Notifications
Clear all
Topic starter
10/06/2026 12:03 am
TL;DR: Agentic AI systems plan, decide, and act inside enterprise environments, and a global survey cited by Lasso Security found 97% of security leaders expect a material incident this year while only 6% of budgets are allocated to the risk. Existing IAM and monitoring models struggle because agent behaviour changes at runtime and can chain across tools and data sources.
NHIMG editorial — based on content published by Lasso Security: How to Secure Agentic AI in the Enterprise: Best Practices for 2026
By the numbers:
- 97% of security leaders expect a material AI-agent-driven security incident this year, with only 6% of security budgets currently allocated to this risk.
- Only 14% of those agents are going live with full security and IT approval according to Gravitee.
Questions worth separating out
Q: How should security teams implement least privilege for agentic AI systems?
A: Security teams should scope each agent to a dedicated identity, a narrow tool allowlist, and time-bounded credentials that expire with the task.
Q: Why do agentic AI systems complicate zero trust and IAM models?
A: Agentic systems complicate zero trust because they do not behave like stable applications with fixed request patterns.
Q: What breaks when agent behaviour is monitored only through standard logs?
A: Standard logs usually capture individual events, but they do not show whether the full action chain was safe.
Practitioner guidance
- Define enforceable agent task boundaries Write policy that specifies allowed tools, writable systems, and escalation triggers for each agent role.
- Issue dedicated identities per agent role Replace shared credentials with dedicated service identities, scoped allowlists, and time-bounded tokens for sensitive operations.
- Inventory shadow agents and unapproved workflows Build a register of agents created through engineering, low-code platforms, and third-party integrations, then map each one to its tools, data sources, and owners.
What's in the full article
Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step guidance on defining agent task boundaries in policy and enforcing them at the infrastructure layer
- Detailed examples of tool allowlists, time-bounded tokens, and per-agent identity patterns for enterprise deployments
- Expanded monitoring patterns for tracing tool calls, reasoning chains, and behaviour drift across sessions
- A fuller breakdown of runtime prompt and data-flow controls for blocking malicious instructions before action
👉 Read Lasso Security's guide to securing agentic AI in the enterprise →
Agentic AI security best practices for 2026: are your controls keeping up?
Explore further
10/06/2026 2:40 am
Agentic AI is not just another NHI class. It collapses the assumption that access can be provisioned once and safely reviewed later. Identity controls for service accounts were designed for stable behaviour and predictable request patterns. That assumption fails when the actor can choose tools, reorder actions, and change behaviour mid-session. The implication is that governance has to be rethought around runtime intent, not just entitlement state.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 33% of organisations report their AI agents have accessed inappropriate or sensitive data beyond their intended scope, which means scope creep is already operational rather than theoretical.
A question worth separating out:
Q: Who is accountable when an AI agent causes an unauthorised action?
A: Accountability should sit with the system owner and the governance process that granted the agent its access, not with the agent itself. If the workflow has no owner, no approval path, and no recorded scope, responsibility becomes diffuse very quickly. Organisations need named ownership for agent identities before production use.
👉 Read our full editorial: Agentic AI security in 2026: why current controls fall short
