examples of how agentic AI can inherit access from underlying systems and expose sensitive data
• Practical guidance for scoping agent identities to purpose, context, and business function
• Ideas for real-time enforcement, auditability, and rate limiting when agents can act autonomously
• Training and red-teaming suggestions for end users, engineers, and security teams

👉 Read Defakto Security's analysis of why agentic AI needs identity and access controls →

Agentic AI permissions: what breaks without identity guardrails?

Explore further

View Full Forum →  |  NHI Foundation Course →