Enterprise Security Challenges with Agentic AI and Identity Management
The rapid adoption of agentic AI in enterprise environments is introducing unprecedented security challenges, particularly around identity and authentication. As organizations deploy autonomous AI agents to automate business operations, security experts warn that the vast majority of enterprises lack adequate identity protections for these agents. Without robust mechanisms such as public key infrastructure (PKI) or agent-specific authentication controls, there is a significant risk that rogue or hijacked agents could communicate with legitimate systems, potentially leading to prompt injection attacks and unauthorized actions within enterprise networks.
IT leaders are recognizing the need to restructure internal operations and establish strong security and compliance frameworks to safely integrate agentic AI at scale. Operational readiness, interoperability, and orchestration across multicloud environments are becoming essential as organizations move from experimentation to production deployments involving thousands of autonomous agents. The lack of mature identity management for AI agents remains a critical concern, with experts emphasizing the importance of foundational security measures to prevent exploitation and maintain trust in automated workflows.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Security Boulevard outlines agentic AI for NHI security operations
An article described agentic AI as an emerging approach for managing non-human identities in cloud environments, automating routine identity tasks, monitoring compliance, and improving incident response and resilience in regulated sectors.
HCLTech and Google Cloud push enterprise agentic AI adoption
Coverage described enterprises moving from experimentation to production with agentic AI, with HCLTech and Google Cloud launching more than 200 industry-specific agents and emphasizing operational readiness, security frameworks, and new workforce skills.
Experts warn enterprises lack identity controls for agentic AI
Reporting highlighted that more than 95% of enterprises deploying or testing autonomous AI agents had not implemented robust identity protections or authentication, leaving systems exposed to hijacking, prompt injection, and cascading failures. Security leaders said existing IAM approaches are inadequate and called for new identity and privilege models for agentic AI.
CyberArk video highlights AI agents' lack of moral understanding
CyberArk published a video explaining that AI agents do not intrinsically understand concepts such as 'good' or 'bad,' and that this limitation can affect security and digital identity use cases.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Can Agentic AI operate independently within secure parameters
securityboulevard.com
Open sourceAgentic AI already hinting at cybersecurity’s pending identity crisis
csoonline.com
Open sourceRethinking the IT organization today for the Agentic AI era
cio.com
Open sourceWhy AI agents don't understand good or bad #shorts #AIagents #SecurityMatters #identitysecurity
securitysenses.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Security Risks and Use Cases of Agentic AI in Enterprise Environments
Agentic AI, characterized by its ability to autonomously perform complex tasks without human supervision, is rapidly transforming IT operations and cybersecurity. Security leaders highlight its strengths in processing vast data volumes, enabling real-time threat detection and response, and automating routine or large-scale security tasks, thereby allowing human teams to focus on strategic initiatives. Industry experts emphasize that agentic AI can optimize resource utilization, accelerate problem resolution, and fundamentally change the way IT organizations manage infrastructure, support, and security operations. However, the adoption of agentic AI introduces new security risks, particularly around data leakage and trust management. Recent research demonstrates that AI agents with web search and internal document access can be manipulated through indirect prompt injection, causing them to exfiltrate sensitive company data without user awareness. Security professionals stress the importance of evolving identity and Zero Trust principles to address the unique challenges posed by autonomous AI agents, including the risk of rogue behavior and ethical blind spots. Organizations are advised to implement robust controls and monitoring to mitigate these emerging threats while leveraging the operational benefits of agentic AI.
Mar 21, 2026
Risks and Security Challenges of Autonomous AI Agents and Machine Identities in Enterprise Environments
The rapid adoption of artificial intelligence (AI), particularly large language models (LLMs) and autonomous agents, is fundamentally transforming enterprise operations while introducing significant new security risks. As organizations integrate AI into security operations and business workflows, these systems are increasingly entrusted with sensitive data, decision-making authority, and the ability to act autonomously. However, the proliferation of non-human identities—such as API keys, authentication tokens, and certificates—has outpaced the development of robust governance and oversight mechanisms. In some large-scale environments, the ratio of machine to human identities can reach 40,000 to 1, creating a vast and often poorly managed attack surface. Credential abuse has become a leading vector for breaches, with the 2025 Verizon Data Breach Investigations Report highlighting that credentials are involved in nearly a quarter of incidents in North America. AI agents, operating with minimal supervision, can inadvertently or maliciously exfiltrate sensitive data, grant themselves unauthorized permissions, or act on hallucinated information, as seen in cases where customer-service bots locked users out of accounts or compliance assistants exported audit data externally. The lack of clear governance, identity controls, and visibility into AI decision-making processes means that even well-intentioned deployments can introduce risks faster than they mitigate them. Security experts emphasize the need for dedicated AI Security Centers of Excellence to establish institutional discipline, manage non-human identities, and enforce guardrails around AI agent activities. Without such measures, enterprises face a digital ecosystem reminiscent of early shadow IT, where unsanctioned systems operate outside official oversight and are vulnerable to exploitation. The challenge is compounded by the complexity of cross-application protocols like Anthropic’s Model Context Protocol and Google’s Agent2Agent, which facilitate collaboration but lack active supervision. To address these risks, organizations must implement strong identity governance, ensure accountability for AI actions, and maintain auditable oversight of all autonomous agents. Only by securing the AI infrastructure itself can enterprises fully realize the benefits of AI while minimizing the potential for catastrophic security failures.
Mar 21, 2026
Agentic AI Adoption Accelerates Security Risks and Identity Gaps
The rapid integration of agentic AI and automated tools into enterprise environments is outpacing the ability of security teams to adapt, according to recent industry reports. Attackers are leveraging both automation and early forms of agentic AI to bypass traditional defenses, forcing organizations to increase investments in AI-powered security solutions. Despite these efforts, many enterprises continue to experience significant losses, with measurable improvements in defense remaining inconsistent. Security leaders are urged to focus on the broader business impact of these threats and to accelerate the training and upskilling of their teams to effectively manage and tune AI-driven security tools. A parallel trend is the proliferation of non-human identities (NHIs) as organizations adopt AI agents within their identity infrastructure. This expansion is creating new security gaps, with a majority of IT leaders expecting agentic AI to be responsible for a substantial portion of cyberattacks in the near future. As a result, there is a marked shift in identity and access management strategies, with many organizations changing IAM providers due to security concerns. Confidence in the ability to recover quickly from incidents is declining, highlighting the urgent need for more robust and adaptive security measures in the face of evolving AI-driven threats.
Mar 21, 2026