AI agent security: are IAM controls keeping up with autonomy?

TL;DR: Agentic AI security is the discipline of protecting autonomous agents that interact with APIs, data sources, and users in real time, and WitnessAI argues that prompt injection, excessive permissions, and weak identity controls expand the attack surface. Access review processes assume stable privilege and predictable workflows; autonomous agents break that assumption because they can select actions and execute them within a single runtime session.

NHIMG editorial — based on content published by WitnessAI: What is Agentic AI Security?

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern autonomous AI agents in production?

A: Security teams should govern autonomous AI agents as distinct identities with explicit task boundaries, auditable actions, and tightly scoped permissions.

Q: Why do AI agents complicate least privilege and access reviews?

A: AI agents complicate least privilege because their access needs can change during a session as they interpret new inputs and choose tools dynamically.

Q: What breaks when agent identity is not tracked properly?

A: When agent identity is not tracked properly, incident response loses attribution, compliance loses evidence, and security teams lose the ability to prove which actor performed which action.

Practitioner guidance

• Inventory every active agent identity Document each agent, its owning team, connected APIs, retrieval sources, and downstream systems so no autonomous actor exists outside governance.
• Scope agent permissions to task boundaries Assign the minimum API, dataset, and tool access needed for each use case, then separate read, write, and execute paths so one compromised agent cannot roam across services.
• Treat prompts and retrieved content as untrusted inputs Filter external content before it reaches the agent, and block tool execution when input provenance is unknown or when content attempts to redirect policy or data access.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• How the vendor maps specific agent risks to its runtime control model across models, apps, and agents
• The vendor's step-by-step recommendations for inventorying agents, setting guardrails, and enforcing policy
• The article's discussion of observability, intent-based controls, and single-tenant deployment choices
• The vendor's framing of how its platform handles human employees and AI agents together

👉 Read WitnessAI's analysis of agentic AI security and autonomous agent risk →

AI agent security: are IAM controls keeping up with autonomy?

Explore further

View Full Forum →  |  NHI Foundation Course →