Notifications

Clear all

AI agent runtime control: what security teams need now

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 5324

Topic starter 11/06/2026 10:44 pm

TL;DR: AI agents in enterprise environments created risk through inherited permissions, tool invocation, data movement, and runtime behaviour, according to Zenity’s 2025 year-in-review. The governance gap is that traditional IAM and monitoring models were built for stable identities and not for agents that decide and act during execution.

NHIMG editorial — based on content published by Zenity: Zenity 2025 Year in Review, Building AI Security for the Enterprise

By the numbers:

72% of organisations have experienced or suspect they have experienced a breach of non-human identities - 46% confirmed, 26% suspected.

Questions worth separating out

Q: How should security teams govern AI agents that inherit enterprise permissions?

A: Treat the agent as a non-human identity with runtime behaviour, not just as a model wrapper.

Q: Why do AI agents complicate traditional IAM and PAM controls?

A: Because traditional IAM and PAM assume access is relatively stable and reviewed over time.

Q: What breaks when agent visibility is not paired with runtime enforcement?

A: Teams can see that an agent exists and still fail to stop unsafe behaviour.

Practitioner guidance

Inventory every agent identity and tool path Map where agents operate across SaaS, cloud, and endpoint environments, then record which authenticated sessions, APIs, and tools each one can reach.
Move control points to execution time Require policy checks when the agent attempts an action, especially where data could be sent to an unapproved domain or a tool could change state in a critical system.
Correlate posture with runtime evidence Join entitlement data, data-flow context, and runtime anomalies into one investigation workflow so analysts can see how an issue unfolded.

What's in the full article

Zenity's full year-in-review covers the operational detail this post intentionally leaves for the source:

Environment-by-environment coverage for SaaS-managed, home-grown, and device-based agents
The Issues and Correlation Agent workflow for reconstructing agent incidents across multiple signals
Inline Prevention behaviour across Copilot Studio, Azure AI Foundry, and endpoint environments
Tool-layer coverage for MCP servers and the policy patterns used to block unsafe destinations

👉 Read Zenity's year-in-review on building AI security for the enterprise →

AI agent runtime control: what security teams need now?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

6,557 Topics

10.2 K Posts

82 Online

135 Members

Latest Post: AI-induced lateral movement: what IAM teams need to change Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies