Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI agents in ERP and CRM apps: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: AI agents embedded in ERP, CRM, and finance workflows can reason, plan, and act with elevated access, creating oversight, accountability, and data exposure risks that conventional automation does not fully cover, according to Delinea. The governance gap is that access review, monitoring, and lifecycle controls still assume stable, human-paced identity behaviour.

NHIMG editorial — based on content published by Delinea: Securing AI agents in business applications

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents in business applications?

A: Treat each agent as a non-human identity with a distinct owner, task-bound permissions, and explicit auditability.

Q: Why do AI agents increase risk in ERP and finance systems?

A: They increase risk because they can touch high-value records, make decisions from context, and operate with access that is often broader than a person would need.

Q: What do teams get wrong about AI agent oversight?

A: They often treat human-in-the-loop review as a policy statement rather than an operational control.

Practitioner guidance

  • Inventory every business application agent Create a register of agents, the systems they can reach, the actions they can perform, and the human owner accountable for each one.
  • Assign distinct identities to each agent Avoid shared service accounts for agents so access reviews, incident response, and audit trails map back to a single non-human actor.
  • Constrain agent access to task scope Limit read and write permissions to the minimum records and functions needed for the specific workflow, especially in finance and procurement.

What's in the full article

Delinea's full blog covers the operational detail this post intentionally leaves for the source:

  • Step-by-step examples of AI agents in Microsoft Dynamics 365 workflows, including supplier communications, reconciliation, expenses, and scheduling.
  • Specific guidance on human-in-the-loop review points for agent actions in business applications.
  • The five-part framework covering inventory, access control, monitoring, lifecycle management, and human oversight.
  • The vendor's examples of how agent behaviour changes when permissions are too broad or attribution is too weak.

👉 Read Delinea's analysis of securing AI agents in business applications →

AI agents in ERP and CRM apps: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

AI agents inside business applications create an identity control problem, not just a productivity feature. Once an agent can reason over email, update purchase orders, or reconcile financial data, the application is no longer exposing a simple workflow helper. It is exposing a non-human actor with the ability to select actions from context. That changes the governance question from application access to runtime authority. Practitioners should treat the agent as an identity subject with measurable scope, not as a feature toggle.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • 52% of companies can track and audit the data their AI agents access, which means 48% still operate with a compliance and investigation blind spot.

A question worth separating out:

Q: Who should own AI agent access reviews and lifecycle decisions?

A: Ownership should sit with the business application team and the identity function together, because the workflow owner understands the task and the identity team understands privilege, audit, and offboarding. Without that split accountability, access reviews become generic checklists that miss the real operational risk.

👉 Read our full editorial: AI agent governance in business apps exposes gaps in IAM controls



   
ReplyQuote
Share: