AI benefits/risks, Identity, Exposure management

How Agentic AI made org charts obsolete

stunning futuristic background featuring "agentic ai" on a glowing circuit board. ideal for tech, ai, and innovation projects. high-resolution image perfect for websites, presentations, and more.

COMMENTARY: The growth of agentic AI has made one point clear: we’re done with role-based access control.

Static, role-based permissions simply don’t map to a world where agents — autonomous AI systems that perform tasks on behalf of people or applications — become “users” and take on tasks that don’t fit clean job descriptions.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

It’s a trend that’s accelerating fast, with AI agent adoption surging across enterprises, and much of it happening outside formal enterprise visibility and control mechanisms.

Attackers are already experimenting with ways to compromise agents, hijack their instructions, and execute full kill chains — and fixed privileges make this infinitely easier for them.

The only defensible access model going forward: embrace zero access and earn every permission, every time.

AI has broken the access model

Role-based access control was built for a slower world, with stable teams, predictable workflows, and job titles that mapped to access needs. Agentic AI has redefined a “user,” virtually making traditional access models obsolete.

Agents don’t belong to roles and don’t behave like employees. They jump between tasks, workflows, and datasets based on instructions, not job descriptions. A single agent might summarize emails, update internal systems, and trigger operational processes within minutes.

Agents also multiply access demand. Instead of one-human-per-identity, organizations now have many agents acting as users, each with their own set of permissions required to complete tasks. This rapidly expands the access footprint and increases the likelihood of over-privileged accounts.

In this environment, static privileges are dangerous. Every long-lived entitlement becomes an opportunity for a compromised agent.

Zero access by default

Teams need to avoid default permissions. Everyone should start the day with zero access. Every permission must get earned in real time, based on what’s needed in that moment.

For this to work, access must become:

  • Just-in-time: Access gets granted for a specific task, and disabled at task completion.
  • Scenario-based: Access activates only under specific conditions, such as when an assigned ticket gets opened. And removed at closure..
  • Continuously assessed: Identity, device posture, behavior, location, agent activity, and policy are checked at the moment of request, and continuously reassessed as risk changes.
  • Zero-access-by-default: Here’s the mindset shift. No standing privileges. No “just in case” access.

The real test of any access model: what happens when something goes wrong. Inevitably, we’ll see a misconfigured agent, a poorly made prompt, or a workflow that misbehaves. But how far will the damage spread?

For example, under a static access model, an AI agent has broad, default access. Before detection, a single mistake can escalate quickly and widely. Security teams are left reconstructing intent and access context after the fact.

Under a zero access model, we're looking at access that's minimal, time sensitive, and continuously reassessed, leaving far less room for impact. Fewer dormant privileges to exploit and fewer pathways to escalate, reduces impact by design.

This also changes investigations. Instead of untangling years of accumulated access, teams can focus on a much tighter question: what was allowed at this moment and under what conditions? That clarity matters when we need speed above all.

This dynamic access prevents compromised agents, model drift or unpredictable AI behaviors from turning into full-blown incidents. This level of control requires a change in mindset and tooling.

Making zero access real

Delivering this level of dynamic access also demands engineering investment, real-time decision making and tight alignment across security, product, and engineering.

It requires a risk-driven access engine built for the speed and scale of agentic AI, defined by four qualities:

  • Continuous visibility: Organizations must have clear visibility into what agents exist and what systems they can reach.
  • Real-time risk decision making: Continuous, real-time access decisions must get made based on identity signals, behavior, device posture, agent activity, and policy context.
  • Dynamic policy and attribute-based controls: Agents and humans request access unpredictably, and only a dynamic policy engine can grant or deny privileges with the precision these environments demand.
  • Machine speed: We must fully automate enforcement and revocation, not govern them by a human committee.

Agentic AI has irrevocably changed work, and static models will lose control of the systems they depend on. Agent proliferation and speed far outpace legacy access approaches.

Real-time, risk-driven access that’s just-in-time, scenario-based, and continuously assessed has emerged as a model that keeps pace with both human and agent behavior. It’s challenging, but none of us can afford the alternative.

James Robinson, chief information security officer, Netskope 

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds