AI agents are no longer experimental. They now plan, decide, and act across enterprise systems, reading files, invoking tools, executing workflows, and communicating with other agents, at times with minimal human intervention.

Adoption is accelerating rapidly: most enterprise leaders expect to deploy agents within the next 12 to 18 months, and large organizations will likely manage tens of thousands of them operating concurrently.

As agent capabilities have been advancing, security controls need to adapt. Most organizations are still relying on security controls designed for human users and static applications.

That mismatch is surfacing concrete risks: uncontrolled agent sprawl, excessive access privileges, data oversharing, AI‑native attacks like prompt injection and memory poisoning, and regulatory blind spots caused by limited visibility into agent behavior.

As agents are being deployed, security and risk leaders need to identify and resolve blind spots before they outpace controls.

Agents Change the Nature of Cyber Risk

Agents do more than retrieve information. They reason, chain actions, call tools, collaborate with other agents, and operate continuously. This introduces new failure modes that perimeter- or access-only controls cannot contain.

For example:

• An HR agent designed to summarize resumes may be granted access to a general-purpose scripting tool, unknowingly giving it the ability to exfiltrate sensitive data.
• A research agent exposed to a malicious web page may pass poisoned instructions to a trusted financial agent, triggering unintended disclosure.
• A local agent running on an endpoint device may inherit powerful system-level access that far exceeds its intended purpose.

To manage these risks, security teams must treat AI agents as first-class actors, ensuring they are visible, accountable, constrained, and auditable.

Five Practical Steps to Reduce AI Agent Cyber Risk:

1. Establish Continuous Discovery and Inventory of All AI Agents

Agent sprawl is inevitable. Shadow agents will appear across cloud platforms, developer environments, devices, and business workflows.

Security leaders must start with continuous discovery: identifying every agent, who created it, how it was built, what data it accesses, what tools it can invoke, and whether it can communicate with other agents. Static inventories fail almost immediately as agents evolve, fork, and propagate.

Without persistent visibility, organizations cannot govern access, detect misuse, or demonstrate compliance.

2. Assign Every AI Agent a Distinct, Managed Identity

Agents should never operate anonymously or inherit human identities by default.

Every agent needs a unique, managed identity with explicit lifecycle governance. This enables authentication, authorization, auditing, and revocation, just as with employees or service accounts but often with stricter controls.

Unlike humans, agents operate continuously and can propagate errors at scale. Over-permissioned agents increase both attack surface and blast radius. Identity assignments are foundational to containment.

3. Constrain Agent Capabilities, Not Just Permissions

One of the most underestimated risks in agent deployments is excessive agency.

Organizations often focus on which data an agent can access but overlook what actions it is allowed to perform. General-purpose tools, like scripting environments, file system access, and system commands, can unintentionally grant agents far more authority than required.

Capabilities must be narrowly scoped and purpose-built. If an agent does not need to execute arbitrary code, modify systems, or traverse networks, it should not be able to do so. Capability design is now a core security decision—on par with data access.

4. Apply Data Security and Compliance to AI and Agent-to-Agent Workflows

Agents move data in ways traditional data security and compliance models were never designed to monitor.

They summarize sensitive content, generate derivative insights, pass context to other agents, and persist in memory over time. Data security policies must therefore extend into:

• Agent prompts and responses
• Tool and API interactions
• Agent-to-agent communication paths

Data classification, policy enforcement, and auditing must follow data across these interactions, not stop at traditional apps, browsers, and endpoints. This is essential for preventing oversharing, supporting compliance, and maintaining trust in agent-generated outputs.

5. Evaluate Agent Intent and Enforce It in Real Time

Security policies now need to augment permission-based enforcement with intent-based enforcement.

Each AI agent is deployed with intent:

• Organizational intent (policies, compliance boundaries)
• Developer intent (what the agent is designed to do)
• User intent (what is being requested in the moment)

Security risks increase when agents drift from their original intended behavior over time.

Just because an action is technically allowed does not mean it is intended. When agent behavior deviates from its defined purpose – attempting actions outside scope, accessing unrelated data, misusing tools – those actions must be detected and blocked, even if access controls alone would permit them.

This approach keeps agents “on mission” and provides a durable defense against manipulation, malfunction, and misuse across modalities.

The Path Forward

AI agents will meaningfully shape the next era of enterprise productivity—but only if organizations can trust them. Done well, the five practices above lay the foundation for scaling AI safely.

Trust is the outcome of visibility, control, and enforcement. Security leaders who enable agent discovery, assign agent identity, manage access to resources, ensure data security and compliance, and enforce intent will enable their organizations to scale AI responsibly.

When security and compliance controls are architected and embedded into agentic systems from the start, they end up being an accelerator for responsible AI transformation.