Notifications
Clear all
Topic starter
25/06/2026 3:05 pm
TL;DR: AI safety and AI security need to converge, because agent autonomy changes both the control questions and the failure modes that traditional shift-left security was built to answer, according to Zenity. The separation between model alignment and operational security is no longer workable when agents make runtime decisions.
NHIMG editorial — based on content published by Zenity: Bridging AI Safety and AI Security: Reflections from the NYC AI Safety Meetup
Questions worth separating out
Q: How should security teams govern AI agents that can choose actions at runtime?
A: Treat the agent as an identity-bearing actor with bounded authority, not as a passive application component.
Q: Why do AI agents force safety and security teams to work together?
A: Because safe behaviour and secure behaviour are no longer separable in practice.
Q: What breaks when shift-left security is applied to autonomous AI systems?
A: Shift-left alone cannot govern behaviour that emerges after deployment.
Practitioner guidance
- Define runtime guardrails for agent behaviour Map which actions, tools, and data sources an agent can use, then make escalation conditions explicit before deployment.
- Unify safety and security review paths Bring model evaluation, security testing, and approval workflows into the same governance process so one team is not certifying a system that another team cannot operationally secure.
- Test agent behaviour before production rollout Evaluate how an agent responds to ambiguous prompts, conflicting goals, and unexpected tool outputs, then document where the behaviour crosses from acceptable assistance into unsafe execution.
What's in the full article
Zenity's full article covers the event-specific discussion points this post intentionally leaves at the framework level:
- Direct reflections from the NYC AI Safety Meetup and the community questions raised during the session
- The speaker lineup and the specific themes each talk brought into the safety and security discussion
- Zenity's firsthand view of how AI safety and AI security communities are converging around secure by design AI
- The practical context behind the AI Agent Security Summit mentioned at the end of the post
👉 Read Zenity's reflections on AI safety and AI security convergence for agent governance →
AI agent security and safety: can governance keep up?
Explore further
25/06/2026 4:23 pm
AI agent security cannot be treated as a pure application-security problem. The article shows why agent behaviour forces security teams to evaluate runtime decision-making, not just model deployment. That matters because tool use, action sequencing, and post-decision evidence all become part of the trust boundary. Practitioners should treat agents as identity-bearing actors whose authority must be governed, not simply monitored.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, which shows how quickly identity governance weakens when visibility and accountability fragment.
A question worth separating out:
Q: How do organisations know if AI agent governance is actually working?
A: Look for evidence that the agent stays inside approved actions, that escalation events are visible, and that reviewers can reconstruct why a decision was made. If the programme cannot explain tool use, access changes, or unusual behaviour after the fact, governance is not functioning well enough.
👉 Read our full editorial: AI agent security needs safety inputs to become secure by design
