TL;DR: AI agents are software tools that plan actions, retrieve data, call APIs, and execute workflows across enterprise systems, which makes their identity, permission, and monitoring model materially different from deterministic automation, according to Lasso Security. The core issue is that conventional IAM assumes stable, reviewable access, while agents can chain actions across tools and drift beyond intended scope within a single task.
NHIMG editorial — based on content published by Lasso Security: How to Secure AI Agents in the Enterprise: Visibility, Governance & Risk Control
By the numbers:
- Gartner projects that 40% of enterprise applications will include task-specific AI agents by the end of 2026, up from less than 5% in 2025.
- Only 54% of enterprises fully understand what data their AI agents can access, and just 44% have formal governance policies in place.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
Questions worth separating out
Q: How should security teams implement least privilege for AI agents?
A: Treat each agent as a distinct software identity with separate read, write, and execute boundaries.
Q: Why do AI agents create more governance risk than traditional automation?
A: Traditional automation follows fixed rules, which makes access easier to predict, test, and certify.
Q: What do teams get wrong about monitoring AI agents?
A: Teams often log only final outputs and miss the decision path that produced them.
Practitioner guidance
- Inventory every AI agent and connected tool Build a live register of agents, their prompts, data sources, OAuth scopes, APIs, and SaaS integrations.
- Separate read, write, and execution authority Do not grant agents bundled access across messaging, documents, ticketing, analytics, and code systems.
- Log the full agent decision path Capture prompts, retrieved context, tool calls, and final outputs in one trace so investigators can reconstruct how a task unfolded.
What's in the full article
Lasso Security's full analysis covers the operational detail this post intentionally leaves for the source:
- Step-by-step agent discovery across SaaS platforms, APIs, and orchestration layers
- Examples of how different enterprise use cases expand permission scope and data exposure
- Guidance on prompt injection, tool misuse, and behavioural monitoring at the implementation level
- Practical examples of how agent permissions and audit logs are mapped in real environments
👉 Read Lasso Security's analysis of how to secure AI agents in the enterprise →
AI agent governance gap: are your controls keeping up?
Explore further
Dynamic tool use has created an identity governance problem that conventional IAM does not fully model. The article shows that agents do not simply consume access, they select tools, retrieve data, and execute workflows in context. That means the control plane has to account for runtime behaviour, not just assigned entitlements. The practitioner conclusion is that access governance for agents is now a first-class identity domain, not an extension of application security.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How should organisations respond when an AI agent inherits access across multiple systems?
A: They should re-evaluate whether the inheritance model is actually necessary and then break the access into smaller, task-scoped permissions. If the agent can reach documents, tickets, chat, and databases from one identity, the blast radius is too large for effective governance. Cross-system reach should be treated as a privileged design choice, not a default.
👉 Read our full editorial: AI agent identity risk is outpacing enterprise IAM controls
Dynamic tool use has created an identity governance problem that conventional IAM does not fully model. The article shows that agents do not simply consume access, they select tools, retrieve data, and execute workflows in context. That means the control plane has to account for runtime behaviour, not just assigned entitlements. The practitioner conclusion is that access governance for agents is now a first-class identity domain, not an extension of application security.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How should organisations respond when an AI agent inherits access across multiple systems?
A: They should re-evaluate whether the inheritance model is actually necessary and then break the access into smaller, task-scoped permissions. If the agent can reach documents, tickets, chat, and databases from one identity, the blast radius is too large for effective governance. Cross-system reach should be treated as a privileged design choice, not a default.
👉 Read our full editorial: AI agent identity risk is outpacing enterprise IAM controls