SAN FRANCISCO: Every RSA Conference (RSAC) has a technical center of gravity. At Moscone this year, in sessions and conversations with peers, it’s not about refining the stack we have, it’s about the introduction of autonomous AI agents that swarm and act.And they’re forcing a reckoning with security architectures never designed for their speed, scope, complexity, or probabilistic LLM behavior.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]As AI agents “join” the workforce, they plan, reason, and act inside production environments without waiting for a human in the loop. When something goes wrong, the timeline from exploitation to exfiltration can shrink to seconds.Governance and security tooling have not caught up. That reality even came through on the main stage during founder and CEO of CrowdStrike George Kurtz’s keynote yesterday.In conversations with other CISOs and security professionals this week, it’s clear many organizations are already deploying AI agents, often without the appropriate level of oversight. The business is moving faster than governance processes were designed for, leaving CISOs working to maintain alignment in real time. That tension may become one of the defining security issues of the next few years.What I’m hearing this week is something I feel in my bones: we’ve seen this pattern before. Cloud adoption accelerated before identity and configuration discipline matured. APIs scaled before inventory and authentication caught up. AI agents are repeating that pattern, but with a crucial difference.These systems can take autonomous action. They initiate workflows, retrieve information, interact with systems, and in some cases make operational decisions.And it’s a breakneck pace of adoption. And, the agents do not take coffee breaks.These agentic AI agents are powerful. But it’s also a governance challenge. Security conversations often focus on model risks such as prompt injection, training data exposure, or hallucinations. Those risks matter. Frameworks such as NIST’s AI Risk Management Framework and OWASP’s Top 10 lists for LLM Applications and Agentic Systems provide important guidance.But as conversations across sessions and meetings this week make clear, the bigger question may be operational control.In many enterprises today, those answers are still unclear.The idea of an “agentic workforce” forces security teams to rethink AI not only as software, but also as a kind of digital staff member. We would never hire an employee, hand them administrator credentials, and simply hope for the best. We define roles, enforce least privilege, monitor activity, and establish accountability.We need to treat AI agents the same way.That starts with identity. Every AI agent needs a defined identity, bounded permissions, and strong authentication controls. Identity governance must extend to machine actors just as it does to humans and traditional service accounts.Visibility matters just as much. Security telemetry should capture agent behavior so teams can investigate and govern actions across systems. If an AI system triggers activity across multiple environments, defenders need a clear audit trail to understand what happened and why.Organizations will also need playbooks for AI failure modes. Agents will make mistakes. They may act on incomplete context, misinterpret instructions, or be manipulated through indirect prompt injection. Teams have to prepare security programs to detect and contain those situations quickly. At the same time, teams must secure the broader software and data supply chain surrounding the agent, especially to prevent context poisoning and manipulation.Strong governance does not slow innovation. In many ways, it enables it. When boards and executives trust the controls surrounding AI systems, organizations can deploy them more confidently and at greater scale.The encouraging news: the security community already understands much of the solution. Identity governance, least privilege, continuous monitoring, and incident response are not new ideas. We now need to extend those practices to a new class of digital actors.As conversations about agentic systems continue this year, organizations should pause to ask two simple questions:AI agents may become the fastest and most capable members of the workforce. It’s an exciting prospect. But it’s also a reminder that governance cannot remain an afterthought. If we want organizations to trust these systems, security leaders must build the guardrails that let innovation move forward safely.The systems themselves do not understand trust or risk.That responsibility still belongs to us.Diana Kelley, chief information security officer, Noma SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Who authorizes an AI agent to act?
- What systems can it access?
- What guardrails prevent it from operating outside its intended scope?
- Do we know what our AI systems are allowed to do?
- And, if one of them acts unexpectedly, will we see it quickly enough to respond before harm occurs?





