COMMENTARY: Organizations deployed AI agents in 2025 at a rate that surprised even the people building them. AI agents aren’t emerging — they’re embedded. They’re now part of the operational fabric of any competitive organization.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]In fact, according to Microsoft first-party telemetry from November 2025, more than 80% of the Fortune 500 have active agents built using these low‑code/no‑code tools. The scale of that adoption has triggered an important question in boardrooms: Are AI agents a new risk vector we aren’t prepared for? I have a simple answer, based on telemetry, customer conversations, and our research across sectors: AI agents aren’t an entirely new risk. They’re a reality check on old ones. For years, organizations carried quiet weaknesses in identity management, data protection, and governance. Humans compensated for these gaps with judgment, legacy knowledge, and manual intervention aligning disparate security tools and policies. But agents have no such intuition. They follow the permissions and content they’re given — with speed, precision, and total indifference to org charts and business norms. If a file gets overshared, an agent will find it. If there’s inconsistent governance, an agent will expose it. And if access to sensitive materials becomes too broad, an agent will have access to it too. This moment isn’t about agents creating chaos: it’s about agents revealing it. Given the proliferation of agents and AI in the workplace, this means a large majority are at risk of moving forward without the guardrails they’ll ultimately need. Agents make this inconsistency highly visible because they operationalize whatever governance structures exist — or fail to exist. Telemetry isn’t optional. It’s how we detect misuse, drift, or compromise early. 4. Ensure interoperability doesn’t dilute governance. Agents will work across Microsoft platforms, open‑source frameworks, and external ecosystems. Governance must travel with them. That means consistent logging, identity enforcement, and policy application across all environments. 5. Make security foundational — by design and by operation. The risks are real: misconfigured access, prompt injection, jailbreaks, and data leakage. But they are solvable when organizations apply zero-trust principles and treat agents as first‑class citizens in their threat models. AI agents are not a technology story: they’re an organizational maturity story. The winners of the agent era will govern agents confidently, transparently, and consistently. They’ll look a regulator, customer, or board member in the eye and say: And that’s the opportunity: a once‑in‑a‑generation chance to modernize how organizations secure identity, protect data, and manage access. Organizations that move now won’t just reduce risk — they’ll unlock innovation at machine speed. Rudra Mitra, corporate vice president, Microsoft Purview for AI SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Agents surface issues that human‑only workflows could hide
Across industries, we’re watching three long‑standing problems become impossible to ignore:- Identity and access sprawl becomes operational, not theoretical: In human workflows, people often self‑police. They “know better” than opening a sensitive spreadsheet not intended for them, or helpfully reroute data somewhere, if it doesn’t belong where it should. Agents don’t know better — they operate off literal commands and technical limits of what they are allowed to do. The result: overshared data, misconfigured permissions, and legacy access patterns show up instantly and repeatedly, anywhere inconsistent internal controls exist.
- Shadow AI becomes visible — and measurable: Many organizations don’t yet know how many agents they have, where they run, or what data they can touch. Some agents are sanctioned by a company’s IT departments; others are not. Regardless of their status, often well-meaning employees have turned to them to move faster. Here’s how we get silent dependencies, risky connectors, and workloads no one is explicitly accountable for.
- Governance gaps become quantifiable: According to our Data Security Index, only 47% of organizations across industries report they are implementing specific GenAI security controls, highlighting an opportunity for organizations to gain clear visibility necessary for safe AI adoption. Even more important, according to a multinational survey of more than 1,700 data security professionals commissioned by Microsoft from Hypothesis Group, already 29% of employees have turned to unsanctioned AI agents for work tasks.
The front-runners aren’t slowing down — they’re modernizing
Today, all our data shows that highly-regulated, operationally complex industries aren’t hitting the brakes on AI agents — they’re leaning in. Financial services, including banking and capital markets, now represents roughly 11% of global AI agent usage in Microsoft customer telemetry, underscoring how quickly agents are becoming embedded in core business workflows.Financial services is not alone in this acceleration. Manufacturing, an operationally intensive sector, now represents about 13% of global agent usage, signaling strong adoption across factories, supply chains, and energy operations. At first glance, this may seem counterintuitive. Why would some of the most risk‑aware organizations move fastest? Because they understand a critical reality: agent ROI rewards strong governance. When identity controls are mature, data becomes well classified, and when we build oversight into operations, teams can deploy agents confidently and at scale. These organizations aren’t using agents as experimental tools. They’re using them to modernize long‑standing processes — accelerating customer service, reducing manual triage, and embedding human‑agent collaboration directly into day‑to‑day work. In this context, governance isn’t a constraint on innovation: it’s what lets AI scale safely, predictably, and at machine speed.An action plan for safe, scalable agent adoption
Leaders shouldn’t ask: “Should we allow agents?” They should ask: “How do we govern them with the same rigor we govern humans and applications?” Here’s the five‑part framework I recommend: 1. Establish a comprehensive agent registry.Don’t think of a registry as a nice‑to‑have, it’s a prerequisite. It acts as a single source of truth for all agents: sanctioned, third‑party, and shadow. Without it, the team will fly blind. A registry helps us prevent sprawl, enforce accountability, and quarantine unsanctioned agents when necessary. 2. Apply human‑grade access controls. Agents need identity. They need least‑privilege permissions. They need the same policies that govern human users and service accounts. If an agent has unnecessary access, that’s not an AI problem — that’s a governance problem that was always there. 3. Build real‑time observability and behavior monitoring. Leaders need to answer these questions:- Where does every agent run?
- What systems do they touch?
- What data do they read or write?
- What does “normal” behavior look like for an agent?
- Yes, we know what every agent does.
- Yes, our governance works.
- Yes, we can scale safely.
