AI agent security and IAM controls: are your guardrails enough?

TL;DR: AI agent security expands the attack surface because agents can act across tools, APIs, and workflows, with risks including prompt injection, excessive permissions, supply chain compromise, and weak runtime monitoring, according to WitnessAI. Traditional IAM controls still matter, but autonomous execution makes policy, observability, and accountability the decisive control plane.

NHIMG editorial — based on content published by WitnessAI: AI Agent Security and the controls needed to protect agentic systems

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams govern AI agents that can use enterprise tools?

A: Security teams should govern AI agents as active identities with named ownership, task-scoped permissions, runtime monitoring, and explicit revocation paths.

Q: Why do AI agents create more identity risk than chatbots?

A: AI agents create more identity risk because they can do more than produce text.

Q: What do organisations get wrong about least privilege for AI agents?

A: They often apply least privilege to the initial login while ignoring the tools and data the agent can reach during execution.

Practitioner guidance

• Classify agents as governed identities Place every production agent into the identity inventory with a named owner, declared purpose, and explicit access boundary.
• Scope tool access to task boundaries Remove broad, reusable permissions from agent-linked credentials and replace them with task-scoped access to specific APIs, datasets, and endpoints.
• Monitor runtime actions, not only sign-ins Log agent tool calls, data reads, writes, and repeated automation loops, then alert on behaviour that deviates from the declared task.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• Specific control patterns for runtime observation of agent actions, API calls, and outputs
• The article's breakdown of guardrails for prompt injection, excessive permissions, and workflow abuse
• Practical guidance on combining zero trust principles with incident response for compromised agents
• The vendor's framing of how to protect models, applications, and agents within one platform context

👉 Read WitnessAI's analysis of AI agent security and runtime control →

AI agent security and IAM controls: are your guardrails enough?

Explore further

View Full Forum →  |  NHI Foundation Course →