MITRE ATLAS for AI agents: are your controls keeping up?

TL;DR: The first 2026 MITRE ATLAS update expands coverage of AI service APIs, agent tool credential harvesting, data poisoning, data destruction, and clickbait attacks against agentic browsers, according to Zenity. The shift matters because autonomous agents can invoke tools, credentials, and workflows at runtime, which means identity and runtime governance now sit at the center of AI security.

NHIMG editorial — based on content published by Zenity: Advancing MITRE ATLAS AI Security Through Zenity’s Contributions

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.

Questions worth separating out

Q: How should security teams govern AI agents that use enterprise tools and APIs?

A: They should govern them as privileged non-human identities with runtime visibility, scoped access, and explicit ownership.

Q: Why do agentic browsers create risk beyond normal web automation?

A: Agentic browsers can interpret content, make decisions, and execute actions on behalf of a task, which means malicious page content can steer machine behaviour directly.

Q: What breaks when AI agents can reach secrets through connected tools?

A: The trust boundary breaks because the agent’s usefulness often depends on access to tokens, keys, and service accounts held by adjacent systems.

Practitioner guidance

• Map agent runtime privilege chains Inventory every AI agent, the tools it can invoke, the credentials it can reach, and the downstream systems those credentials unlock.
• Separate agent access from human workflows Stop granting broad shared access to agentic browsers and assistants that mirror human work.
• Treat connected tools as credential exposure points Review every agent-connected tool for tokens, API keys, session material, or embedded secrets.

What's in the full report

Zenity's full analysis covers the operational detail this post intentionally leaves for the source:

• The specific ATLAS technique mappings and case-study context behind AI service API abuse and agent tool credential harvesting.
• The article's examples of how agentic browsers can be manipulated through page content, metadata, and workflow prompts.
• Zenity's discussion of where runtime monitoring, identity governance, and API telemetry fit into AI security operations.
• The source article's broader framing of agent-aware security as a foundation for enterprise AI defence.

👉 Read Zenity's analysis of MITRE ATLAS and agentic AI security →

MITRE ATLAS for AI agents: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →