Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agent security gaps: are your identity controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: AI agents expand the attack surface through prompt injection, overprivileged APIs, weak token validation, and supply chain dependencies, while the source article recommends guardrails, sandboxing, runtime monitoring, and continuous validation, according to WitnessAI. The deeper issue is that existing IAM assumptions break when agents can chain actions, select tools, and act inside live workflows.

NHIMG editorial — based on content published by WitnessAI: AI agent security vulnerabilities, controls, and best practices

By the numbers:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that can take actions in enterprise systems?

A: Security teams should govern AI agents as active identities, not passive software.

Q: Why do AI agents complicate zero trust and least privilege models?

A: AI agents complicate zero trust because they can chain decisions and calls inside a live session, making static trust assumptions less reliable.

Q: What breaks when AI agents have overprivileged API keys?

A: Overprivileged API keys turn a single agent compromise into broad enterprise exposure.

Practitioner guidance

  • Define the agent’s trust boundary Document every data source, API, and downstream system an agent can reach, then separate approved read paths from action paths so prompt content cannot directly trigger privileged execution.
  • Scope and rotate agent credentials Issue distinct credentials for each agent function, apply the minimum viable scope, and enforce rotation or expiry for tokens that can touch production systems or sensitive records.
  • Add execution-time policy checks Require deterministic validation before any agent writes data, sends messages, calls an external API, or starts a workflow that affects records or infrastructure.

What's in the full article

WitnessAI's full article covers the operational detail this post intentionally leaves for the source:

  • Expanded breakdown of prompt injection, indirect prompt injection, and jailbreak patterns in agent workflows
  • Step-by-step guardrail, sandboxing, and runtime validation measures for high-risk agent actions
  • Detailed discussion of access controls, token validation, and supply chain dependency risks in AI systems
  • Operational guidance on monitoring, auditing, and red-teaming agent behaviour across the lifecycle

👉 Read WitnessAI's analysis of AI agent security vulnerabilities and controls →

AI agent security gaps: are your identity controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI agent security is becoming a governance problem before it is a tooling problem. Traditional IAM assumes that identity can be issued, reviewed, and retired on a predictable cycle. Agentic systems can generate their own task paths, so the control question shifts from who is signed in to what the agent can decide and execute at runtime. The implication is that access governance now has to follow behaviour, not just entitlement.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when an AI agent makes an unauthorised decision?

A: Accountability stays with the organisation that authorised the agent, its permissions, and its operating controls. That includes security, IAM, engineering, and governance owners who approved the access model. If no one can explain the agent’s permitted actions, then the governance model is incomplete.

👉 Read our full editorial: AI agent security gaps are widening across enterprise identity controls



   
ReplyQuote
Share: