Notifications
Clear all
Topic starter
12/06/2026 9:21 pm
TL;DR: AI agents shift risk from model output to runtime action: they access systems, invoke tools, retain memory, and chain workflows, creating attack paths that static security controls were never designed to govern, according to Zenity. The key assumption collapses when agents can act continuously without human-paced review, making runtime visibility and delegated-access control the real security boundary.
NHIMG editorial — based on content published by Zenity: Securing AI Where It Acts: Why Agents Now Define AI Risks Chris Hughes • Mar 12, 2026
Questions worth separating out
Q: What breaks when AI agents are given human-level privileges?
A: The main failure is that a single delegated identity can now chain actions across systems, so one bad instruction or compromised token can trigger broad impact.
Q: Why do AI agents complicate IAM and PAM governance?
A: AI agents complicate IAM and PAM because they do not just authenticate, they act continuously after authentication.
Q: How do security teams know if an AI agent is crossing its intended boundary?
A: Look for new tool destinations, unusual action sequences, unexpected data retrieval, and privilege use that does not match the original task.
Practitioner guidance
- Map every agent to an owning identity and business purpose Inventory each AI agent, the credentials it uses, the systems it can reach, and the business process it supports.
- Constrain delegated access to the smallest possible action set Separate read, write, and invoke permissions for agent workflows, and avoid human-equivalent privilege by default.
- Monitor tool calls and context reuse at runtime Log every tool invocation, data retrieval event, and permission exercised by the agent, then alert on unexpected sequencing or new destinations.
What's in the full article
Zenity's full article covers the operational detail this post intentionally leaves for the source:
- Specific examples of agent risk patterns across SaaS, cloud, and browser-based environments
- Vendor-specific guidance on monitoring, runtime controls, and human approval checkpoints
- The article's discussion of how agent ecosystems expand across Microsoft, Salesforce, AWS, and other platforms
- Additional context on agent development tools and their effect on enterprise attack surface
👉 Read Zenity's analysis of why AI agents now define AI security risk →
AI agent security risks: are your controls keeping up?
Explore further
12/06/2026 11:22 pm
Agentic AI creates an identity problem before it creates a model problem. The security issue is not simply that agents are smart, but that they act with delegated authority across systems, data, and workflows. Once an agent can choose tools and execute actions in production, governance has to answer for an acting identity, not just an output generator. Practitioners should treat this as a shift from model governance to identity governance at runtime.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: Who is accountable when an AI agent causes business impact?
A: Accountability sits with the organisation that assigned the agent access, not with the model itself. The owner of the workflow, the platform team, and the governance function all need clear responsibilities for approval, monitoring, and offboarding. Without that structure, autonomous execution creates accountability gaps that are hard to close after the fact.
👉 Read our full editorial: AI agent security risks now depend on runtime governance
