AI agent security gaps: are your identity controls keeping up?

TL;DR: AI agents expand the attack surface through prompt injection, overprivileged APIs, weak token validation, and supply chain dependencies, while the source article recommends guardrails, sandboxing, runtime monitoring, and continuous validation, according to WitnessAI. The deeper issue is that existing IAM assumptions break when agents can chain actions, select tools, and act inside live workflows.

NHIMG editorial — based on content published by WitnessAI: AI agent security vulnerabilities, controls, and best practices

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that can take actions in enterprise systems?

A: Security teams should govern AI agents as active identities, not passive software.

Q: Why do AI agents complicate zero trust and least privilege models?

A: AI agents complicate zero trust because they can chain decisions and calls inside a live session, making static trust assumptions less reliable.

Q: What breaks when AI agents have overprivileged API keys?

A: Overprivileged API keys turn a single agent compromise into broad enterprise exposure.

Practitioner guidance

• Define the agent’s trust boundary Document every data source, API, and downstream system an agent can reach, then separate approved read paths from action paths so prompt content cannot directly trigger privileged execution.
• Scope and rotate agent credentials Issue distinct credentials for each agent function, apply the minimum viable scope, and enforce rotation or expiry for tokens that can touch production systems or sensitive records.
• Add execution-time policy checks Require deterministic validation before any agent writes data, sends messages, calls an external API, or starts a workflow that affects records or infrastructure.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

• Expanded breakdown of prompt injection, indirect prompt injection, and jailbreak patterns in agent workflows
• Step-by-step guardrail, sandboxing, and runtime validation measures for high-risk agent actions
• Detailed discussion of access controls, token validation, and supply chain dependency risks in AI systems
• Operational guidance on monitoring, auditing, and red-teaming agent behaviour across the lifecycle

👉 Read WitnessAI's analysis of AI agent security vulnerabilities and controls →

AI agent security gaps: are your identity controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →