Governance and Identity Gaps for Autonomous (Agentic) AI in Enterprises
Enterprises are rapidly deploying autonomous/agentic AI agents that act on behalf of users across production and test environments, but governance and identity controls are lagging behind the pace of adoption. Reporting tied to the Cloud Security Alliance’s Securing Autonomous AI Agents highlights that many organizations still manage agent access with static credentials, fragmented controls, and limited visibility, creating weak traceability and unclear accountability for agent actions. The research also indicates low confidence that existing IAM architectures—largely designed for humans—can adequately govern agent identities, and that ownership is often split across Security, IT, DevOps, IAM, GRC, and emerging AI security teams, increasing the likelihood of policy gaps and audit/compliance uncertainty.
Industry commentary echoes the same risk: widely referenced AI governance frameworks and regulations (e.g., NIST AI RMF, EU AI Act, ISO 42001) are described as insufficiently explicit about agentic AI, despite autonomy being where operational and security risks materialize. The discussion cites broader indicators of an “AI oversight gap,” including claims from the 2025 IBM Cost of a Data Breach report that many organizations have experienced AI-related security incidents while lacking effective AI access controls and governance policies—suggesting that agentic AI adoption is outpacing the practical mechanisms needed for authorization, monitoring, and accountability.
How this story unfolded
27 events from the most recent confirmed update back to the earliest known activity.
Analysis spotlights Anthropic Zero Trust model and 'least agency' for AI agents
On 2026-06-01, Resilient Cyber analyzed Anthropic’s Zero Trust framework for AI agents, arguing that autonomous, non-deterministic agents break assumptions behind traditional Zero Trust models. The piece introduced 'least agency' as an extension of least privilege and emphasized hard technical boundaries such as scoped credentials, sandboxing, infrastructure-enforced tool controls, and rate limits over prompt-based safeguards.
SC Media outlines identity governance framework for AI agents
On 2026-05-29, SC Media published analysis recommending that organizations govern AI agents as a distinct identity category using agent classification, lifecycle controls, oversight mechanisms, and audit requirements. The article also proposed a phased rollout starting with high-risk agent inventory and extending to provisioning, deprovisioning, certification, and shared accountability for agent access decisions.
Red Canary details Entra Agent ID abuse investigation for autonomous agents
On 2026-05-27, Red Canary published guidance for investigating suspicious Microsoft Entra Agent ID autonomous-agent workflows, describing agent identities as a distinct identity class requiring dedicated detection and response. The article detailed a scenario in which an autonomous agent added a client secret to a production agent identity blueprint, warning that blueprint credentials and roles such as AgentIdentityBlueprint.AddRemoveCreds.All could enable privilege escalation and persistence if misused.
Gartner proposes proportional governance model for autonomous AI agents
By 2026-05-27, Gartner warned that governance failures would cause about 40% of organizations to demote or decommission autonomous AI agents within the next year. It recommended classifying agents by autonomy level and trust boundary, with progressively stronger controls ranging from observation to fully autonomous operation.
Paper applies operating system security model to AI agents
On 2026-05-14, an arXiv paper titled "Toward Securing AI Agents Like Operating Systems" argued that LLM-based autonomous agents share core security problems with operating systems, including isolation, privilege separation, and communication mediation. The authors surveyed open-source agents, analyzed attack vectors, tested four OpenClaw-like agents, and concluded that many agent vulnerabilities can be mitigated with established operating system security techniques and careful configuration.
AARM emerges as runtime security standard for AI agents
By 2026-05-13, reporting described the Autonomous Action Runtime Management (AARM) specification as a prescriptive, model-agnostic standard for enforcing and auditing AI agent actions at runtime. The article also noted that Vanta donated AARM to the CSAI Foundation under the Cloud Security Alliance, framing it as a growing industry standardization effort for agent runtime security.
Researchers propose Byzantine-resilient governance architectures for agentic AI
A May 2026 arXiv paper analyzed how a compromised or malicious central governance provider in distributed agentic AI systems could break attributability, expose private data, and bypass access controls. The authors proposed four mitigation architectures—SAGA-BFT, SAGA-MON, SAGA-AUD, and SAGA-HYB—to improve resilience, monitoring, and auditing under Byzantine adversaries.
