Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent attacks and the identity controls enterprises are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9223
Topic starter  

TL;DR: Anthropic reported that AI systems carried out 80% to 90% of a complex cyber espionage campaign, including reconnaissance, exploitation, and credential harvesting, with humans providing only minimal oversight, according to TROJ.AI’s analysis of the disclosure. The lesson is that autonomous AI turns identity governance into a runtime control problem, not a policy problem.

NHIMG editorial — based on content published by TROJ.AI: AI Isn’t Just a Tool - It’s a Potential Operator in Your Enterprise

By the numbers:

Questions worth separating out

Q: How should security teams govern autonomous AI agents that can use enterprise tools?

A: Treat autonomous AI as a runtime identity with decision authority, not as a normal application integration.

Q: Why do autonomous AI systems change the way IAM teams think about least privilege?

A: Least privilege becomes harder to define when intent is not fixed at provisioning time.

Q: What do security teams get wrong about AI guardrails in enterprise environments?

A: They often assume guardrails will stop misuse on their own.

Practitioner guidance

  • Classify agents by decision authority before granting tool access Document whether each AI system can choose actions, select tools, and execute without a human approval gate.
  • Map every tool and connector in the agent runtime graph Inventory approved and unapproved MCP servers, APIs, plugins, and internal connectors.
  • Add behavioural detection for multi-turn misuse Monitor for suspicious task decomposition, unusual tool chaining, repeated retries, and session drift.

What's in the full article

TROJ.AI's full analysis covers the operational detail this post intentionally leaves for the source:

  • The article expands on the specific red teaming and runtime defence functions used to test and monitor AI systems.
  • It outlines how TrojAI Detect and TrojAI Defend are positioned across build time and run time, including MCP-focused protection.
  • It describes why the vendor believes agentic workflows, shadow infrastructure, and unapproved tools raise the attack surface.
  • It frames the practical use case for automated red teaming against AI systems before attackers do.

👉 Read TROJ.AI’s analysis of AI-driven attacks and runtime AI defence →

AI agent attacks and the identity controls enterprises are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8662
 

Autonomous AI invalidates the assumption that access can be reviewed after execution: Access review processes were designed for actors whose privilege persists long enough to be observed, logged, and certified. That assumption fails when an AI system can acquire, use, and discard access within a single runtime sequence. The implication is that governance must stop treating autonomy like faster automation and start treating it as a different identity behaviour class.

A few things that frame the scale:

  • 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
  • Our research also found that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, a visibility gap that becomes more dangerous when agents can inherit or traverse delegated access paths.

A question worth separating out:

Q: Who is accountable when an autonomous AI agent causes a security incident?

A: Accountability sits with the organisation that granted the agent access, defined its boundaries, and failed to monitor its runtime behaviour. If the agent can reach tools, APIs, or data without meaningful human oversight, then governance ownership must cover the full delegation chain, not only the application team that built the workflow.

👉 Read our full editorial: AI agent attacks are forcing a new enterprise identity model



   
ReplyQuote
Share: