Notifications
Clear all
Topic starter
06/06/2026 1:34 am
TL;DR: Industry submissions to the US Center for AI Standards and Innovation show broad agreement on the core risks of autonomous AI, but far less consensus on the right controls, according to Zenity’s review of 500 plus public comments. The real gap is governance that assumes decisions can be reviewed after the fact, when autonomous systems can act, chain tools, and trigger impact before human review is possible.
NHIMG editorial — based on content published by Zenity: What 500 plus industry experts told us about securing autonomous AI
By the numbers:
- Over 500 detailed submissions were received from Fortune 500 companies, defense contractors, AI startups, and cybersecurity firms.
Questions worth separating out
Q: How should organisations govern autonomous AI agents before they are allowed to act?
A: Organisations should govern autonomous AI agents at the point of action, not only at the point of access.
Q: Why do autonomous AI systems create accountability problems for IAM teams?
A: Autonomous AI systems create accountability problems because they can initiate actions, chain tools, and make decisions without a stable human operating moment behind each step.
Q: What breaks when autonomous AI is reviewed with normal access certification cycles?
A: Normal access certification cycles break because they assume privilege exists long enough to be observed and reviewed.
Practitioner guidance
- Map where review-based controls still assume human-paced execution Identify workflows where access review, certification, or exception handling happens after an agent has already acted.
- Define an identity chain for every autonomous system Require each agent to have a verifiable identity, an accountable owner, and a linked action record that can be traced across tools and downstream systems.
- Separate memory governance from authorization governance Treat persistent memory, shared context, and message history as controlled assets with different risk from runtime permissions.
What's in the full report
Zenity's full analysis covers the submission themes and policy recommendations this post intentionally leaves at the governance level:
- The full submission-theme breakdown across infrastructure, defense, startup, and security respondents.
- The policy timing recommendations for NIST, OMB, GSA FedRAMP, and DHS CISA.
- The specific gaps called out for pre-execution enforcement, AI identity standards, and authorization processes.
- The discussion of deployment friction and why current compliance paths do not fit non-deterministic systems.
👉 Read Zenity's analysis of 500 plus submissions on autonomous AI security policy →
Autonomous AI security policy gaps: what do practitioners need now?
Explore further
06/06/2026 2:46 am
Autonomous AI security exposes an assumption collapse in review-based governance: Access review processes were designed for conditions where privilege persists long enough to be observed, certified, and revoked. That assumption fails when the actor is autonomous because action, tool use, and impact can occur within a single execution cycle. The implication is not merely more monitoring, but a rethink of whether review cadence is still the right control primitive.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- A separate finding in the same study shows that 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
A question worth separating out:
Q: Who is accountable when an autonomous AI agent causes a security incident?
A: Accountability should rest with the organisation that deployed the agent, the owner of the delegated workflow, and the governance function that approved the operating model. A durable identity chain and decision record are essential, because liability and oversight cannot depend on an invisible or shifting human operator inside the execution path.
👉 Read our full editorial: Autonomous AI security needs policy before deployment outpaces governance
