Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent identity risk: are enterprise controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9439
Topic starter  

TL;DR: AI systems are now retrieving internal data, invoking APIs, modifying records, and triggering workflows autonomously across enterprise environments, according to Lakera's analysis and cited Gartner estimates that 15% of day-to-day work decisions will be made autonomously by agentic AI by 2028. Access review processes assume access persists long enough to be reviewed; autonomous actors can acquire and discard privileges within a single session.

NHIMG editorial — based on content published by Lakera: AI Has Stopped Asking for Permission. Has Your Security Team Noticed?

By the numbers:

Questions worth separating out

Q: What breaks when AI agents are governed like normal application accounts?

A: Normal application-account governance assumes the actor has stable intent, stable tool use, and a reviewable privilege window.

Q: Why do AI agents complicate least privilege?

A: Least privilege is usually defined at provisioning time, but agent intent is assembled at runtime from prompts, context, and tool selection.

Q: How do security teams know if an AI agent is exceeding its intended scope?

A: Look for tool calls that extend beyond the original user request, unexpected access to internal documents, or actions that chain across systems without a separate approval step.

Practitioner guidance

What's in the full article

Lakera's full article covers the operational detail this post intentionally leaves for the source:

  • The article maps the three AI exposure surfaces in more detail, including how each one changes the control design.
  • It expands on the agentic threat landscape diagram and the sequence from prompt to tool use to output.
  • It explains the AI Defense Plane concept with more implementation context for teams building layered controls.
  • It points to real-world examples from Dropbox and Nubank that show how the framework is being applied in practice.

👉 Read Lakera's analysis of AI agent identity risk and execution-layer security →

AI agent identity risk: are enterprise controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8923
 

Access review processes were designed for actors whose privileges persist long enough to be observed. That assumption fails when the actor is autonomous because access can be acquired, used, and discarded within a single session. The implication is not a new control, but a broken governance premise: review cadences no longer guarantee a reviewable state. Autonomous systems change the timing of privilege in a way human IAM and conventional NHI governance do not expect. If the actor can choose tools and act without approval gates, the old audit window closes before recertification starts. Practitioners need to recognise the collapsed assumption before they build around it.

A few things that frame the scale:

A question worth separating out:

Q: Who is accountable when an AI agent performs an unauthorized action?

A: Accountability sits with the programme that granted the agent access, defined the policy boundary, and approved the integration. If ownership is split across product, security, and platform teams, gaps appear in logging, review, and rollback. Clear ownership is the only way to assign responsibility when autonomy blurs the operator chain.

👉 Read our full editorial: AI agent identity risk is outpacing enterprise IAM controls



   
ReplyQuote
Share: