Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Runtime authorization for AI agents: are your controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Kiteworks says 60% of organisations cannot terminate a misbehaving AI agent and 63% struggle to enforce purpose limits on agent actions, underscoring how execution-layer governance is lagging behind deployment, according to Kiteworks 2026 Data Security and Compliance Risk Forecast. Runtime authorization is now a practical control boundary, not an emerging theory.

NHIMG editorial — based on content published by 1Kosmos: runtime authorization for AI agents and the execution-layer controls behind it

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that can take high-risk actions at runtime?

A: Security teams should put policy enforcement in front of agent tool calls, not behind them.

Q: Why do static permissions fail for AI agents and delegated workflows?

A: Static permissions fail because agent intent and context can change after the credential is issued.

Q: What breaks when human approval is not tied to a specific agent action?

A: When approval is generic, it becomes impossible to prove what the human actually authorized.

Practitioner guidance

  • Define a runtime policy boundary for high-risk agent actions Place policy enforcement at the MCP layer so every tool call is evaluated before it reaches the underlying API or service.
  • Separate registration from execution governance Keep agent inventory and ownership records, but do not treat them as sufficient controls.
  • Bind approvals to a single action window Issue verifiable credentials with a narrow validity period and explicit scope so approval cannot be reused beyond the approved task.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

  • The full MCP gateway placement model showing where the policy engine intercepts agent tool calls before they reach APIs.
  • The verifiable credential flow, including issuer, binding, validity, scope, and context fields used to authorise a single action.
  • The CIBA approval sequence for pushing runtime sign-off to a human owner and issuing an action-scoped credential.
  • The rollout sequence for inventorying agents, piloting thresholds, and validating kill-switch revocation behaviour.

👉 Read 1Kosmos's analysis of runtime authorization for AI agents →

Runtime authorization for AI agents: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Runtime authorization is becoming the missing execution control for AI agent governance. Registration tells you that an agent exists, but it does not stop the agent from spending, changing, or reading outside policy once it is live. That gap is visible wherever enterprises can inventory agents but still cannot constrain action at the point of execution. The practical conclusion is that agent governance now has to include runtime policy enforcement, not just inventory.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint research.

A question worth separating out:

Q: How do organisations know whether agent governance is actually working?

A: Look for blocked out-of-scope calls, time-bound credentials, immutable decision logs, and automatic revocation when the accountable owner changes. If you can only prove that an agent was registered, you do not have governance. If you can prove every action was evaluated and attributed in real time, the control is working.

👉 Read our full editorial: Runtime authorization for AI agents: closing execution-layer control gaps



   
ReplyQuote
Share: