We live in a very important time in technology. Every week brings a new breakthrough for AI agents – abilities that seemed impossible a few months ago are now becoming a reality. Organizations are quick to adopt them, and rightly so.
But there are important safety features under the hood. According to our research, at Okta, 91% of organizations are already adopting AI agents, yet only 10% have governance strategies in place. Bridging this gap will require focus and deliberate effort.
The reason comes down to something more important than most people realize. We’re moving from one architecture to a very different one and we haven’t fully considered what that means for security.
When the processes stop following the script
For decades, we’ve created tools that work within predictable limits. Consider a travel booking request. You go through the described screens and make a transaction. What is possible is limited. Security works because users walk through protected corridors deep in the application’s memory.
But AI agents work differently. They talked. They accept natural language from anywhere and make independent decisions that we cannot predict. The access point is no longer hidden in the application code. It’s right there on the front end, in the dialog itself.
This is a structural change, and it means that the security systems we’ve come to rely on are now being tested in ways we’re only beginning to understand.
Security first
This change exposes internal APIs and data surfaces in a way that older systems did not. When you compromise a deterministic application, damage often occurs. But when you compromise an AI agent, you’re looking at potential access to all of your operating systems and manipulations in unexpected ways.
What was once thought is now happening, and complexity is compounded when agents work together. We are moving beyond single agents to agent-to-agent communications. This presents authentication and identity challenges that we didn’t have to think about before.
Rethinking identity in an AI-driven world
80% of crime today involves identity or credentials, which remains a key area of attack for threat actors. But, solving this in an agent-driven world requires thinking about identity differently.
For manufacturers and agencies using agents, four identification requirements were not discussed:
- First, agent and user authentication. You must securely link the actions of each agent to the user of the person who authorized them.
- The latter, standard, secure API access. Agents connect to multiple applications. Those connections need to be hardened against token leaks and data compromises.
- The thirdhuman authentication in the loop for anything high-risk or sensitive. This is not about a lack of faith in AI; it’s about preserving people’s autonomy as these systems grow.
- Fourth, good permissions. The agent should get only the data he needs, only for the time he needs, with each action registered and auditable.
Learning from past mistakes
I’ve seen this trend in the cloud, APIs, and microservices. Security considerations often come later in the development of new architectural models, not earlier.
We see it again with proxy protocols. MCP, agent-to-agent settings, and access levels for different devices are evolving rapidly with a real effort to ensure security from the start. But the defense still feels like it’s lagging rather than leading the draft.
The practical truth is that you cannot wait for perfect values. You need to implement governance in the ways that exist today, while remaining flexible to adapt as circumstances evolve.
What leaders must do now
Business leaders face real pressure to unlock the potential of AI and real concerns about security. These are not exclusive. Here is what needs to happen.
- Full visibility into every agent running in your environment and what they’re doing. There are no shadow representatives. No hidden permissions.
- Use information and authorization processes with the same authority you would apply to human users.
- Ensure agents communicate through secure, tested channels. Whether building client agents or using MCP servers, the same principles apply.
- Finally, write everything down. The functions of the agent will work to a degree that may surprise you, but if every action can be taken, you will meet the regulatory requirements and investigate the incidents quickly.
Be proactive, not reactive
Agent-related crimes are happening now and will continue to happen. That’s not a reason to delay the adoption of AI — it’s a reason to be concerned about security from the start.
The encouraging part is that the principles we’ve come to rely on – data management, access to limited opportunities, payment, full audit – still work. In fact, they are more important than ever. We just need to measure them wisely for this unstable world.
The technology is there and the designs are emerging. What matters now is whether we approach this thoughtfully or spend the next few years managing preventable events.
I bet we are smarter than that.
Shiv Ramji, is the Auth0 President of Okta
#agents #ready #security #implications #Computer #Weekly