Managing AI agents and identity in a heightened risk environment

Geopolitical tensions are rising. Cyber threats are accelerating. And AI is rapidly expanding the enterprise attack surface.

For CIOs and CISOs, the reality is clear: cybersecurity is no longer a defensive function alone. It is now a core element of enterprise resilience. The question leaders should be asking is not simply whether their systems can prevent attacks, but whether their organizations are prepared to detect, contain and recover when something inevitably goes wrong.

Ransomware attacks, identity compromise and AI-enabled threats are becoming more sophisticated and more frequent. In this environment, the enterprises that succeed will be those that rethink how security operates from the ground up.

From prevention to resilience

For years, enterprise security strategies focused on prevention. The goal was simple: keep attackers outside the perimeter.

But that model no longer reflects today’s reality.

Modern security strategies increasingly assume that adversaries may already be inside the network, including sophisticated external threat actors that can circumvent even the best perimeter defenses, as well as insider threats. This shift – from perimeter defense to continuous detection and response – is changing how security teams approach everything from infrastructure monitoring to AI deployments.

AI agents, in particular, introduce new layers of complexity, becoming a new category of insider threat. While these systems can automate workflows and unlock significant productivity gains, they can also introduce new vulnerabilities if not carefully governed.

We’ve already seen examples of AI agents behaving unpredictably or making flawed decisions in real-world deployments. Even when systems function as designed, they can create new operational and regulatory risks if guardrails are not in place.  For example, AI agents have deleted entire codebases, approved buggy code, lied to customers and generated unexpectedly large cloud computing bills.

For enterprise leaders, the takeaway is straightforward: AI governance must be a core security discipline. Poorly managed deployments can lead to reputational damage, regulatory exposure, financial loss and operational disruption.

In addition to these internal AI risks, external AI-driven threats are increasing dramatically.  Realistic deepfakes, automated phishing campaigns and advanced ransomware have shown that traditional prevention strategies are no longer sufficient.

The good news is that new tools are emerging to help address these risks. AI-native detection and remediation combined with digital forensics and incident response platforms are enabling organizations to detect and respond to threats faster. These platforms analyze massive volumes of telemetry and behavioral data, helping security teams identify anomalies before they escalate into full-scale incidents.

Identity is the new perimeter

If there is one area where the attack surface has expanded dramatically, it is identity.

As organizations adopt cloud infrastructure, SaaS applications and distributed work environments, identity has become the primary gateway to enterprise systems. Attackers know this, and they increasingly target identity systems as the most efficient path into corporate networks.

That is why Zero Trust identity architectures are becoming essential. Zero Trust assumes that no user, device or system should be automatically trusted. Every request must be verified continuously and access granted based on context, behavior and risk signals.

One piece of this solution is Multi-Factor Authentication (MFA), which should be standard across the enterprise. In addition, modern security platforms increasingly analyze behavioral data to verify human users and identify abnormal activity.  Signals such as keystroke rhythm, geolocation data, time-of-day data and device motion can greatly improve identity accuracy.

Equally important is strong privileged access management (PAM). Elevated privileges should be granted only when necessary and revoked immediately after use, shrinking the vulnerability surface area to the minimum required at any time.  This is even more critical today as AI agents have identities and privileges that are unlikely to be required 24/7.

An emerging trend is correlating data across the various security and posture management silos, including identity (ISMP), cloud (CSPM), application (ASPM) and data (DSPM).  With this, organizations can build unified risk profiles that provide a clearer view of risk and incident progression.  This approach allows security teams to map the full pathway of a potential breach from compromised assets to affected applications, users and exposed data. If a vulnerability appears in an engineering environment, for example, security teams can quickly trace how that exposure could cascade through infrastructure, applications and user accounts.  If a user (or AI agent) is compromised, the relevant at-risk data, applications and cloud environments can be identified.

That level of visibility is becoming essential as enterprise environments grow more complex.

APIs: The backbone of AI — and a major risk

As organizations accelerate AI adoption, APIs are becoming a critical layer of enterprise infrastructure, including the use of Model Context Protocol (MCP) as an orchestration layer. AI systems rely heavily on MCP and various APIs to interact with applications, services and data sources. That means APIs are now one of the most important and most vulnerable components of the enterprise security stack.

A recent API Threatstats report showed that more than 35% of AI vulnerabilities involve APIs. When APIs are poorly secured, they can expose sensitive data, internal logic and authentication mechanisms.

For CIOs leading AI initiatives, this makes API and MCP security a foundational requirement. Organizations must ensure that APIs are continuously monitored, authenticated and protected against misuse.

In many cases, the success or failure of an AI deployment will hinge on how well its API infrastructure is secured.

Preparing for rogue AI agents

Last month, I touched on the rise of autonomous or semi-autonomous AI agents in this column. These systems can perform tasks ranging from software development to customer service to infrastructure management, but their capabilities also introduce new security questions:

How should organizations manage identity for AI agents?
How should their actions be monitored?
And how can enterprises prevent unauthorized or rogue agent activity?

Security strategies must now account for the possibility that AI agents are being manipulated, misconfigured or even intentionally designed to behave maliciously. The rapid adoption of new AI tools is amplifying these concerns. Examples abound in recent months. There are numerous instances in which AI agents, despite their sophisticated algorithms, made poor decisions, exposing significant liabilities for their deployers. 

Platforms such as OpenClaw, one of the fastest-growing AI tools introduced this year, have also spread so quickly that some organizations are restricting their use until stronger safeguards are implemented.

At the same time, smaller companies are gaining access to powerful AI capabilities that were previously available only to large enterprises. That democratization of AI will drive innovation and also increase the potential attack surface across the digital ecosystem.

The CIO imperative

AI adoption is accelerating across every industry. Enterprises are integrating AI agents into development pipelines, business operations and customer engagement systems. But with this opportunity comes responsibility.

For CIOs, the priority is not simply deploying AI technologies; it is deploying them securely.

This means strengthening identity governance, securing APIs, monitoring AI behavior and investing in platforms that provide real-time visibility into enterprise risk. Organizations that navigate this shift successfully will be those that treat cyber resilience as a strategic capability rather than a compliance exercise.

In an era of intelligent systems and autonomous agents, security must go beyond protecting the perimeter; it’s about managing trust across every identity, every API and every system operating inside the enterprise.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?