COMMENTARY: From financial risk management and customer experience to cyber threat detection and software development, Agentic AI has rapidly transformed business. Unlike traditional chatbots or smart assistants, AI agents are built to autonomously — or semiautonomously — execute tasks.Adoption has moved fast: A recent Gartner survey on risk management found that 53% of respondents say they had already deployed custom-built AI agent automation. As deployment accelerates, experts anticipate that every digital identity, including users, apps and devices, will interact with systems through AI agents.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]The potential productivity gains are enormous, but so are the risks. Without the right security foundation, AI agents expand the attack surface in dangerous new ways. Today, Agentic AI has reshaped how trust, authorization and resilience are enforced at scale, requiring enterprises to adopt advanced security measures such as discovery, threat modeling, security testing and runtime controls.Enterprise use cases Agentic AI delivers value across business units by letting employees interact with systems through simple chat interfaces. Specific examples include:These examples highlight the power of Agentic AI to democratize access to automation. Yet, removing technical barriers introduces new risks, particularly when non-technical employees may not fully understand or follow security best practices. The greater threat than human error? The AI agents themselves create unique security challenges.The new security challengesGartner predicts that through 2029, more than 50% of successful cyber attacks against AI agents will exploit access control weaknesses. Unlike human users, AI agents don’t inherently understand or respect policy boundaries. They follow instructions, not intent, which makes them vulnerable to manipulation through techniques such as jailbreaking or prompt injection. Even well-designed agents are often tricked by creative prompts or indirect injection vectors. For this reason, technical enforcement — not just policy — has become essential to securing AI agents.The role of privileged access managementHow can cybersecurity leaders deploy AI agents safely while maximizing value? Three best practices stand out:The combination of AI-ready PAM, structured autonomy and policy-driven control can deliver the guardrails enterprises need to scale AI securely and effectively.Adopting Agentic AI represents just the beginning. As more employees and systems rely on these agents, security leaders must balance innovation with control. The most successful organizations will establish governance early, allowing AI to accelerate operations without putting critical assets at risk.Enterprises that act now to secure Agentic AI with modern PAM and zero-trust controls will position themselves to innovate confidently. The ones that delay may find themselves cautionary tales in the next wave of AI-related breaches.Jeremy London, director of engineering, AI, and threat analytics, Keeper SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Human Resources:
- Provisions credentials during onboarding.
- Stores policies, training materials and signed forms in secure vaults.
- Reviews and expires contractor access.
- IT Operations:
- Exportss audit logs for compliance.
- Reviews and rotates privileged credentials.
- Enforces password rotation policies.
- Compliance and Legal:
- Stores region-specific compliance keys and API configurations.
- Adopt a modern privileged access management (PAM) platform: A modern PAM tool promises to enforce least-privilege access and offer full auditability, allowing organizations to secure agent workflows without sacrificing efficiency.
- Implement graduated autonomy: Let AI agents independently perform low-risk actions, such as listing secrets or performing system health checks, while requiring human approval for sensitive tasks like creating or deleting credentials.
- Define and enforce granular policies: Configure auto-approvals by action type, agent identity or time window, and ensure every AI action is logged and reviewable.
