TL;DR: Agentic AI systems are expanding the enterprise attack surface faster than governance can keep up, with one source article noting that nearly 80% of organisations already deploy AI agents and that task-specific agent integration could reach 40% of enterprise applications by the end of 2026. The real issue is not AI capability, but identity control: agents accumulate privileges, chain tools, and operate beyond the review cadence built for human-paced access.
NHIMG editorial — based on content published by Zero Networks: Agentic AI Cybersecurity Risks: How to Secure AI Agents
By the numbers:
- Almost 80% of organizations are already deploying AI agents.
- Gartner predicts that 40% of enterprise applications will be integrated with task-specific AI agents by the end of 2026, up from less than 5% in 2025.
- 48% of cybersecurity professionals now identify agentic AI and autonomous systems as the most dangerous attack vector.
Questions worth separating out
Q: How should security teams govern AI agents that can call tools across multiple systems?
A: Security teams should govern AI agents as non-human identities with explicit runtime boundaries.
Q: Why do AI agents create more identity risk than ordinary automation?
A: AI agents create more identity risk because they can select actions, invoke tools, and proceed through a task without a human approving each step.
Q: What do teams get wrong about least privilege for AI agents?
A: Teams often treat least privilege as a one-time provisioning exercise, but agentic systems change scope as they receive new tools, instructions, or data.
Practitioner guidance
- Inventory every active AI agent identity Build a live register of agents, their authentication method, the tools they can invoke, and the systems they actually reach in production.
- Constrain agent reach with deterministic policy boundaries Apply explicit network and application-level access boundaries so each agent can only reach the services, APIs, and data stores it demonstrably needs.
- Separate observation from approval for high-risk agent actions Use monitoring to learn normal agent behaviour, then require tighter controls for actions that cross systems, expose data, or invoke sensitive tools.
What's in the full article
Zero Networks' full article covers the operational detail this post intentionally leaves for the source:
- A four-step control roadmap for visibility, scope adjustment, enforcement, and policy lifecycle management
- The article's worked example of how agent behaviour can chain across exposed endpoints and production data paths
- Practical framing for deterministic, human-on-the-loop enforcement in AI agent environments
- Specific examples of the threat tactics the article groups under prompt injection, tool misuse, and impersonation
👉 Read Zero Networks' analysis of agentic AI cybersecurity risks →
AI agents and the governance gap teams are missing?
Explore further
Agentic AI creates an identity problem before it creates a model-risk problem. The article is strongest when it treats AI agents as processes with identities, because that is where the governance failure starts. Once an agent can call tools, expand context, and act across systems without step-by-step approval, the issue is no longer just AI safety. The practitioner conclusion is that identity teams now own part of the agent security boundary.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Another finding from the same report shows that only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when an AI agent exposes data or misuses tools?
A: Accountability should sit with the team that owns the agent’s identity, access policy, and operating guardrails. If the agent can access multiple systems, responsibility also extends to the owners of those systems because shared reach creates shared risk. Governance should make ownership explicit before the agent is allowed to act.
👉 Read our full editorial: Agentic AI attack surface is outpacing enterprise identity controls