Generative AI is quickly moving beyond the capabilities of consumer-focused tools like ChatGPT into the new realm of agentic AI for enterprise use. LLMs can only go so far, and many industry leaders predict that agentic AI is the future of AI advancement for companies looking to become more efficient and transform work processes. In fact, agentic AI took number one on Gartner’s list of the top 10 technology trends for 2025.
We’re already seeing the burgeoning use of autonomous AI agents, which can be deployed to conduct tasks independently, such as executing sales communications or marketing campaigns. These agents are designed to process information in a new way to make dynamic decisions and even interact with other agents and capabilities. For CIOs, this technology offers enormous potential to reap the benefits of generative AI to increase productivity; agentic AI can essentially perform as a highly competent teammate working almost like a human employee. Like a sports or real estate agent, they make decisions and act on your behalf.
These AI agents have access to a lot of sensitive corporate information and work like human employees, which means they can be unpredictable. Given these tools’ widespread access to all manner of sometimes sensitive information, action must be taken quickly to avoid creating a security disaster.
Key security concerns of agentic AI
Any new technology can introduce new vulnerabilities, and that’s certainly the case with agentic AI. For example, if an agentic AI system gets compromised, it could make decisions that range from irksome to catastrophic and cause a domino effect of negative impacts.
Allowing an AI agent to roam the web at will, for instance, can have negative results. The AI agent doesn’t understand that it can’t trust everything it “sees” online. It’s built to follow instructions, and that’s what it will do. With access to the internet, the agent is perpetually one search away from coming across a site with hidden malicious instructions that lead to its takeover by a bad actor.
Bad actors are using the internet, too, of course. If a cybercriminal manages to compromise your AI agent, they can tell it to search a malicious website they’ve created. Without a human in the loop, the agent will do as told. What typically happens next is encoding data to be exfiltrated into a parameter. Giving an agent free internet rein enables bad actors to take sensitive data out of a private thread – no approvals necessary.
Making agentic AI more secure
Most companies are looking to effect positive business changes via AI agents. Security teams will need to understand the different stages of how agents work to make sure the use of agents is safe and effective as they become more routinely integrated into business processes:
- A prompt or trigger comes from a user, like “Summarize my emails” or an automatic prompt—for instance, you build an agent that summarizes all your emails from a given day.
- The agent performs various retrieval-augmented generation (RAG) steps: calling data, calling other agents, activating applications and so on.
- The agent then “returns” an action, whether it’s an answer to a prompt or something else (such as updating data, creating a chart, answering customer inquiries and so on.
However, organizations need to go beyond just looking at prompts and responses by also incorporating insights into what the agent does behind the scenes. They need to understand how, when and why agents are making decisions to do what they do. By diving deep into the agents’ actions, they can uncover issues related to data privacy/protection, interpretation of prompts and governance/compliance.
Data privacy and protection – One main issue is handling sensitive data. Another is ensuring that business users have control over which data is processed, who has access to it and how the policies are enforced. It’s typical for AI agents to process vast quantities of information – and some of it is bound to be sensitive or confidential. Security teams must deploy strong measures to protect data; this includes regular audits, access controls and encryption. This combination will help to block data breaches and unauthorized access to data.
Proper interpretation of prompts – The way that AI agents interpret prompts and triggers is also a key factor in security. If an agent misinterprets a prompt, it could respond or act in unintended ways – which could cause security vulnerabilities or disrupt operations. Security teams must scrupulously test AI agents in various scenarios to ensure they are responding properly and consistently. Also, using guardrails like human-in-the-loop mechanisms can help reduce risk by enabling human oversight and intervention as needed.
Governance and compliance – Organizations must ensure compliance with industry standards and regulations. Legal and compliance departments must collaborate with security teams to institute governance frameworks focusing on the ethical and legal consequences of working with AI agents.
Securing the agentic AI frontier
AI agents are transforming the business world, providing huge benefits with respect to innovation, competitive advantage and efficiency. There are several ways to build AI agents on your own (i.e. tools like Salesforce Agentforce, AWS Bedrock, and Microsoft Copilot Studio), which introduces not only a large volume of these agents but also means that less technical users are building agents. And that means greater security risk – potentially of a severe nature. Use the guidance discussed above to ensure security is in place to enable business while keeping your business safe.
About the Author
Ben Kliger is the CEO and Co-Founder of Zenity, with vast experience in the Cybersecurity industry spanning over 16+ years. His expertise ranges from hands-on cyber security, team building and leadership through business strategy and management. Ben can be reached on LinkedIn or at https://www.zenity.io.
