Notifications
Clear all
Topic starter
06/06/2026 11:22 am
TL;DR: AI agent risk evolves across configuration, runtime behavior, memory, and tool use, so snapshot scans and stateless prompt analysis miss multi-step attacks and stale exposure states, according to Zenity. The governance shift is from periodic monitoring to continuous, contextual risk assessment that can track agent behaviour as it changes.
NHIMG editorial — what this means for AI and NHI governance
Questions worth separating out
Q: How should security teams govern AI agents that change risk during execution?
A: Security teams should govern AI agents as dynamic identities whose effective access can change during a session.
Q: Why do snapshot scans fail for AI agent governance?
A: Snapshot scans fail because they capture exposure at one moment, while AI agent risk can change through instruction updates, memory changes, connector shifts, and chained actions.
Q: How do organisations know if AI agent monitoring is actually working?
A: Monitoring is working when it can explain why an agent’s risk changed after a connector update, memory change, or runtime action.
Practitioner guidance
- Move from snapshot scans to event-driven agent monitoring Treat configuration, permission, memory, and connector changes as live identity events, not periodic review items.
- Correlate posture, runtime, and environmental signals Create a single risk object for each agent so low-signal actions can be evaluated as part of an interaction chain instead of as isolated events.
- Bring MCP and connector changes into access governance Review whether tool endpoints, connector permissions, and runtime scopes are controlled with the same discipline as identity entitlements.
What's in the full announcement
Zenity's full research covers the operational detail this post intentionally leaves for the source:
- Stateful threat-engine behaviour across users, agents, and sessions for multi-step abuse detection
- Issues' Correlation Agent logic for connecting posture, runtime activity, and environmental signals
- Real-time ingestion of configuration, permission, MCP, and connector changes as they occur
- Examples of evolving threats such as gradual exfiltration and tool misuse in agent workflows
👉 Read Zenity's analysis of continuous contextual security for AI agents →
AI agent risk is changing in real time, not in snapshots?
Explore further
06/06/2026 12:07 pm
Snapshot-based AI agent monitoring is an expired control model. Agents do not hold risk still long enough for a posture scan to remain accurate by the time it is reviewed. The field should treat continuous state change as the baseline condition, not an edge case. That shifts identity governance from periodic visibility to continuous interpretation of runtime behaviour.
A few things that frame the scale:
- More than half of organisations experience AI agent scope violations, according to the 2026 AI Agent Governance Survey.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to the 2024 ESG Report: Managing Non-Human Identities.
A question worth separating out:
Q: What should teams do when AI agent tool access changes mid-session?
A: Teams should treat mid-session tool changes as an access event, not a routine operational detail. The access state should be re-evaluated immediately, and any correlated runtime behaviour should be reassessed before the agent continues. Otherwise, the system may continue acting under an outdated understanding of privilege.
👉 Read our full editorial: Continuous contextual security for AI agents raises the bar
