AI agents in ERP and CRM apps: are your controls keeping up?

TL;DR: AI agents embedded in ERP, CRM, and finance workflows can reason, plan, and act with elevated access, creating oversight, accountability, and data exposure risks that conventional automation does not fully cover, according to Delinea. The governance gap is that access review, monitoring, and lifecycle controls still assume stable, human-paced identity behaviour.

NHIMG editorial — based on content published by Delinea: Securing AI agents in business applications

By the numbers:

• 56% of organizations reported that shadow AI incidents are occurring on a monthly basis.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents in business applications?

A: Treat each agent as a non-human identity with a distinct owner, task-bound permissions, and explicit auditability.

Q: Why do AI agents increase risk in ERP and finance systems?

A: They increase risk because they can touch high-value records, make decisions from context, and operate with access that is often broader than a person would need.

Q: What do teams get wrong about AI agent oversight?

A: They often treat human-in-the-loop review as a policy statement rather than an operational control.

Practitioner guidance

• Inventory every business application agent Create a register of agents, the systems they can reach, the actions they can perform, and the human owner accountable for each one.
• Assign distinct identities to each agent Avoid shared service accounts for agents so access reviews, incident response, and audit trails map back to a single non-human actor.
• Constrain agent access to task scope Limit read and write permissions to the minimum records and functions needed for the specific workflow, especially in finance and procurement.

What's in the full article

Delinea's full blog covers the operational detail this post intentionally leaves for the source:

• Step-by-step examples of AI agents in Microsoft Dynamics 365 workflows, including supplier communications, reconciliation, expenses, and scheduling.
• Specific guidance on human-in-the-loop review points for agent actions in business applications.
• The five-part framework covering inventory, access control, monitoring, lifecycle management, and human oversight.
• The vendor's examples of how agent behaviour changes when permissions are too broad or attribution is too weak.

👉 Read Delinea's analysis of securing AI agents in business applications →

AI agents in ERP and CRM apps: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →