Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI security: are enterprise identity controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Agentic AI is moving from experimental to operational as systems begin initiating workflows, accessing systems, and modifying data without direct human prompting, while 69% of cybersecurity professionals expect AI-based vulnerabilities to outpace human misuse of AI, according to Keyfactor. Conventional automation controls were built for scripts, not actors that make decisions at machine speed.

NHIMG editorial — based on content published by Keyfactor: What Is Agentic AI Security? Governing Autonomous AI in the Enterprise

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that can act independently?

A: Security teams should treat AI agents as identities with owner, purpose, and access boundaries, then enforce task-scoped permissions, audit trails, and revocation paths.

Q: Why do autonomous AI agents create new IAM and NHI risk?

A: Autonomous agents create risk because they can select actions and trigger workflows at runtime, which breaks the assumption that access can be fully understood at provisioning time.

Q: What breaks when AI agent access is reviewed like human access?

A: Human access reviews assume an operator, a stable role, and a reviewable duration of privilege.

Practitioner guidance

What's in the full article

Keyfactor's full blog covers the operational detail this post intentionally leaves for the source:

  • The article expands on how AI agents are reshaping enterprise security strategy in practical terms.
  • It outlines why weak AI governance can erode the broader security posture when agents act autonomously.
  • It describes what successful identity and cryptographic modernization looks like for regulated environments.
  • It explains how to design human-in-command governance models for AI agents without losing traceability.

👉 Read Keyfactor's analysis of agentic AI security and digital trust →

Agentic AI security: are enterprise identity controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Agentic AI security is now an identity governance problem, not just an AI safety problem. The article makes clear that autonomous systems are beginning to initiate workflows, access systems, and modify data without direct prompting. That moves the control question from content safety to identity assurance, because the enterprise now has to decide what an AI actor is allowed to do and how that action is attributed. Practitioners should treat agentic AI as part of the IAM, PAM, and NHI perimeter, not a sidecar to it.

A few things that frame the scale:

  • 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when an AI agent causes a security incident?

A: Accountability should sit with the business owner of the agent, the platform owner that enabled it, and the security team that approved the control model. For regulated environments, evidence must show who owned the agent, what it was allowed to do, and whether revocation and audit trails were in place. Without that, attribution becomes guesswork after the fact.

👉 Read our full editorial: Agentic AI security is redefining identity, trust, and governance



   
ReplyQuote
Share: