Artificial intelligence agents garner widespread affection among tech experts, yet they are increasingly perceived as a looming security concern.

Enterprises struggle to keep up with their AI agents: A visibility problem

Artificial intelligence agents garner widespread affection among tech experts, yet they are increasingly perceived as a looming security concern.

Businesses are increasingly embracing AI agents, but a new study suggests these tools might be outpacing enterprises' ability to secure them effectively. A survey of 353 IT professionals has uncovered a mix of excitement and unease regarding AI agents, as enterprises grapple with understanding what these agents are accessing on a daily basis.

AI Agents: A burgeoning security threat

Enterprises are incorporating AI agents into various operations dealing with sensitive data, from customer records and financials to legal documents and supply chain transactions. However, the survey reveals that 96% of respondents view these very agents as an escalating security concern. One primary issue is visibility: only 54% of professionals claimed they have a comprehensive understanding of the data their agents can access, leaving nearly half of enterprise environments in the dark about AI agent interactions with critical information.

Governance and control make a difference

Ninety-two percent of respondents agreed that proper governance is crucial for bolstering AI agent security, but only 44% have a governance policy in place. To address this issue, calls for an identity-focused approach to AI agents are growing louder. Organizations should treat AI agents like human users, complete with access controls, accountability mechanisms, and full audit trails.

Missteps and vulnerabilities

Eight in ten companies report that their AI agents have conducted actions they were not intended to perform, including accessing unauthorized systems (39%), sharing inappropriate data (33%), and downloading sensitive content (32%). Moreover, 23% of respondents admitted their AI agents have been compromised, potentially revealing access credentials to malicious actors.

Securing AI agents: Strategies and best practices

To effectively secure AI agents, enterprises can take several measures:

1. Provenance tracking and data integrity: Use trusted and reliable data sources, and implement provenance tracking to ensure data integrity throughout the AI lifecycle.
2. Encryption and zero-trust architecture: Implement encryption and adopt a zero-trust architecture to protect against breaches.
3. Least privilege principle: Limit the use of elevated privileges and apply the least privilege principle to minimize the potential damage from compromised AI agents.

By adopting these strategies, organizations can effectively secure AI agents, ensure proper governance, establish audit trails, and exercise control over their actions. The survey underscores the urgent need for enterprises to invest in AI security measures to ensure the safe and efficient use of these powerful tools.

To stay up-to-date on the latest news, opinion, and guidance for your business, consider subscribing to our Pro newsletter.

1. Given the increasing adoption of AI agents in various business operations that handle sensitive data, it is crucial for enterprises to secure them effectively.
2. Adequate governance is essential for bolstering AI agent security, as evidenced by the fact that only 44% of the surveyed professionals have a governance policy in place.
3. To mitigate security concerns associated with AI agents, implementing provenance tracking, encryption, zero-trust architecture, and the least privilege principle can help ensure data integrity, prevent breaches, and limit potential damage from compromised AI agents.

Read also: