Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI security risks: are traditional controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Agentic AI systems can call APIs, query databases, and modify production systems without human approval, creating eight risks that traditional tools often miss because the dangerous action happens inside authorized workflows, according to WitnessAI. The control problem is not just visibility but assumption collapse: review-based governance cannot reliably contain actors that decide, act, and chain tools in one session.

NHIMG editorial — based on content published by WitnessAI: Agentic AI systems and the eight cybersecurity risks they introduce

By the numbers:

  • Anthropic's internal red team showed how far that goes: a crafted prompt exfiltrated AWS credentials in 24 out of 25 attempts against its own agent, a 96% success rate.
  • Gartner’s 2026 coverage says identity is becoming more operational, distributed, and intertwined with software delivery, agents, infrastructure, and AI governance.

Questions worth separating out

Q: What breaks when AI agents can act inside business systems without human approval?

A: What breaks is the assumption that authorised access is also safe to use.

Q: Why do AI agents complicate IAM and NHI governance?

A: AI agents complicate IAM and NHI governance because they reuse legitimate credentials while making independent choices about when and how to use them.

Q: How do security teams know if agentic AI controls are actually working?

A: They know the controls are working when unsafe tool calls are blocked before execution, the audit trail shows which human initiated each action, and delegated workflows cannot silently expand their own scope.

Practitioner guidance

  • Classify every agentic session before it runs Separate chat sessions from tool-using agent sessions so policies can reflect whether the system may call APIs, read files, or modify production systems.
  • Separate high-impact actions from ordinary tool calls Require an approval boundary for irreversible operations such as database deletion, privilege changes, or external data transfer.
  • Trace every agent action back to a human originator Preserve an audit chain from the initiating user to the specific agent session, tool invocation, and downstream system action.

What's in the full article

WitnessAI's full research covers the operational detail this post intentionally leaves for the source:

  • Detailed breakdown of the eight agentic AI risk classes and how each one appears in production workflows.
  • Examples of runtime inspection points for prompts, tool calls, and agent responses before execution.
  • The distinction between discoverable agent activity and actions that only appear safe in network logs.
  • Guidance on preserving attribution from the human initiator to the downstream agent action.

👉 Read WitnessAI's analysis of eight cybersecurity risks in agentic AI →

Agentic AI security risks: are traditional controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Agentic AI creates an assumption collapse, not just a control gap. Access review processes were designed for identities whose privileges persist long enough to be observed, certified, and revoked on a human cadence. That assumption fails when the actor can choose tools, execute actions, and compound decisions within one runtime session. The implication is that governance models built around stable entitlements no longer describe the behaviour they are trying to control.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when an AI agent causes a harmful system action?

A: Accountability should follow the human originator, the agent session, and the owning control process, not stop at the agent boundary. If a team cannot map an agent action back to the person, policy, and approval path that allowed it, the governance model is incomplete and regulatory evidence will be weak.

👉 Read our full editorial: Agentic AI security risks expose the limits of traditional controls



   
ReplyQuote
Share: