On-prem authorization for AI agents and regulated systems

TL;DR: Broken access control remains the most exploited flaw in modern software, while stolen credentials appear in nearly one-third of breaches and AI-related incidents often lack proper access controls, according to Cerbos and referenced industry research. Authorization is shifting from an application detail to a board-level identity control because runtime decisions now govern humans, workloads, and AI agents alike.

NHIMG editorial — based on content published by Cerbos: authorization as a board-level infrastructure decision

By the numbers:

• Among organizations that experienced an AI-related breach, 97% lacked proper access controls, according to IBM's 2025 Cost of a Data Breach Report.

Questions worth separating out

Q: How should security teams implement authorization for AI agents and service identities?

A: They should separate policy from code, enforce decisions at runtime, and keep the decision engine deterministic.

Q: Why do coarse access models fail for non-human identities?

A: Coarse access models fail because non-human identities often act with task-specific context that changes faster than static roles can represent.

Q: How do organisations know if authorization governance is working?

A: They should be able to answer who can access what, why the policy allowed it, and which version of the policy produced the decision within minutes.

Practitioner guidance

• Centralise authorization policy management Move access rules out of application code and into a single policy lifecycle with version control, testing, approval, and audit logging across services and APIs.
• Separate policy decisions from enforcement Use a centralized decision point and deploy lightweight enforcement in services, APIs, and agent workflows so the same rules apply everywhere.
• Use deterministic runtime decisions Reserve AI for policy analysis and access pattern discovery, but require deterministic allow or deny decisions at the runtime boundary.

What's in the full article

Cerbos' full research-style article covers the operational detail this post intentionally leaves for the source:

• Policy architecture examples for central administration with decentralized enforcement across APIs and services
• Deployment-model considerations for regulated, hybrid, and air-gapped environments
• Detailed discussion of Cerbos Hub, PDP, Synapse, and enforcement SDKs in a distributed stack
• Standards references including AuthZEN and how it fits into enterprise authorization design

👉 Read Cerbos' analysis of on-prem authorization for AI agents and regulated systems →

On-prem authorization for AI agents and regulated systems?

Explore further

View Full Forum →  |  NHI Foundation Course →