Keeping Your AI Agent in Line: Essential Security Measures for Enterprise AI Deployment

The AI boom is continuing across industries, with AI agents now the next big tool for optimizing workflows across business units. At least, that’s what we’re told. There are, however, some things to consider before just letting one or more agents loose in your systems. 

A quick look at how artificial intelligence bots in business have been used shows the progression of the technology. Companies started with simple customer service chatbots, followed by simple AI agents that can do some things for you. Both are basically harmless and serve a helper function. Each is trained only on internal documents, and neither has access to outside information. 

Where the risk comes in is in enterprise-based agents that have been trained on large language models (LLMs) and are accessible by multiple people and systems. The risk is compounded when you don’t think you need a human control plane, according to Harish Peri, SVP and General Manager of AI Security at Okta. 

Some important questions that need to be answered before an agent is let loose in your systems are: how is access managed, and what do you have in place to stop a rogue agent? 

Building awareness that an agent can go rogue

There have been multiple examples of what happens when an AI agent takes “extra initiative” or acts like a “Super Admin,” which can lead to unpredictable behavior with often negative consequences for the company. Like the time an AI agent deleted a critical database in a scant 9 minutes. They can also leak sensitive information to outside systems. 

It's important to note that an agent can be manipulated by a bad prompt into doing something detrimental to the company. 

Access and authorization are critical to determine before your agent is deployed, but according to Peri, there are three types of thinking he encounters in companies he talks to about providing cybersecurity for AI agents. 

1. Some are just not aware that an agent can cause trouble or go rogue.
2. Some minimize the risk.
3. Some reduce the problem and change it into a different one.

The pressure to quickly roll out agentic AI is adding to the risk factors, along with the sense that people don’t know what the risks are. Granted, only about 20% of deployed agents cause trouble, but they cause 80% of the trouble. That holds true whether you’ve deployed five or 10,000 agents across your business. 

Avoiding rogue agents

While it’s easy to say, “You need to install a kill switch for your AI agent,” reality requires you to do some upfront work to provide your agent with what, in essence, are parental controls.

To set up security before you deploy your agents, you will want to put in the time, effort and process, which includes:

• Analyzing the risk level involved in using an agent and which systems it will have access to.
• Determining what the potential blast radius is when things go wrong. How much critical data would you potentially stand to lose?
• Detailing the authorization controls you want to put into place.  

It may slow your rollout, but it can save you not only in lost revenue but, equally important, in lost reputation. 

As Okta puts it on its website: “Securing agents requires treating them as first-class identities with strict authentication, authorization, and governance to help prevent them from becoming insider threats.”

Peri adds, “It’s easy to spoof an agent, and we’re seeing prompt injection as a growing threat vector.” He agrees that prompt injection can come from inside the company as well as from outside threat actors. 

Planning for success

There is no doubt that a well-managed or well-behaved AI agent can provide benefits to your company and employees by taking on a number of repetitive or time-consuming administrative tasks. 

We’ve talked about the points to consider before deploying agents across your enterprise. Now, let’s look at how to control the permissions and actions of those agents. 

According to Okta, securing the AI agent life cycle requires a two-pronged approach: 

• Build “secure by design,” which means developers should use tools like Auth0 to embed identity standards — such as fine-grained authorization and token vaulting — directly into the agent's code.
• Manage through a secure control plane. Security teams must use a unified platform to detect running agents, register them in a directory, and govern their access policies and life cycle events.

All agent activity should connect to a centrally managed location and connect to the company's SOK as part of a larger cybersecurity setup. 

Having a centralized cybersecurity provider makes sense. They can come in and ask all the important questions, even ones you might not have thought of. For example, what dataset was the LLM underpinning your agent trained on? Is the data it was trained on correctly classified? How secure is the model and how likely is it to hallucinate; do you even have a way of detecting hallucinations? 

Once you have answers to these questions, have the cybersecurity experts install an “identity security fabric,” which is an architecture that gives IT and security teams a unified control plane that manages every identity type (human and non-human) to help prevent security gaps. Let’s face it, AI agents are effectively becoming a part of the workforce, therefore they must be brought into this fabric to avoid gaps in security.

Just like you establish access for different job titles through passwords and badges, you should also determine access for your AI agents. You can’t trust an AI agent to always do the right thing, especially if it’s not trained to understand what the right thing is in any given situation.  

All these securities should be put in place on day zero, before any AI agent is deployed in your systems. 

Peri put it very succinctly: “Don’t wait for the perfect solution. One bad agent can delete all your data. Secure them now.”