Notifications
Clear all
Topic starter
06/06/2026 11:28 am
TL;DR: As enterprises move AI agents from experimentation to production, runtime threats now include sensitive data leakage, secret exposure, jailbreak attempts, and tool misuse, according to Zenity. Prompt-level and post-execution controls miss the point because agent decisions and chained actions unfold inside the execution path, where prevention has to happen in real time.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: How should security teams govern AI agents that can chain actions across enterprise systems?
A: Security teams should govern chained agent actions at runtime, not only at prompt submission.
Q: Why do prompt-level controls fail for AI agent security?
A: Prompt-level controls fail because they inspect a single input while the real risk emerges across multiple decisions and tool calls.
Q: What breaks when AI agents are only monitored after execution?
A: Post-execution monitoring breaks when the organisation needs prevention, not just evidence.
Practitioner guidance
- Move enforcement into the execution path Place controls where the agent actually calls tools and reaches data, so policy can stop unsafe actions before data moves or systems are impacted.
- Map every agent tool and data boundary Inventory the enterprise systems, APIs, and repositories each agent can invoke, then attach policy checkpoints to those boundaries instead of relying on prompt filtering alone.
- Separate observation from prevention Keep logging and alerting for investigation, but add inline blocking for secret exposure, jailbreak attempts, and tool misuse so runtime threats are contained in session.
What's in the full announcement
Zenity's full post covers the operational detail this post intentionally leaves for the source:
- The Microsoft Foundry execution-path integration details that show where runtime controls sit in the agent flow.
- The specific threat classes Zenity says its inline prevention covers, including secret exposure and tool misuse.
- The Azure Marketplace access path for organisations that need implementation-level procurement details.
- The partnership context that explains how the Foundry deployment model changes security placement.
👉 Read Zenity's analysis of runtime security for AI agents built on Microsoft Foundry →
AI agent runtime security in Foundry: are your controls keeping up?
Explore further
06/06/2026 12:17 pm
Runtime security for AI agents is now an identity control problem, not a model-safety problem. The article shows that agents increasingly make decisions, chain actions, and invoke tools across live enterprise systems, which means the control point has moved from prompt review to execution-time governance. Traditional IAM and security tooling were designed to approve access requests, not to arbitrate each autonomous action as it happens. Practitioners should treat runtime enforcement as the new perimeter for agent identity.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
A question worth separating out:
Q: How do IAM and NHI teams decide where to place controls for AI agents?
A: They should place controls at each boundary where the agent can access models, tools, data, or enterprise systems. The objective is to make authorisation follow behaviour, not just account provisioning. That creates a practical governance layer for agent identity across the systems the agent can actually affect.
👉 Read our full editorial: Runtime security for AI agents in Microsoft Foundry needs inline controls
