From Experimental Agents to Deny-by-Default Security
AI agent security is the practice of controlling what autonomous AI agents can access and execute, using principles such as zero trust architecture, deny by default permissions, and centralized oversight to prevent uncontrolled or harmful behavior in enterprise systems. As enterprises move agents from pilots into production, this control problem has become urgent. Many early deployments gave agents wide access to internal data, coding tools, and the open internet, then added restrictions later. ServiceNow and NVIDIA describe this as a “lethal trifecta” of internet access, internal knowledge bases, and coding terminals combined in a single autonomous agent. Their response is deny by default: when an AI agent runs inside the Open Shell secure runtime, every action starts with a no. Capabilities are granted one by one, tightly scoped, and logged, applying zero trust disciplines to AI the same way they were applied to human users.
Kill Switches: Okta’s License to Stop Rogue Agents
As enterprises deploy more autonomous workflows, kill-switch capabilities are becoming central to AI agent security. Okta says 92 percent of executives report moderate or widespread use of autonomous AI agents, but only 22 percent have identities tied to those agents, creating what its leadership calls a “measurable, quantifiable exposure.” ServiceNow has asked Okta to provide a way to terminate misbehaving agents by cutting their access at the authorization layer. Okta’s role is to sever tokens and logical connections to back-end systems, while ServiceNow’s Veza acquisition adds a permissions graph view. Together, they form a practical AI control plane that can enforce deny by default policies and shut down agents that ignore policy. This approach treats agents as first-class identities that can be authenticated, monitored, and disabled in real time rather than invisible background processes.
Palo Alto Networks and the Rise of Unified AI Control Planes
Vendors are racing to build central AI control planes that bring order to a growing sprawl of autonomous agents. Palo Alto Networks’ acquisition of Portkey folds an AI Gateway into its Prisma AIRS 3.0 platform, promising a single vantage point to secure and govern AI agents at scale. According to Palo Alto Networks, 81% of enterprises are piloting or have fully implemented AI agent solutions, and these agents already access sensitive data and make business-critical decisions through APIs and MCP servers. The Prisma AIRS AI Gateway is pitched as a unified AI control plane: a place where every agent interaction is identified, authenticated, and authorized in real time. By enforcing deny by default policies centrally, security teams can replace fragmented, team-by-team controls with consistent enterprise AI governance that aligns with zero trust architecture principles.
Centralized Governance for Zero-Trust AI Agents
The shift to deny by default and zero trust architecture is pushing enterprises toward centralized AI governance frameworks. Without a shared AI control plane, teams can spin up agents that quietly widen the attack surface, with no single view of who can do what. Open Shell, Okta’s kill switch capabilities, and Prisma AIRS’ AI Gateway all point in the same direction: AI agents should be onboarded through standard identity and policy pipelines, with fine-grained permissions and clear audit trails. Enterprise AI governance now needs to cover model choice, tool access, data boundaries, and agent autonomy levels. This means reviewing every combination of internet access, internal knowledge, and code execution, and granting only the minimum needed for a defined task. The goal is not to slow innovation, but to ensure autonomous agents remain accountable, stoppable, and aligned with organizational risk tolerance.
