TL;DR: Autonomous AI agents are already operating with real credentials, and Gartner projects that by 2028 a third of enterprise software will embed agentic AI while 15% of day-to-day work decisions may be made autonomously. Identity controls still verify who signed in, but they do not detect when an agent’s behaviour has been manipulated or drifted off task, making behaviour monitoring the missing control layer.
NHIMG editorial — based on content published by Gurucul: Why Behavioral AI Is the Key to Securing Your Agentic Workforce
By the numbers:
- Gartner projects that by 2028, a third of enterprise software will embed agentic AI, up from less than 1% in 2024.
- Gartner expects 15% of day-to-day work decisions will be made autonomously by agents by 2028.
- Gartner expects AI agents to outnumber human sellers by tenfold by 2028.
Questions worth separating out
Q: How should security teams monitor AI agents after they authenticate?
A: Security teams should monitor AI agents continuously after authentication by comparing live behaviour to a baseline for that specific task, system, and time.
Q: Why do autonomous agents create a different risk profile than normal automation?
A: Autonomous agents create a different risk profile because they can make independent decisions inside a session, use valid credentials, and still take harmful actions without a human approving each step.
Q: What do teams get wrong about prompt injection and agent security?
A: Teams often treat prompt injection as a content issue instead of an identity and runtime governance issue.
Practitioner guidance
- Baseline each agent’s normal query and transfer patterns Track what each autonomous agent accesses, how often it acts, which destinations it reaches, and how much data it moves.
- Correlate task content with runtime behaviour Do not rely on successful authentication alone.
- Stitch anomalous steps into one incident timeline Connect document ingestion, query expansion, and outbound transfer into a single investigation path so analysts can see the full chain rather than isolated benign events.
What's in the full article
Gurucul's full blog covers the operational detail this post intentionally leaves for the source:
- The behavioral fingerprinting model used to baseline autonomous agents across query, transfer, and destination patterns.
- The incident correlation method that links file ingestion, anomalous access, and outbound movement into one timeline.
- The live risk scoring and response workflow that can isolate an agent or escalate an alert when behaviour changes.
- The product dashboard view showing how shadow AI and agent risk are surfaced in practice.
👉 Read Gurucul’s analysis of behavioural AI for agentic workforce security →
AI agent behavior monitoring: what IAM teams need to change?
Explore further
Behavioural monitoring is becoming the missing control plane for agentic identity. Identity systems can still confirm that a credential is valid, but they cannot tell whether the actor behind it has been manipulated into a harmful action path. Once agents operate with legitimate access, the question is no longer who signed in, but whether the runtime sequence is still aligned to the authorised task. Practitioners should treat behaviour as a first-class identity signal.
A few things that frame the scale:
- 79% of organisations have experienced secrets leaks, with 77% of these incidents resulting in tangible damage, according to the Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: What should organisations do when AI agent behaviour becomes suspicious?
A: Organisations should isolate the agent, review the full action sequence, and verify whether the behaviour shows a change in destination, volume, or task scope. If the agent is moving beyond its normal pattern, treat it as a live identity risk and contain it before the session completes or data leaves the environment.
👉 Read our full editorial: Behavioral AI is reshaping control for agentic workforce identities