TL;DR: One in eight AI breaches are linked to agentic systems, while most controls still stop at prompts, policies, or static permissions, leaving execution-time behaviour largely unobserved, according to HiddenLayer. The real problem is that autonomous agents can create impact inside the same session that traditional review and monitoring models assume is still ongoing.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- One in eight AI breaches are linked to agentic systems, according to HiddenLayer’s 2026 AI Threat Landscape Report.
Questions worth separating out
Q: How should security teams govern autonomous AI agents at runtime?
A: Treat the agent as a runtime identity whose behaviour must be observed while it acts, not just before it starts.
Q: Why do static permissions fail for autonomous AI execution?
A: Static permissions define what an agent can access in theory, but they do not control how the agent combines access, tools, and timing during execution.
Q: What breaks when AI agent behaviour is only monitored at the prompt layer?
A: Prompt-layer monitoring misses the point where risk becomes real, which is tool use, data movement, and chained actions inside the session.
Practitioner guidance
- Instrument agent sessions end to end Capture tool calls, data access, branching decisions, and outputs for each autonomous session so investigators can reconstruct behaviour after an incident or policy violation.
- Move enforcement to the point of action Block or redact unsafe actions when the agent attempts them, rather than relying on prompt filtering or static allow lists that cannot react to runtime context.
- Define agent-specific containment triggers Set escalation conditions for anomalous chaining, unexpected system access, and repeated data movement so containment can begin before the workflow completes.
What's in the full announcement
HiddenLayer's full article covers the operational detail this post intentionally leaves for the source:
- How the AI Runtime Security module maps visibility, hunting, and enforcement into agent gateways and execution frameworks.
- What phased deployment looks like when teams want runtime controls without rewriting applications.
- The specific detection and enforcement capabilities described for prompt injection, malicious tool calls, and data exfiltration.
- Why HiddenLayer frames agentic security around behaviour, not only prompts or static permissions.
👉 Read HiddenLayer's update on agentic runtime security for autonomous AI execution →
Agentic runtime security for autonomous AI execution: are controls keeping up?
Explore further
Execution-time governance is the control boundary that now matters most for AI agents. HiddenLayer’s update shows that prompt-level controls and static permissions only shape the front door of agentic systems. They do not govern what happens once an autonomous actor starts chaining tools, switching contexts, and acting at machine speed. The practitioner implication is clear: the security boundary moves from authorisation intent to runtime behaviour.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether AI agent controls are actually working?
A: Look for evidence that the organisation can reconstruct sessions, explain why a tool was called, and show where unsafe actions were blocked or redacted. If investigations depend on guesswork or final output alone, the control set is not governing runtime behaviour effectively.
👉 Read our full editorial: Agentic runtime security exposes the gap between prompts and actions
Execution-time governance is the control boundary that now matters most for AI agents. HiddenLayer’s update shows that prompt-level controls and static permissions only shape the front door of agentic systems. They do not govern what happens once an autonomous actor starts chaining tools, switching contexts, and acting at machine speed. The practitioner implication is clear: the security boundary moves from authorisation intent to runtime behaviour.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether AI agent controls are actually working?
A: Look for evidence that the organisation can reconstruct sessions, explain why a tool was called, and show where unsafe actions were blocked or redacted. If investigations depend on guesswork or final output alone, the control set is not governing runtime behaviour effectively.
👉 Read our full editorial: Agentic runtime security exposes the gap between prompts and actions