Corporate Security Shifts Allegiance: The Emerging Role of Agentic AI as the Antagonist
In the rapidly evolving world of technology, agentic AI is poised to become a driving force across various industries, from customer service to cybersecurity. However, this rise in agentic AI usage also brings forth new security concerns that enterprises must address to harness its benefits while minimizing associated risks.
One of the main security issues is context corruption, where AI agents can be tricked by maliciously injected instructions or corrupted context across multiple data sources, causing them to execute unintended or harmful tasks. Other concerns include authentication and authorization flaws, dynamic tool sourcing and supply chain risks, internal risks such as IP theft and data leakage, and external risks where attackers use agentic AI to automate evolving cyberattacks.
The growing number of AI agents with system-level access creates complexity in identity and access management, raising compliance and auditing challenges. Additionally, traditional cyber threats such as misconfigurations, exposed APIs, Denial of Service (DoS) attacks, and software vulnerabilities still threaten the system layers hosting agentic AI.
To mitigate these risks, it is recommended to adopt continuous risk control strategies, monitor agentic AI behavior broadly and dynamically, and adjust security measures in near real-time to handle unpredictable AI actions. Enterprises should also maintain comprehensive internal visibility and strong access controls, track AI workloads precisely across SaaS and internal systems, and enforce strict authentication and authorization policies tailored for AI agents.
Robust software supply chain security is essential, requiring vetting and monitoring of third-party components and model inputs to prevent the injection of malicious code or corrupted data sources. Leveraging smart automated decision systems for AI access can help avoid relying solely on human approvals, employing intelligent systems that can make real-time risk-based decisions about AI agent permissions and task execution.
Securing APIs and interfaces is crucial to prevent resource exhaustion, data leakage, and code injection attacks via agentic AI interfaces. Preparing security teams with AI-specific skills and tools is vital to understand AI agent behaviors and threats, enabling proactive defense and quick incident response.
As agentic AI becomes more prevalent in enterprise software, it is crucial for enterprises to assert AI governance and ensure that developers are equipped to maintain oversight and security skills to safely prompt and review AI-assisted code and commits. By addressing both AI-specific and traditional security concerns with a layered, dynamic defense approach, enterprises can harness agentic AI's benefits while minimizing associated risks.
Gartner forecasts that by 2028, 33% of enterprise software applications will include agentic AI, making it possible for 15% of all day-to-day work decisions to be made autonomously. As this trend continues, the importance of securing agentic AI will only grow, ensuring the safe and efficient operation of businesses in the digital age.
- Pieter Danhieux, an expert in the field, emphasizes the importance of addressing security concerns in the increasing use of agentic AI, stating that corruption of AI agents' context can lead to harmful tasks execution.
- In light of Gartner's prediction that by 2028, 15% of day-to-day work decisions will be made autonomously by agentic AI, Danhieux stresses the need for cybersecurity measures tailored to AI agents, including robust software supply chain security and the leveraging of smart automated decision systems for AI access.
