TL;DR: AI agents are expanding enterprise attack surface faster than visibility and policy models can adapt, with one source citing Gartner’s projection that 40% of applications will embed agents by end-2026 and Microsoft finding generative AI involved in 32% of data security incidents. The governing issue is not tool novelty but whether identity and segmentation controls can bound autonomous reach before compromise turns into lateral movement.
NHIMG editorial — based on content published by Illumio: Why OpenClaw (Formerly Known as Clawdbot) Is a Wake-Up Call for AI Agent Security
By the numbers:
- Gartner projects that 40% of enterprise applications will embed AI agents by the end of 2026, up from under 5% in 2025.
- The OWASP Foundation recognized this shift when it released the Top 10 for Agentic Applications in late 2025.
- According to PwC, 79% of organizations have already adopted AI agents to some degree.
Questions worth separating out
Q: What breaks when AI agent access is not observed before policy is applied?
A: When teams try to govern AI agents without first observing real traffic, they usually secure the wrong paths.
Q: Why do AI agents complicate Zero Trust and least-privilege models?
A: AI agents complicate these models because they combine legitimate access with runtime action selection.
Q: What do security teams get wrong about securing AI agents?
A: The most common mistake is treating agents like ordinary automation or just another application workload.
Practitioner guidance
- Inventory every AI agent identity and its actual reach Build a register of agents, the credentials they use, the APIs they call, and the data stores they touch.
- Map agent behaviour before writing enforcement policy Use network and application telemetry to establish which services each agent truly needs, then set boundaries around those paths.
- Replace broad access with task-scoped permissions Limit each agent to the smallest service set required for its role and remove reusable access that spans unrelated systems.
What's in the full article
Illumio's full article covers the operational detail this post intentionally leaves for the source:
- The observed traffic and communication patterns used to justify the visibility-first approach to agent governance.
- The segmentation workflow that the vendor describes for limiting agent reach across clouds, SaaS, and on-premises systems.
- The practical examples of how legitimate agent access can be reduced to task-scoped network zones and services.
- The article's discussion of how compromise changes once an AI agent is constrained by real-time enforcement.
👉 Read Illumio's analysis of OpenClaw and AI agent security controls →
AI agent security and segmentation: are controls keeping up?
Explore further
AI agent governance is now a least-privilege problem with insider semantics. The article's core point is that agent identities are trusted by design, yet they can be hijacked and redirected at runtime. That makes them structurally different from ordinary workload identities because the same credential can be used for intended work and attacker-controlled activity. Practitioners should stop thinking about agents as feature add-ons and start treating them as privileged identities with real blast radius.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when a compromised AI agent reaches data it should not access?
A: Accountability usually sits across the teams that granted the permissions, observed the traffic, and enforced containment. IAM owns entitlement scope, security architecture owns segmentation design, and application owners own the agent's intended behaviour. In practice, organisations need a shared control model, because no single team can govern an autonomous or semi-autonomous agent safely in isolation.
👉 Read our full editorial: AI agent security needs visibility before enforcement