TL;DR: AI agents are already acting as first-class actors inside SaaS products, and Gartner expects 25% of enterprise breaches to stem from AI agent abuse by 2028, according to Frontegg and the cited interview. Governance now has to sit in the decision loop, because policies applied after execution begins cannot reliably contain autonomous actions.
NHIMG editorial — based on content published by Frontegg: AI agent governance and guardrails in SaaS ecosystems
By the numbers:
- Gartner predicts that by 2028, 15% of day-to-day work decisions will be made autonomously via agents.
- Gartner warns that 25% of enterprise breaches will stem from AI agent abuse.
Questions worth separating out
Q: How should security teams govern AI agents that can act autonomously in SaaS systems?
A: They should treat each agent as a distinct identity with a bounded scope, runtime policy enforcement, and a revocation path.
Q: When does AI agent governance fail in practice?
A: It fails when teams assume static permissions and after-the-fact reviews are enough.
Q: What do security teams get wrong about agent identities?
A: They often treat agent identity as a technical detail instead of a governance boundary.
Practitioner guidance
- Define agents as managed identities Assign each agent a unique credential, an owning business context, and a revocation path tied to the human or organisation it represents.
- Enforce runtime policy at the API boundary Move authorisation checks into the gateway or policy enforcement layer so the agent cannot execute before context is evaluated.
- Separate low-risk and destructive actions Require human approval, step-up checks, or narrower rate limits for destructive changes, refund flows, and data export paths.
What's in the full article
Frontegg's full article covers the operational detail this post intentionally leaves for the source:
- How to map agent entitlements to SaaS plans, permissions, and relationship-based rules in production
- How to wire runtime checks into an API gateway or policy engine without breaking user workflows
- How to structure audit logs so every agent action is linked to identity, policy, and context
- How to manage drift when agent behaviour changes after model updates or prompt interpretation shifts
👉 Read Frontegg's analysis of AI agent governance and guardrails →
AI agent governance is becoming an execution-path gap?
Explore further
Execution-path governance is now the control problem, not just access policy. AI agents do not simply consume permissions. They initiate actions, chain API calls, and move from request to execution without the human review loops that traditional governance assumes. That changes the programme from entitlement management to runtime containment. Practitioners should treat agent authorisation as a live enforcement problem, not a provisioning task.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to the AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint research.
A question worth separating out:
Q: Who should own policy decisions for AI agents in enterprise environments?
A: Ownership should sit with identity, security, and application teams together, because agent governance spans entitlement, runtime control, and audit. If any one group owns it alone, the control model fragments and policy drift becomes harder to detect. Clear accountability for the agent lifecycle is the only durable answer.
👉 Read our full editorial: AI agent governance is becoming an execution-path problem