1. Forum
  2. tqwNet
  3. TQW GENTECH

  • A live operational risk: Why AI agents are outrunning your securi

    From TechnologyDaily@1337:1/100 to All on Thursday, June 04, 2026 11:00:26
    A live operational risk: Why AI agents are outrunning your security

    Date:
    Thu, 04 Jun 2026 09:44:33 +0000

    Description:
    Most organizations check the governance box, then deploy agents with no real controls.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The excitement was real, and enterprises moved fast on AI agents. Governance did not.

    Deloittes recent report found that only 21% of organizations have mature governance for autonomous AI agents, while 73% say they are concerned about
    AI security and data privacy risks. Most people frame this as a resourcing lag. Its something far more uncomfortable than that. It is a self-assessment problem. Steve Wilson Social Links Navigation

    Chief AI and Product Officer at Exabeam. Organizations that were running
    agent pilots in 2024 are now pushing those systems into live security operations, customer workflows and internal decision pipelines. Today, 23% of companies are using agentic AI at least moderately. Latest Videos From Watch full video here:

    Within two years, nearly three in four companies expect to reach that level. But governance did not make the same jump. That gap is a live operational risk, not a planning exercise for next quarter. Policy wrote the check. Enforcement never cashed it. AI governance programs tend to stall at the same point: the handoff from policy to enforcement. Organizations write
    principles, publish guidelines and establish review boards. You may like AI agents are the new unmanaged endpoints How AI agents are wrecking havoc in legacy security setups and enterprises are catching up If everyone is rushing to board the AI ship why are so few workflows secure?

    What they rarely build is the technical infrastructure to make any of that enforceable at runtime, where agents are actually making decisions and taking actions.

    The underlying mismatch is architectural. Traditional governance was designed around human decision-makers and deterministic software with predictable, auditable behavior. Agentic AI operates differently. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    These systems interpret instructions, infer intent and act across systems in sequences that no policy document anticipated. Governance built for the old model does not port cleanly.

    The category itself has shifted, and most governance frameworks havent caught up. AI agent has become a catch-all term, but many of the systems entering production today operate less like reactive chat tools and more like persistent digital workers.

    They run continuously, operate under their own accounts, have defined access to enterprise tools and pursue ongoing objectives. Governance designed for session-based tools begins to strain when systems become continuous operational actors inside the enterprise. What to read next Why self-running agents are creating the biggest security crisis of 2026 AI agents can only be trusted as Junior Engineers Enterprise AI governance cannot live in a prompt. So where is the safety net? The checklist trap Since 2023, the AI governance industry has produced a steady stream of frameworks, standards and guidance documents . Organizations adopted them quickly, in many cases faster than
    they have adopted the technical controls the frameworks describe.

    This is the checklist trap. The framework exists. The box is checked. The
    risk register shows mitigated. And the agent is still running with broad permissions and no behavioral monitoring.

    Governance theater is not a neutral outcome. It is actively dangerous because it creates false confidence in controls that have never been technically enforced.

    Consider a digital worker deployed to handle customer support tickets. It can issue refunds, access customer records and update billing systems. On paper, its permissions are scoped. In practice, it operates continuously across multiple systems, making decisions at machine speed.

    Without enforced boundaries and active monitoring , it becomes a cross-system actor whose effective reach is broader than anyone intended. That drift may not be visible until something goes wrong.

    Publishing a policy that mirrors an industry standard and deploying agents that actually operate within enforced boundaries are two entirely different things. The industry has conflated them. Governance is infrastructure, not documentation Mature governance is not a static artifact. It is a live
    system. Enforced controls mean permissions that cannot be exceeded at
    runtime, not permissions documented as scoped. Monitored behavior means anomaly detection tuned to agent-specific baselines, not log files reviewed after an incident.

    The organizations in that 21% treat agent governance the same way strong security organizations treat privileged access management. It is continuous, instrumented and accountable to a named owner. Every production agent has a defined scope, a defined owner and a defined boundary. When it drifts outside that boundary, something fires.

    Organizations do not need to gut their existing governance frameworks. The principles are sound. They need to extend identity , access, monitoring and lifecycle controls to explicitly include non-human actors, much like they already do for privileged users.

    This is fundamentally a technical infrastructure problem. It requires investment in tooling, in monitoring architecture and in the organizational capacity to act on what the monitoring surfaces. Policy documents cannot substitute for any of it. What security leaders need to do now Audit what is running, not what was approved. Most organizations know which agents were approved for deployment. Far fewer have current visibility into what those agents are actually doing in production. Start there.

    Replace permission assumptions with permission verification. Analyst-level access is not a scope definition. Map every agent to a specific, tested list of actions it needs to perform. If that list cannot be written down and validated, the agent has wider access than its governance accounts for.

    Build agent-specific behavioral baselines and treat deviations as incidents. Human SOC monitoring and agent monitoring require different models. Agent behavior outside its defined task pattern is signal, not noise. Instrument accordingly.

    Treat AI systems as first-class identities. If a system operates under its
    own account and can act autonomously, assign it a named owner, scope its access narrowly, monitor its behavior continuously and include it in your lifecycle processes from onboarding to decommissioning. The gap compounds The risk is not only that something goes wrong. It is that something goes wrong inside a governance structure that gave everyone involved confidence it would not.

    Closing that gap requires shifting from governance on paper to governance in operation by auditing what agents actually do, tightly verifying their permissions, monitoring their behavioral patterns and treating them as accountable identities within the enterprise.

    Every quarter that agent deployments scale without enforcement infrastructure is a quarter where the gap between documented governance and operational reality widens. It does not stay static. It compounds. The 21% are not just ahead on compliance.

    They are building on a foundation that the other 79% will eventually have to construct anyway, under worse conditions and with less time to get it right. We've featured the best AI tool. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/a-live-operational-risk-why-ai-agents-are-outrun ning-your-security


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)