Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent production incidents: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9223
Topic starter  

TL;DR: Recent incidents at Meta and Amazon showed AI agents exposing sensitive data and causing a 13-hour outage when they were trusted like human engineers without equivalent controls, according to HiddenLayer. The underlying failure is that access review, approval, and context controls were built for stable human behaviour, not autonomous runtime decisions.

NHIMG editorial — based on content published by HiddenLayer: AI Agents in Production: Security Lessons from Recent Incidents

By the numbers:

Questions worth separating out

Q: What breaks when AI agents are given human-level access without human-level controls?

A: The failure is blast radius.

Q: Why do AI agents complicate access governance more than ordinary automation?

A: Because they interpret goals and choose actions at runtime.

Q: What do security teams get wrong about agentic AI risk?

A: They often focus on the model and ignore the identity path.

Practitioner guidance

  • Define agent-specific authorisation boundaries Map each agent to a narrow task scope, separate from the privileges used by human engineers, and deny access to systems that are not required for the immediate job.
  • Require human approval for destructive actions Block irreversible changes, sensitive-data exposure, and environment-wide operations until a human reviewer explicitly approves the exact action path.
  • Instrument full agent session telemetry Capture tool calls, accessed data, intermediate outputs, and executed actions so investigators can reconstruct the exact sequence of decisions after the fact.

What's in the full report

HiddenLayer's full research covers the operational detail this post intentionally leaves for the source:

  • A fuller incident-by-incident timeline for the Meta and Amazon examples, including how the control failures surfaced in production.
  • More detail on the difference between runtime visibility, investigation, and enforcement for agent sessions.
  • Specific discussion of prompt injection as an agent context-layer attack surface, including where it bypasses ordinary access governance.
  • The source article’s framing of staged rollout and sandboxing for production agent deployments.

👉 Read HiddenLayer's research on AI agents in production and the security lessons from recent incidents →

AI agent production incidents: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8662
 

Autonomous agent governance is now an identity problem, not just an AI safety problem. The article shows that the control failure is not model quality alone, but the combination of runtime decision-making and human-grade trust. IAM and PAM programmes that still assume a stable operator behind the action path will miss the real failure mode. Practitioners need to govern the actor type, not just the application layer.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint.

A question worth separating out:

Q: Who is accountable when an AI agent causes a data exposure or outage?

A: Accountability stays with the organisation that granted the access and defined the operating model. If an agent is allowed to act without equivalent controls, the incident is a governance failure, not just an isolated user mistake.

👉 Read our full editorial: AI agent production incidents expose the governance gap



   
ReplyQuote
Share: