Enterprise AI security and agentic risk: what teams need to know

TL;DR: Enterprise AI security now spans models, agents, retrieved data, and employee interactions, and the source argues that governance without enforcement creates policy theater while runtime controls, discovery, and continuous validation are becoming essential, according to Lasso Security. That shift means security teams must design for how AI behaves in production, not how it was intended to behave.

NHIMG editorial — based on content published by Lasso Security: Enterprise AI Security: Managing Risk Across AI Apps & Agents

By the numbers:

• By 2028, Gartner predicts that half of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI applications.
• Through 2027, Gartner predicts that manual AI compliance processes will expose 75% of regulated organizations to fines exceeding 5% of their global revenue.

Questions worth separating out

Q: How should security teams govern AI agents that can call tools and access data?

A: Security teams should govern agents as privileged actors, not as chat interfaces.

Q: Why do AI agents complicate zero trust and least privilege?

A: AI agents complicate zero trust because their behaviour can change inside a single session, while least privilege is often designed at provisioning time.

Q: What breaks when AI security relies only on policy and review?

A: Policy-only programmes break because they describe expected behaviour without constraining live execution.

Practitioner guidance

• Inventory every AI application and agent Create a complete register of sanctioned tools, developer-built agents, low-code systems, and shadow AI connected to your environment.
• Map tool access and retrieval boundaries Document which APIs, knowledge bases, and MCP servers each agent can reach, then compare that map to the permissions the underlying identity actually holds.
• Enforce runtime controls on prompts and actions Inspect prompts, retrieved content, and tool calls in production, then block or quarantine behaviour that exceeds intended scope.

What's in the full article

Lasso Security's full blog post covers the operational detail this analysis intentionally leaves for the source:

• The article’s step-by-step breakdown of AI discovery and inventory across sanctioned tools, developer-built agents, and shadow AI.
• The runtime enforcement model for prompt inspection, response inspection, and adaptive guardrails in live production.
• The capability-by-capability architecture for AI-SPM, red teaming, and runtime protection, including where each one stops.
• The full explanation of how agent-to-agent interactions, MCP dependencies, and copilot permissions expand the attack surface.

👉 Read Lasso Security's guide to enterprise AI security across apps and agents →

Enterprise AI security and agentic risk: what teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →