Agentic AI Requires a New Approach to Security

Organizations evaluating agentic artificial intelligence may need to look beyond conventional assumptions about software security. Unlike tools that simply generate responses to individual prompts, ag...

Organizations evaluating agentic artificial intelligence may need to look beyond conventional assumptions about software security. Unlike tools that simply generate responses to individual prompts, agentic systems can be designed to pursue objectives, make decisions, use connected services and take actions with limited human intervention. That autonomy introduces a different set of operational and security concerns.

The issue is not limited to malicious attackers. An agent can create risk through an incorrect interpretation of its goal, an overly broad permission, unreliable information or an unexpected interaction with another system. If an agent is able to access business data, send messages, modify records or initiate transactions, a routine error could have consequences well beyond an inaccurate answer.

Questions organizations should ask

  • What decisions and actions is the agent authorized to make?
  • Which systems, accounts and data can it access, and are those permissions limited to what it needs?
  • When is human approval required before an action is completed?
  • How are the agent’s instructions, outputs and activity recorded for review?
  • Can the organization quickly suspend the agent or revoke its access if behavior becomes unsafe?
  • How are changes to the model, tools, prompts and connected workflows tested and approved?

These questions point to a broader security reframe. Traditional controls such as identity management, least privilege, monitoring and incident response remain relevant, but they must account for systems that can interpret goals and act across multiple steps. Testing should therefore examine not only whether an agent produces an acceptable response, but also what it does when information is incomplete, instructions conflict or a connected service behaves unexpectedly.

Governance also matters. Clear ownership, defined operating boundaries and regular reviews can help organizations determine when autonomous behavior is appropriate and when a person must remain in control. Treating agentic AI as an ordinary software feature may leave important gaps. Treating it as an active system with authority, dependencies and failure modes provides a stronger basis for managing its risks.