Credit: The original article is published here.
Agents – software systems capable of decision making or performing tasks autonomously – are no longer experimental. Today, these agents are operational, distributed and actively making decisions across the enterprise. From writing code to scheduling tasks, agents are starting to permeate every facet of business. The reason is clear: agents promise significant productivity gains.
Some will be deeply embedded, making them difficult to detect or monitor. Others will operate autonomously, continuously learning and adapting in real time. Many may have broad access privileges in the name of efficiency. This introduces significant potential for both positive impact and risk.
And as adoption grows, many organizations will face a new challenge: securing agents at scale. Businesses will need to ensure that innovation doesn’t outpace security and governance. The stakes are too high; one single misalignment, vulnerability or unintended behavior can lead to a runaway effect of unethical or harmful actions.
We’ve already seen real-world examples of AI failures – sometimes exposing sensitive data or making critical errors. One AI assistant notoriously advised users to eat rocks, and in another case a customer service chatbot deployed by a logistics company began issuing aggressive responses. Both examples show the risk of poor training data – AI agents don’t just learn facts, they learn behaviors, and bad input leads to bad output.
Cloud Déjà vu, Now with Agents
Without consistent oversight, agents can act outside their intended use and damage brand reputation. That’s why it’s important that security is baked in at the start. Like salt and pepper, you can always sprinkle more on later, but if you forget to add it while cooking, the flavor – and in this case the protection – just won’t be the same. Security must be integrated from the outset, waiting until after deployment to retrofit security is a recipe for vulnerabilities.
Just consider what happened during the mass migration to cloud computing technologies. Adoption led to serious security missteps, data silos and visibility gaps. Gaps that have been and continue to be exploited by attackers today.
Now with agents it’s like a bad case of déjà vu. Once again, innovation is outpacing security. In many cases, these autonomous tools are being integrated into critical systems with limited oversight and lacking proper security and controls.
If we don’t apply the hard lessons learned from the cloud era we risk repeating the same mistakes, but this time with far more unpredictable systems. That’s why security must be at the core of agents.
Securing Every Agent Touchpoint
But securing agents requires an expanded approach, one that accounts for autonomous behaviors, including those ongoing interactions with data, systems and users. Agents need a strong trust layer, where every interaction, from API calls to sensitive data handling, must be mapped, protected and governed in real time.
A core part of this trust layer is securing the data agents interact with—inputs, outputs and everything in between. Data is the fuel of agents, and without foundational security that fuel becomes a major risk. Enterprises must focus on the fundamentals like data discovery and classification, encryption and key management.
Access and Identity Management strategies must also evolve as agents take on more advanced roles in the enterprise. Like humans, every agent will require its own unique credentials, roles and permissions to ensure that every interaction is authorized and verified.
Agent credentials should be stored in a secure, automated credential vault, with policies enforcing regular rotation, access logging, and immediate revocation if misuse is detected. Organizations must be able to distinguish between agents using managed or unmanaged credentials.
And once agent credentials are brought under management, it’s crucial to protect and enforce proper lifecycle management and governance. By provisioning, rotating, auditing, protecting and decommissioning credentials organizations can reduce the risk of credential misuse and theft.
Without strong identity oversight, businesses risk losing visibility of both human and agent identities and control over autonomous actions.
Decentralized Agents Need Centralized Security
However, at scale, managing agents and especially autonomous ones, will require additional control to monitor behavior, interactions and deviations from policy. Consider a type of agent “security manager” that brings agents and humans on the loop to build trust in how agents operate.
This should be more than a dashboard, rather intelligence capable of understanding what agents are doing, why they’re doing it and whether their behavior aligns with policies and risk thresholds on a constant basis. It flags anomalies, enforces constraints and enables human review, when needed.
That last part is particularly important. Human oversight remains essential, especially when scaling agents. This control layer becomes the security conscience of your agent fleet: always watching, interpreting and enabling distributed and trusted autonomy.
As agents continue to proliferate, the ability to deploy them responsibly will define who can scale securely and who introduces unnecessary risk. To secure agent ecosystems, organizations should integrate security from the start of deployment, continuously monitor behavior and access, maintain strong human oversight, and regularly audit and update security policies.
Enterprises that get this right will unlock significant productivity and resilience; not by slowing down agents, but by giving them the security and governance they need to operate safely and responsibly.
We list the best IT Automation software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
