Runtime authorization for AI agents: are your controls keeping up?

TL;DR: Kiteworks says 60% of organisations cannot terminate a misbehaving AI agent and 63% struggle to enforce purpose limits on agent actions, underscoring how execution-layer governance is lagging behind deployment, according to Kiteworks 2026 Data Security and Compliance Risk Forecast. Runtime authorization is now a practical control boundary, not an emerging theory.

NHIMG editorial — based on content published by 1Kosmos: runtime authorization for AI agents and the execution-layer controls behind it

By the numbers:

• 60% of organizations cannot terminate a misbehaving AI agent, and 63% are struggling to enforce purpose limitations on what agents are authorized to do.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI agents that can take high-risk actions at runtime?

A: Security teams should put policy enforcement in front of agent tool calls, not behind them.

Q: Why do static permissions fail for AI agents and delegated workflows?

A: Static permissions fail because agent intent and context can change after the credential is issued.

Q: What breaks when human approval is not tied to a specific agent action?

A: When approval is generic, it becomes impossible to prove what the human actually authorized.

Practitioner guidance

• Define a runtime policy boundary for high-risk agent actions Place policy enforcement at the MCP layer so every tool call is evaluated before it reaches the underlying API or service.
• Separate registration from execution governance Keep agent inventory and ownership records, but do not treat them as sufficient controls.
• Bind approvals to a single action window Issue verifiable credentials with a narrow validity period and explicit scope so approval cannot be reused beyond the approved task.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• The full MCP gateway placement model showing where the policy engine intercepts agent tool calls before they reach APIs.
• The verifiable credential flow, including issuer, binding, validity, scope, and context fields used to authorise a single action.
• The CIBA approval sequence for pushing runtime sign-off to a human owner and issuing an action-scoped credential.
• The rollout sequence for inventorying agents, piloting thresholds, and validating kill-switch revocation behaviour.

👉 Read 1Kosmos's analysis of runtime authorization for AI agents →

Runtime authorization for AI agents: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →