From Excitement to Exposure: Why AI Agents Need a New Security Model
AI agent security is the set of controls, architectures, and governance practices that restrict what autonomous AI agents can access and do, enforce accountability for every action, and provide ways to monitor, contain, and shut down agents that misbehave or exceed their intended scope. Enterprises are discovering that their AI agents often have more power than anyone has formally approved, due to a lack of orchestration and visibility into agent behavior. NVIDIA’s Adel El Hallak warns about a “lethal trifecta” of unfettered internet access, internal knowledge bases, and coding terminals combined in one agent, while ServiceNow’s leaders describe these agents as “mini engineers” executing at machine speed. Okta’s research shows 92 percent of executives report moderate or widespread use of autonomous AI agents, but only 22 percent say those agents have identities, highlighting a gap between adoption and control.
Deny-by-Default and Zero Trust Architecture for AI Agents
To contain this new attack surface, enterprises are shifting to zero trust architecture for agentic systems, applying deny by default policy at every layer. ServiceNow and NVIDIA’s Open Shell puts a secure runtime between agents and infrastructure, where the default answer to any new permission request is no, and teams must explicitly grant each allowed action. This mirrors zero trust principles used for human users: assume no trust, verify every request, limit privileges, and log every step. AI agents are treated as first-class identities with their own entitlements, tokens, and audit trails. Without this, combining internet, internal data, and code execution turns into an unmanageable risk. The goal is not to halt innovation, but to narrow each agent’s blast radius so that even highly capable agents act within strict, auditable boundaries.
Unified AI Gateways: From Fragmented Controls to Central Governance
The next frontier is the AI governance platform: a unified layer that sees and governs every AI interaction across tools, clouds, and business units. Palo Alto Networks’ Prisma AIRS AI Gateway, built around its acquisition of Portkey, is pitched as a single control plane to identify, authenticate, and authorize every agentic request in real time. Without such a gateway, each team wires agents directly into APIs and MCP servers, creating local solutions and global chaos. Cisco echoes this problem: only 5 percent of enterprise agentic AI projects have reached production, in part because the “operational layer” for oversight has been missing. DefenseClaw aims to fill that gap for frameworks like OpenClaw and NemoClaw, giving security teams a central place to apply policies, observe behavior, and enforce zero trust for agents that execute on live workflows.
Kill Switches, Identity Controls, and SOC Backstops
Centralized AI gateways are now paired with hard kill-switch capabilities and identity-aware controls. Okta is building AI agent security around its strength in identity, severing access tokens and authorization paths when agents go rogue or ignore policy. ServiceNow combines Okta at the identity layer with Veza for permissions graph visibility, so security teams can see which agents can reach which resources and cut them off instantly. Managed AI services add another layer: firms like Cybanetix offer 24/7 SOC monitoring, observability, and behavior analytics through partners such as NOMA, SentinelOne, Microsoft, and Exabeam. Their service promises response to AI-related alerts in under 15 minutes, spanning user misuse, model governance, and embedded agents. Together, identity-bound agents, deny-by-default policies, and real-time kill switches give enterprises a practical way to run autonomous AI in production without surrendering control.
