Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent application perimeter: is your governance model keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9439
Topic starter  

TL;DR: AI agents can book meetings, triage incidents, ship code, and approve purchases by chaining tool calls across apps, making the application itself the attack surface, according to Andromeda Security. The decisive gap is that governance must evaluate the human, agent, and action together in real time, because legacy role assignments and reactive controls cannot keep pace with agent execution.

NHIMG editorial — based on content published by Andromeda Security: AI Agent Security, The Application Perimeter

By the numbers:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).

Questions worth separating out

Q: How should security teams govern AI agents that can call multiple applications?

A: They should govern the applications and tool calls, not just the agent identity.

Q: Why do AI agents complicate traditional access control models?

A: Agents complicate access control because they can chain tool calls across systems, discover new endpoints at runtime, and act faster than reactive controls can respond.

Q: What breaks when teams only review the human or the agent?

A: You miss the full risk context.

Practitioner guidance

  • Define governed application perimeters Inventory the applications that expose callable tools, APIs, or workflows an agent can reach, then classify them by business sensitivity and abuse potential.
  • Enforce triad-based authorisation Require the human sponsor, agent identity, and requested action to be evaluated together at runtime before a tool call is approved.
  • Build composable policy for agent actions Encode reusable rules for sponsor context, agent scope, and application risk so approvals are consistent across teams and workloads.

What's in the full article

Andromeda Security's full article covers the operational detail this post intentionally leaves for the source:

  • How the policy engine is intended to evaluate the human, agent, and action triad in real time
  • The application-centric onboarding model for treating each app as a governed tool surface
  • The article's reasoning on how group-level intent can be turned into enforceable access decisions
  • The vendor's description of how human context changes the rules governing agent actions

👉 Read Andromeda Security's analysis of AI agent security and the application perimeter →

AI agent application perimeter: is your governance model keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8923
 

AI agent security is really application security with identity semantics attached. The article is right to move the control boundary from the agent as a generic actor to the applications it can reach. That reflects a deeper field reality: once agents can discover tools and chain calls across systems, the app becomes the operative perimeter and identity becomes the decision fabric. Practitioners should treat the application layer as the control plane for agentic access, not as a downstream integration detail.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.

A question worth separating out:

Q: Who should own AI agent governance in an IAM programme?

A: Ownership should sit across IAM, NHI, and application security because the control problem spans identity, entitlement, and tool surfaces. The practical model is shared accountability with clear runtime decision rules, so the agent's reach, the user's context, and the application's sensitivity are governed together.

👉 Read our full editorial: AI agent security needs an application perimeter, not just controls



   
ReplyQuote
Share: