AI agent drift and runtime authorization: are your controls ready?

TL;DR: Enterprises are moving AI agents into load-bearing workflows where a binary kill switch can create a second incident by breaking regulated processes, according to Cerbos. The real governance problem is runtime authorization and scoped revocation, because agent drift can happen inside the same operational window that legacy IAM review cycles assume.

NHIMG editorial — based on content published by Cerbos: AI agent governance needs a dimmer switch, not a kill switch

By the numbers:

• The IBM Cost of a Data Breach Report 2024 puts breaches in regulated industries materially above the cross-industry average, with healthcare leading every year for more than a decade.

Questions worth separating out

Q: What breaks when organisations use a kill switch for AI agent governance?

A: A kill switch can stop the agent, but it also stops the workflow, drops context, and can create a new operational or compliance incident.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate identity controls because their risky behaviour often happens during execution, after provisioning-time approvals have already been granted.

Q: How do security teams know whether AI agent governance is actually working?

A: A working programme can show what policy was in effect at the time of each decision, how access changed during an incident, and whether the workflow stayed within approved boundaries.

Practitioner guidance

• Define graded restriction states for AI agents Pre-build policy states that move an agent from full access to read-only, then to tightly scoped tool use, and finally to no write capability.
• Put policy enforcement in the request path Use externalised authorization so each agent action is checked against current policy at execution time.
• Separate drift handling from compromise handling Write incident procedures that distinguish an agent drifting outside its authorised plan from an agent being actively compromised.

What's in the full article

Cerbos's full guide covers the operational detail this post intentionally leaves for the source:

• Policy enforcement architecture for AI agent request paths and externalised authorization
• Practical examples of scoped access reduction from full access to read-only and then to zero
• How to preserve audit trails for incident response, SOC 2, ISO 27001, HIPAA, and PCI DSS
• Shared vocabulary teams can use when explaining drift, containment, and policy changes to executives

👉 Read Cerbos's guide to runtime authorization for AI agent governance →

AI agent drift and runtime authorization: are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →