Most organisations are using AI. Most organisations are in turn using AI Agents to improve productivity, security, privacy and customer engagement. However, the management of agents can be tricky. Shadow deployments, a lack of governance and poorly selected and implemented security controls are allowing this powerful infrastructure to become a target for both internal and external adversarial activity and accidental data leakage – simply due to poor identity considerations.
Agents pose an interesting set of business and security challenges. They exhibit some characteristics of workload and non-human identity – namely around scale, credential management and the like – yet they are operating in a non-deterministic manner. Meaning their behaviour will not always be consistent as they look to optimize against a goal they have been set – as opposed to the simple completion of a well prescribed task. But we simply can’t deploy IAM tooling that is built for humans for agents. We can borrow some concepts – but we also need to accept that the deployment landscape will be very much different.
Our recent cheat sheet on AI Agent Security is available here and expands on this in more detail.
Our next industry webinar will be diving into this topic to understand the challenges in more detail, what capabilities will be needed to manage this fast-moving environment and understand a little more about how organisations can get started with securing agents.
Our founder Simon Moffatt will be in conversation with Ido Shlomo from Token Security on August 14th to chat about this and more.