Traditional tools are tuned for static systems, known boundaries, and conventional traffic patterns. AI introduces dynamic prompts, model memory, external tool calls, and data-dependent behaviour that do not fit those assumptions. That gap is why AI security needs identity, runtime, and data controls together, not in isolation.
Why Traditional Security Tools Miss AI Risk
Traditional controls were built for systems with stable identities, predictable sessions, and traffic that can be classified by known signatures or fixed policy. AI workloads break those assumptions. Prompts change intent at runtime, agents call tools, memory persists across steps, and outputs can trigger new actions. That means the risk is not just the model itself, but the identity, permissions, and data flows around it.
Security teams also lose visibility when AI components blend human input, service accounts, and external APIs into one workflow. A firewall can see a request, but it cannot reliably judge whether a model is about to exfiltrate a secret, escalate privilege, or chain actions through an MCP-connected tool. Current guidance suggests looking at the whole control plane, not just the model, as explained in OWASP NHI Top 10 and the CSA MAESTRO agentic AI threat modeling framework.
In practice, many security teams encounter AI misuse only after an agent has already been granted broad access and started interacting with real data.
How It Works in Practice
Effective AI security starts by treating each agent, connector, and workload as an identity-bearing entity, not as a neutral application feature. That shifts the design toward workload identity, short-lived credentials, and runtime authorization. Instead of handing an autonomous agent a long-lived secret, teams issue JIT credentials for a specific task, scope them tightly, and revoke them as soon as the task ends. That reduces the blast radius if the agent is manipulated, misprompted, or compromised.
Runtime policy matters just as much as credential hygiene. A static RBAC role often says what an agent may do in theory, but not whether it should do it in the current context. Intent-based authorisation is emerging because it lets policy engines evaluate what the agent is trying to do, what data it is touching, and whether the action matches the task. NIST’s NIST Cybersecurity Framework 2.0 supports this broader risk-based approach, while implementation patterns are increasingly discussed alongside Ultimate Guide to NHIs — Key Challenges and Risks and Top 10 NHI Issues.
- Use workload identity as the primary trust signal for agents, such as cryptographic proof from SPIFFE or OIDC-backed service identity.
- Prefer ephemeral secrets and narrow token scopes over reusable API keys and shared service accounts.
- Evaluate access at request time with policy-as-code rather than relying only on pre-defined roles.
- Log tool calls, secret access, and cross-system actions as part of the agent’s security trail.
These controls tend to break down in multi-step agent workflows with broad connector access because the system can drift from the original intent before a human review ever occurs.
Common Variations and Edge Cases
Tighter runtime controls often increase operational overhead, requiring organisations to balance faster automation against more policy exceptions and review points. That tradeoff is real, especially when teams run mixed environments with legacy apps, cloud services, and experimental agents side by side. Best practice is evolving here: there is no universal standard for intent-based authorisation yet, so teams should expect to combine several methods rather than wait for a single perfect control.
One common edge case is third-party tooling. If an agent can use OAuth-connected apps, hidden permissions can defeat otherwise strong internal controls. Another is memory-driven behaviour: an agent may not be malicious, but it can still surface sensitive context from prior tasks if retention and retrieval are not constrained. The DeepSeek breach shows how quickly exposed secrets and data can compound when governance lags behind deployment. For broader AI governance context, Ultimate Guide to NHIs — Why NHI Security Matters Now is a useful companion reference, especially when paired with Anthropic Project Glasswing for emerging agent safety thinking.
Traditional tools still matter, but they miss AI risk when the failure mode is identity abuse, dynamic delegation, or autonomous tool use rather than a known malware signature.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A01 | Agentic systems fail when identities and tool use are not constrained at runtime. |
| CSA MAESTRO | GOV-03 | MAESTRO emphasizes threat modeling for autonomous agent behaviour and tool chaining. |
| NIST AI RMF | GOVERN | AI RMF GOVERN covers accountability and oversight for AI risks that static tools miss. |
Assign ownership for agent behaviour, approvals, and logging under a formal AI governance process.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 29, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
