Notifications
Clear all
Topic starter
12/06/2026 9:44 pm
TL;DR: Agentic AI systems can autonomously plan, choose tools, and execute actions across enterprise systems, which materially expands the attack surface for privilege abuse, data exposure, and untraceable decisions, according to Lasso Security. Existing IAM and governance models were built for request-response systems, not actors that can alter execution paths at runtime.
NHIMG editorial — based on content published by Lasso Security: What is Agentic AI? Benefits, Security Risks & Use Cases
Questions worth separating out
Q: What breaks when an AI agent can choose its own tools and next steps?
A: Static access reviews and pre-approved workflows break first, because they assume the actor will stay within a known sequence of actions.
Q: Why do AI agents complicate least privilege and access reviews?
A: Least privilege is harder to define when the actor can change its own execution path mid-session.
Q: How do security teams know whether an AI agent is staying within its intended scope?
A: They need evidence that the agent only calls approved tools, reaches approved data, and completes approved actions.
Practitioner guidance
- Define agent identity boundaries Assign each agent a discrete identity, map every connected tool, and document exactly which actions are allowed under that identity.
- Scope credentials to task boundaries Replace broad reusable access with narrowly scoped credentials tied to a single function, workflow, or environment.
- Instrument action-level audit trails Log goal, tool call, response, and follow-on decision as separate events so reviewers can reconstruct the agent's full execution path.
What's in the full article
Lasso Security's full guide covers the operational detail this post intentionally leaves for the source:
- Step-by-step breakdown of agent planning, tool selection, memory, and execution loops
- Detailed security risk matrix covering memory poisoning, tool misuse, privilege compromise, and traceability gaps
- Implementation guidance for observability, guardrails, and red-team testing of autonomous agents
- Examples of agentic workflows across RPA, customer service, and healthcare that security teams can use for internal planning
👉 Read Lasso Security's guide to agentic AI security risks, use cases, and controls →
AI agent identity and access: are your controls keeping up?
Explore further
13/06/2026 12:01 am
Agentic AI turns identity from a provisioning problem into a runtime control problem. The article describes systems that plan, select tools, and act across enterprise environments with minimal human intervention. That behaviour means access can no longer be assumed to stay within the boundaries defined at issuance, which is why NHI governance has to move from static entitlements to observed execution paths. Practitioners should treat each agent as an identity that can change its own privilege posture mid-session.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent causes unauthorized access or data exposure?
A: Accountability should sit with the programme that granted the agent its identity, credentials, and delegation rights, because the agent is executing through those controls. In practice, that means IAM, platform, and application owners all need a shared ownership model for agent behaviour, evidence, and remediation.
👉 Read our full editorial: Agentic AI security risks are outpacing existing IAM controls
