Notifications
Clear all
Topic starter
15/05/2026 7:41 pm
TL;DR: Anthropic’s paper breaks AI agent security into four layers, model, harness, tools, and environment, and reports that 93% of permission prompts are approved without reading while complex tasks trigger clarification only 16.4% of the time. The governance gap is no longer theoretical: organisations must treat agent permissions, tool drift, and deployment context as persistent NHI controls, not user prompts.
NHIMG editorial — based on content published by Backslash Security: Anthropic's shared responsibility security model for AI agents, explained
By the numbers:
- Anthropic’s data shows 93% of permission prompts are approved without reading.
- On complex tasks, Claude asks for clarification on 16.4% of turns.
Questions worth separating out
Q: How should security teams govern AI agents as non-human identities?
A: Security teams should govern AI agents as persistent non-human identities with scoped authority, not as transient prompts.
Q: When does human approval become ineffective for AI agent security?
A: Human approval becomes ineffective when volume, speed, or ambiguity causes reviewers to stop reading before approving.
Q: What is the difference between controlling an AI model and controlling an AI agent?
A: Controlling a model focuses on what the system says or refuses.
Practitioner guidance
- Map every agent to its four responsibility layers Document which model, harness rules, connected tools, and runtime environment apply to each agent.
- Replace per-action approval with task-scoped policy Define what an agent may do by job function, data class, and tool set, then enforce those limits continuously.
- Revalidate MCP servers after any capability drift Review tool descriptions, permissions, and outputs whenever an MCP server changes version, adds a function, or expands its data reach.
The governance task is to reduce reachable harm before autonomy expands further?
👉 Read Backslash Security's analysis of Anthropic's shared responsibility model for AI agents →
Explore further
15/05/2026 7:42 pm
AI agents should be governed as NHI with layered responsibility, not as clever user interfaces. The strongest part of Anthropic’s framing is that it names ownership boundaries instead of collapsing all risk into the model. That is the right direction for IAM because agents hold credentials, invoke tools, and operate continuously. Security programmes that still treat them as session-based prompts will miss the real exposure. Practitioners should govern agents as persistent identities with scoped authority.
A few things that frame the scale:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
- Only 44% have implemented policies to govern AI agents, even though 92% agree that governance is critical for enterprise security.
A question worth separating out:
Q: Why do AI agents complicate zero trust architecture?
A: AI agents complicate zero trust because they can hold state, reuse credentials, and make tool calls across multiple systems without a fresh human decision each time. Zero trust still applies, but it must be enforced continuously at the harness, tool, and environment layers. Otherwise the agent becomes a high-speed trust multiplier.
👉 Read our full editorial: Anthropic's shared responsibility model reframes AI agent governance