Five Eyes agencies issue joint guidance on secure AI agent deployment
On 2026-05-01, cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom jointly released guidance urging organizations to treat agentic AI as a core cybersecurity issue. The document identified risks including excessive privilege, prompt injection, unintended behavior, interconnected-agent failures, and weak accountability, and recommended strong identity controls, short-lived credentials, encrypted communications, and human approval for high-impact actions.
CISA publishes guidance on careful adoption of agentic AI services
On 2026-05-01, CISA published guidance titled 'Careful Adoption of Agentic AI Services,' adding a new U.S. government cybersecurity advisory resource focused on risks and security considerations for organizations adopting agentic AI services. The publication marked a separate federal guidance development beyond earlier NIST standards and industry frameworks.
IST white paper warns AI agents are reshaping internet governance assumptions
On 2026-04-30, the Institute for Security and Technology published a white paper arguing that autonomous AI agents are transforming the internet toward machine-to-machine interaction and undermining existing assumptions about identity, attribution, responsibility, and security. The paper called for stronger tracing of agent identities and actions, trust-focused evaluation methods, and dynamic revocable authorization models for delegated agent activity.
Rubrik ZeroLabs survey finds most IT managers lack control over AI agents
A Rubrik ZeroLabs survey reported that only 23% of IT managers said they had complete control over AI agents in their organizations, while 86% expected agent growth to outpace security guardrails within a year. The findings highlighted unsanctioned deployments, weak visibility, and rising manual audit burdens as enterprises struggled to govern proliferating agents.
AWS launches Bedrock Agent Registry to manage AI agent sprawl
AWS introduced a Bedrock Agent Registry service intended to help enterprises discover, orchestrate, govern, standardize, and manage the lifecycle of proliferating AI agents. Reporting framed the launch as a response to emerging 'agent sprawl' risks, while noting the registry operates within AWS even if it can track agents interacting with external systems.
Microsoft releases open source Agent Governance Toolkit
Microsoft released the open source Agent Governance Toolkit to add runtime policy enforcement, identity, compliance, and supply chain security controls to autonomous AI agents. The toolkit was presented as a practical governance step for agent deployments, though reporting noted unresolved gaps such as limited independent validation and incomplete credential scoping and revocation for agents.
arXiv paper outlines security considerations for multi-agent systems
On 2026-03-09, an arXiv paper titled "Security Considerations for Multi-agent Systems" was published, adding a discrete research milestone focused on security issues in multi-agent AI environments. The paper represents a separate technical development from broader governance guidance, IAM frameworks, and later resilience-focused architectures already in the timeline.
Oxford and Cisco propose agentic AI BOM schema extensions
In March 2026, researchers from Oxford and Cisco proposed extending CycloneDX and SPDX to better support agentic AI by capturing runtime evidence such as agent identity, delegated permissions, execution context, and behavioral boundaries. The proposal was presented as an early effort to adapt AI bills of materials to risks posed by autonomous and multi-agent systems.
CoSAI publishes Agentic IAM guidance for autonomous AI agents
In March 2026, CoSAI published Agentic IAM guidance describing how identity, delegation, authentication, and governance should work for autonomous AI agents. The publication was cited as an early framework responding to the mismatch between traditional IAM models and non-deterministic agents that chain tools and sub-agents.
NIST launches AI Agent Standards Initiative
On 2026-02-17, NIST followed its earlier RFI with an AI Agent Standards Initiative focused on advancing security and governance work for autonomous AI agents. Reporting described it as a formal step toward agent-specific standards, though substantive guidance was still expected later in 2026 or beyond.
PBSAI reference architecture proposed for securing enterprise AI estates
On 2026-02-11, an arXiv paper introduced the PBSAI Governance Ecosystem, a multi-agent AI reference architecture aimed at securing enterprise AI environments. The work added technical detail on governance architecture for enterprise and multi-agent deployments beyond broader warnings that existing frameworks lagged agentic AI adoption.
