TL;DR: Agentic AI systems now connect to live data, workflows, and permissions, which expands the attack surface through prompt injection, poisoned data, excess permissions, silent misconfigurations, and over-trust, according to Illumio. The central issue is that autonomous action turns trust into a liability unless identity and containment controls constrain it continuously.
NHIMG editorial — based on content published by Illumio: Agentic AI Security, how Illumio and Netskope help you adopt it safely without trusting it blindly
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes , and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams govern AI agents that can act on live systems?
A: Treat AI agents as privileged identity-bearing actors and govern them with explicit scopes, owners, and containment boundaries.
Q: Why do AI agents create a different identity risk than traditional workloads?
A: AI agents can choose actions at runtime, which means their risk is not limited to the permissions they were given at deployment.
Q: What breaks when agent permissions are broader than the task requires?
A: Over-permissioned agents turn a local logic error into a cross-system security event.
Practitioner guidance
- Classify AI agents as privileged identity-bearing actors Inventory each agent’s credentials, tool links, and data paths, then assign an owner responsible for access scope, approval logic, and containment boundaries.
- Separate tool access from infrastructure containment Apply one control set to agent-to-tool interactions and a different one to workload segmentation and lateral movement limits.
- Limit runtime permissions to the smallest viable action set Grant only the permissions required for the current task and revoke or narrow them when the task completes.
What's in the full article
Illumio's full article covers the operational detail this post intentionally leaves for the source:
- How the Illumio and Netskope control layers are mapped across agent interactions and workload segmentation
- The specific handling of Model Context Protocol traffic inspection and access restriction in agent workflows
- How dynamic quarantine and access signalling are intended to reduce lateral movement when an agent behaves unsafely
- The article's full explanation of the dual-layer Zero Trust model for agentic AI deployment
👉 Read Illumio's analysis of agentic AI security and Zero Trust controls →
Agentic AI security and the governance gap teams are missing?
Explore further
Agentic AI security is now an identity governance problem, not just an application security problem. These systems do not merely generate content. They initiate actions, touch tools, and consume permissions in ways that change the meaning of least privilege. The practical conclusion is that IAM, PAM, and NHI governance must be applied to agent behaviour, not just to the accounts that launch the agent.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should own accountability for AI agent access and containment?
A: The organisation that authorises the agent should own accountability for its permissions, data access, and blast radius. Security, IAM, and platform teams need a shared operating model so the agent is managed as a controlled identity, not as a loosely supervised application feature.
👉 Read our full editorial: Agentic AI security expands the identity attack surface and control gap