AI agents, also known as agentic AI, are poised to transform the way we work. Whether it’s planning complex trips, coordinating supply chains, or simply scheduling meetings, these intelligent tools can act autonomously on behalf of users to complete tasks efficiently. But while their promise is enormous, so too are the security risks they introduce.
The rise of agentic AI
Unlike traditional automation tools, AI agents are adaptive. They can interact with multiple systems and evolve their responses based on outcomes. According to Deloitte, half of all companies using generative AI will adopt AI agents by 2027. This could be the productivity breakthrough businesses have long anticipated.
However, this progress comes with a catch: AI agents often require access to highly sensitive systems and data. Much like a trusted assistant or IT manager, an AI agent may interact with email accounts, financial systems, SaaS platforms, or proprietary business tools. If compromised, these agents could offer cybercriminals unprecedented access.
Security concerns with AI agents
Gerhard Swart, CTO of cybersecurity firm Performanta, warns that the risks associated with AI agents are similar to those posed by privileged human users. “For agentic AI to work, it needs access to secure systems—often several different systems. That kind of access is very dangerous if it falls under the influence of malicious employees or cybercriminals,” he explains.
Even tech giants such as Salesforce have recognised this vulnerability, launching bug bounty programs to address potential flaws in their agentic AI systems like Agentforce.
Securing AI agents: what’s required
To ensure safety and accountability, businesses need to treat AI agents like human users in terms of identity and access management. Key security measures include:
-
Robust authentication and identity verification
-
Clear policy frameworks to govern usage and prevent shadow AI deployment
-
Human-in-the-loop oversight for critical actions
-
Restricted access to sensitive data, backed by encryption
-
Real-time monitoring and automated threat detection
Top Managed Security Service Providers (MSSPs) such as Performanta are already investing in machine-speed remediation and AI-based monitoring to protect against rapidly evolving threats.
“Active monitoring and remediation are crucial and need to be as fast as machines can act,” says Swart. “MSSPs help businesses unlock the full potential of AI agents—without sacrificing security.