Analysts warn existing AI governance frameworks lag agentic AI adoption
On February 9, 2026, analysis argued that leading governance frameworks such as the NIST AI RMF, EU AI Act, and ISO/IEC 42001 did not adequately address autonomous agents. The commentary said organizations should implement their own controls for autonomy, tool use, permission boundaries, agent interactions, and runtime monitoring rather than rely on legacy guidance.
CSA report identifies major gaps in autonomous AI agent security
By February 2026, the Cloud Security Alliance reported that organizations were still managing autonomous AI agents with human-centric IAM models, static credentials, fragmented visibility, and unclear ownership. The report warned these practices created material security, compliance, and auditability risks as agent use spread across production, pilot, and test environments.
NIST NCCoE proposes AI agent identity and authorization project
On 2026-02-05, NIST's National Cybersecurity Center of Excellence released a concept paper for a proposed project on software and AI agent identity and authorization. The initiative sought public feedback on use cases, standards, controls, auditing, non-repudiation, and prompt injection mitigations for agentic AI systems.
AgentGuardian paper proposes learned access control for AI agents
On 2026-01-15, an arXiv paper titled 'AgentGuardian: Learning Access Control Policies to Govern AI Agent Behavior' was published, describing a technical approach for governing AI agents through learned access control policies. The work adds a distinct research development on agent behavior control beyond broader standards, governance frameworks, and reference architectures already in the timeline.
CSA Singapore releases addendum on securing agentic AI systems
Singapore's Cyber Security Agency released an addendum to support system owners in securing agentic AI systems. The publication adds a separate national-government guidance milestone on agentic AI security alongside U.S.- and industry-led frameworks already in the timeline.
NIST CAISI issues RFI on secure agentic AI development
In January 2026, NIST's Center for AI Standards and Innovation issued a request for information on the secure development and deployment of agentic AI. The move was described as an early sign that formal standards bodies were beginning to address agent-specific security and governance issues.
OWASP publishes Agentic AI Top 10 guidance
In late 2025, OWASP released its Agentic AI Top 10, providing one of the first prominent security guidance efforts focused specifically on risks from autonomous or agentic AI systems. Commentary noted that this guidance had not yet been incorporated into major standards or regulations.
OWASP highlights tool misuse in Agentic AI Top 10 preview
On 2025-09-29, InfoQ reported that OWASP identified tool misuse as a critical security threat for agentic AI systems, reflecting early public disclosure of risks later formalized in OWASP's Agentic AI Top 10 guidance. The coverage emphasized emerging concerns around autonomous agents abusing connected tools and permissions.
IBM reports widespread AI security and governance gaps
IBM's 2025 Cost of a Data Breach report highlighted AI-related security incidents, weak AI access controls, and missing AI governance policies. Later analysis cited these findings as evidence that enterprise AI security controls were already lagging before agentic AI adoption accelerated.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
50 references tracked. Mallory keeps watching after this page renders.
