TL;DR: NVIDIA’s OpenShell may secure runtime execution for AI agents, but it does not answer who authorises agent actions, what data they may touch, or how those decisions are continuously governed across enterprise systems, according to EnforceAuth. The core failure is assumption-based: sandboxing does not equal authorization, and machine-speed agents break control models built on static access decisions.
NHIMG editorial — based on content published by EnforceAuth: Who Decides What an AI Agent Is Authorized to Do?
Questions worth separating out
Q: How should security teams govern AI agents that can act at machine speed?
A: Security teams should govern AI agents as non-human identities with explicit owners, scoped entitlements, and per-action policy checks.
Q: Why do sandboxed runtimes not solve AI agent authorization risk?
A: Sandboxed runtimes limit where an agent executes, but they do not decide what the agent is permitted to do inside enterprise systems.
Q: What breaks when AI agent permissions are only reviewed at session start?
A: What breaks is the assumption that access remains stable long enough to be reviewed after the fact.
Practitioner guidance
- Map AI agents as governed non-human identities Inventory every agent that can access enterprise systems, then assign an identity owner, entitlement scope, and review cadence.
- Separate runtime controls from authorization controls Document which controls constrain execution environment and which controls decide whether an action is allowed.
- Enforce per-action policy evaluation Move beyond session-start approval and require policy checks before each sensitive action, including data retrieval, record updates, and downstream tool calls.
What's in the full article
EnforceAuth's full article covers the operational detail this post intentionally leaves for the source:
- How their authorization layer is intended to sit above a sandboxed runtime in enterprise deployments
- The specific policy questions the vendor says must be answered for customer data, records, and compliance contexts
- The enterprise platform scenarios the article uses to illustrate where runtime controls stop and authorization begins
- Why the vendor frames DORA and the EU AI Act as part of the governance exposure for agentic systems
👉 Read EnforceAuth's analysis of the AI agent authorization gap at enterprise scale →
AI agent authorization gaps: are runtime controls enough for IAM?
Explore further
Authorization has become the real control plane for AI agents. Runtime sandboxes reduce exposure, but they do not decide whether an agent may read a customer record, initiate a workflow, or pass data to another service. That means the critical governance question has moved above infrastructure and into decision authority, where IAM and NHI controls belong. Practitioners should treat authorization as the primary enforcement boundary for agentic systems.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to the same report.
A question worth separating out:
Q: Who is accountable when an AI agent exceeds its authorised scope?
A: Accountability sits with the organisation that delegated the access and failed to govern the agent’s decision authority. The key question is whether the business can trace the owner, policy, and approval chain for each action. If those elements are unclear, the governance failure is structural, not merely operational.
👉 Read our full editorial: AI agent authorization gaps expose a Fortune 500 governance blind spot