Agentic risk

Expanded Definition

Agentic risk describes the exposure created when an AI system is not just generating output, but selecting actions, invoking tools, and continuing toward a goal with limited human supervision. In NHI security, that changes the problem from content correctness to action control: the system may hold valid credentials, reach production services, and chain decisions in ways that humans did not intend. This is why agentic risk sits at the intersection of identity, authorization, workflow design, and safety governance.

Definitions vary across vendors, but the practical boundary is simple: if the model can execute a task, not merely recommend one, the organisation has agentic risk to manage. Frameworks such as the NIST AI Risk Management Framework and the OWASP Agentic AI Top 10 both emphasise that autonomy, tool access, and decision pathways must be governed as a security surface. NHI teams should treat the agent’s identity, permissions, and escalation logic as first-class controls, not as implementation details.

The most common misapplication is assuming “read-only prompts” eliminate the issue, which occurs when an agent can still trigger downstream tools, APIs, or delegated workflows.

Examples and Use Cases

Implementing agentic systems rigorously often introduces additional approval steps, tighter permission scoping, and more logging, requiring organisations to weigh operational speed against the cost of containment.

• An AI support agent can open tickets, query customer systems, and issue refunds within preset thresholds, so its NHI credentials must be constrained to those exact actions.
• A developer agent can create branches, run builds, and submit pull requests, but should not possess deploy rights unless a separate human approval gate exists.
• An orchestration agent can call internal APIs and external SaaS tools, making it necessary to pair delegated access with short-lived tokens and strict auditability. Guidance in the NIST AI Risk Management Framework supports this type of lifecycle control.
• The AI LLM hijack breach case pattern shows how an exposed credential can turn a helpful agent into an attacker-controlled execution path.
• NHIMG’s OWASP NHI Top 10 highlights how excessive autonomy and weak identity boundaries combine into a compound risk.

Why It Matters in NHI Security

Agentic risk matters because the security failure is often not a single compromise, but a chain of valid actions taken by a system that was allowed to operate too broadly. Once an agent can authenticate, retrieve secrets, or call production systems, a mistaken prompt, poisoned instruction, or compromised tool path can become an incident. NHIMG’s 2024 ESG Report on managing non-human identities found that 72% of organisations have experienced or suspect a breach of non-human identities, which underscores how frequently machine identities become the entry point for broader misuse.

Agentic systems also widen blast radius because they can repeat actions at machine speed. The combination of autonomy and access makes secret hygiene, least privilege, and monitoring inseparable. Cases discussed in LLMjacking: How Attackers Hijack AI Using Compromised NHIs and the NIST Cybersecurity Framework 2.0 show the operational need to detect misuse early, before an agent turns routine access into sustained abuse. Organisations typically encounter agentic risk only after an agent has already performed an unsafe action, at which point governance, identity, and rollback controls become operationally unavoidable to address.

Related resources from NHI Mgmt Group

• Agentic Supply Chain
• What is the core decision loop Agentic AI follows and why does it create security risk?
• When does just-in-time access reduce risk for agentic AI, and when does it fall short?
• When do secrets become a higher risk in agentic AI environments?