Zero Trust Was Built for a Different Kind of Trust Problem
resilientcyber.io
Open sourceHow to Build an AI Governance Framework for Identity | analysis | SC Media
scworld.com
Open sourceAI Agents Are the New Insiders - GovInfoSecurity
govinfosecurity.com
Open sourceAn open-source toolkit for controlling out-of-control AI agents | InfoWorld
infoworld.com
Open sourceOWASP GenAI Security Project Releases Top 10 Risks and Mitigations for Agentic AI Security - OWASP Gen AI Security Project
genai.owasp.org
Open sourceOWASP Flags Tool Misuse as Critical Threat for Agentic AI - InfoQ
infoq.com
Open sourceNist Nccoe
nccoe.nist.gov
Open sourceUnclassified
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI Governance and Security Challenges in Enterprise Environments
Enterprises are facing a critical inflection point as artificial intelligence becomes deeply embedded across organizational layers, fundamentally altering cyber risk and security postures. Research from industry leaders and the Cloud Security Alliance highlights that mature governance frameworks are now the primary differentiator for organizations confident in their ability to secure AI systems. As AI agents and machine identities proliferate, traditional identity and access management models are proving inadequate, with identity emerging as the new control plane for managing AI risk. The rapid adoption of AI, often without sufficient oversight, is creating new blind spots, expanding attack surfaces, and introducing risks such as shadow AI, where unsanctioned tools and agents operate outside established security controls. Security teams are increasingly involved in AI adoption, leveraging AI for detection, investigation, and response, but the lack of comprehensive governance and workforce training remains a significant barrier. The convergence of AI with other technologies, such as blockchain and cryptocurrency, is also driving the emergence of autonomous financial systems and agentic payments, further complicating the security landscape. Success in this new paradigm requires balancing innovation with robust accountability, ensuring that AI-driven systems are auditable and governed rather than left to unconstrained automation. As organizations move from experimentation to operational deployment of AI, the need for continuous, data-aware identity security and formal governance policies is paramount to mitigate risks, ensure compliance, and maintain confidence in AI-enabled operations.
Mar 21, 2026
Risks and Security Challenges of Autonomous AI Agents and Machine Identities in Enterprise Environments
The rapid adoption of artificial intelligence (AI), particularly large language models (LLMs) and autonomous agents, is fundamentally transforming enterprise operations while introducing significant new security risks. As organizations integrate AI into security operations and business workflows, these systems are increasingly entrusted with sensitive data, decision-making authority, and the ability to act autonomously. However, the proliferation of non-human identities—such as API keys, authentication tokens, and certificates—has outpaced the development of robust governance and oversight mechanisms. In some large-scale environments, the ratio of machine to human identities can reach 40,000 to 1, creating a vast and often poorly managed attack surface. Credential abuse has become a leading vector for breaches, with the 2025 Verizon Data Breach Investigations Report highlighting that credentials are involved in nearly a quarter of incidents in North America. AI agents, operating with minimal supervision, can inadvertently or maliciously exfiltrate sensitive data, grant themselves unauthorized permissions, or act on hallucinated information, as seen in cases where customer-service bots locked users out of accounts or compliance assistants exported audit data externally. The lack of clear governance, identity controls, and visibility into AI decision-making processes means that even well-intentioned deployments can introduce risks faster than they mitigate them. Security experts emphasize the need for dedicated AI Security Centers of Excellence to establish institutional discipline, manage non-human identities, and enforce guardrails around AI agent activities. Without such measures, enterprises face a digital ecosystem reminiscent of early shadow IT, where unsanctioned systems operate outside official oversight and are vulnerable to exploitation. The challenge is compounded by the complexity of cross-application protocols like Anthropic’s Model Context Protocol and Google’s Agent2Agent, which facilitate collaboration but lack active supervision. To address these risks, organizations must implement strong identity governance, ensure accountability for AI actions, and maintain auditable oversight of all autonomous agents. Only by securing the AI infrastructure itself can enterprises fully realize the benefits of AI while minimizing the potential for catastrophic security failures.
Mar 21, 2026
Security and governance risks from autonomous AI agents
Enterprises and financial institutions are warning that **agentic AI**—autonomous agents that can initiate actions without continuous human input—creates new operational and security failure modes that existing governance and control frameworks are not designed to handle. Commentary aimed at CIOs highlights the risk of “AI agent havoc,” where always-on agents can trigger cascading business impact (e.g., unintended actions, compliance failures, and accountability gaps) that could translate into executive-level consequences if controls, monitoring, and escalation paths are not redesigned for autonomous behavior. In banking, fraud and identity experts describe a **“dual authentication crisis”** driven by AI agents that can autonomously initiate transactions, approve payments, or freeze accounts in real time. The core issue is that traditional point-in-time authentication (passwords/MFA) assumes a human actor; banks now need to validate both **intent** (did the customer authorize the agent to take a specific action) and **integrity** (is the agent operating as designed and not manipulated), shifting security from “verify identity” to “verify delegated authority and agent behavior.”
Mar 21, 2026