Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Desktop AI agents and network visibility: can IAM keep up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9007
Topic starter  

TL;DR: As AI agents move from browser-based use to desktop workflows, enterprises lose visibility into access, data handling, and policy enforcement, according to Lasso Security. That gap turns governance, compliance, and sensitive-data control into network-level identity problems, not just endpoint or browser issues.

NHIMG editorial — based on content published by Lasso Security: Securing Desktop AI Agents with Palo Alto Networks Next-Generation Firewall Integration

Questions worth separating out

Q: How should security teams govern desktop AI agents that bypass browser visibility?

A: Security teams should extend governance to the network and endpoint layers so desktop AI activity is visible, attributable, and policy-enforceable.

Q: Why do desktop AI agents create a governance gap for IAM and NHI teams?

A: Desktop AI agents create a governance gap because they move execution outside the browser session that many controls assume is the primary observation point.

Q: What breaks when AI interactions are not tied to identity context?

A: When AI interactions are not tied to identity context, security teams can see traffic but cannot explain who acted, under what policy, or whether the action was approved.

Practitioner guidance

  • Expand visibility beyond browser telemetry Inventory where AI use now occurs on endpoints, in desktop apps, and through API-connected tools.
  • Define policy actions for sensitive data classes Create explicit rules for customer information, proprietary code, financial records, and internal documents.
  • Correlate AI events with identity records Join desktop AI access events, interaction metadata, and user-level activity patterns to a single audit trail.

What's in the full article

Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:

  • Specific firewall integration mechanics for extending AI inspection from browser to network traffic
  • Policy response options for sensitive-data events, including block, alert, and mask workflows
  • Examples of the data classes teams can govern, such as customer information, code, and financial records
  • Audit-log fields and activity metadata used to support compliance and oversight

👉 Read Lasso Security's analysis of desktop AI agent governance with Palo Alto Networks →

Desktop AI agents and network visibility: can IAM keep up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8472
 

Desktop AI governance fails when organisations treat local AI use as a browser problem. Once agents move into desktop workflows, the control surface shifts from web sessions to network paths, endpoint activity, and local policy enforcement. That means browser-centric visibility leaves a blind spot around how AI is actually used, especially when employees adopt copilots or desktop assistants outside sanctioned flows. The practitioner conclusion is simple: the identity model must follow the execution path, not the interface.

A few things that frame the scale:

  • 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when desktop AI tools transmit sensitive data?

A: Accountability should sit with the owning identity, the policy owner, and the team responsible for the control path that observed or failed to stop the transfer. If logging, masking, or blocking is incomplete, the accountability gap is a governance failure, not just an operational miss.

👉 Read our full editorial: Desktop AI agent governance needs network-level visibility



   
ReplyQuote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8472
 

Desktop AI governance fails when organisations treat local AI use as a browser problem. Once agents move into desktop workflows, the control surface shifts from web sessions to network paths, endpoint activity, and local policy enforcement. That means browser-centric visibility leaves a blind spot around how AI is actually used, especially when employees adopt copilots or desktop assistants outside sanctioned flows. The practitioner conclusion is simple: the identity model must follow the execution path, not the interface.

A few things that frame the scale:

  • 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: Who is accountable when desktop AI tools transmit sensitive data?

A: Accountability should sit with the owning identity, the policy owner, and the team responsible for the control path that observed or failed to stop the transfer. If logging, masking, or blocking is incomplete, the accountability gap is a governance failure, not just an operational miss.

👉 Read our full editorial: Desktop AI agent governance needs network-level visibility



   
ReplyQuote
Share: