SailPoint Asks: Is Cybersecurity Ready For Agentic AI?
A recently published research study from US-based identity security firm SailPoint has highlighted a perplexing contradiction in the attitudes of technology executives towards AI.
The study indicates that the tech sector is primarily concerned with agentic AI, the branch of AI that is capable of acting independently of human direction.
SailPoint's research involved surveying 353 industry professionals, uncovering that while 96% perceive AI agents as an increasing security threat, an astounding 98% of organisations still intend to extend their use over the forthcoming year.
This accelerated embrace of agentic AI poses a significant risk-reward challenge for businesses. Mitigating these risks necessitates investment in advanced cybersecurity strategies capable of countering novel threats.
“Agentic AI is both a powerful force for innovation and a potential risk,” says Chandra Gnanasambandam, EVP of Product and CTO at SailPoint.
“These autonomous agents are transforming how work gets done, but they also introduce a new attack surface. They often operate with broad access to sensitive systems and data, yet have limited oversight. That combination of high privilege and low visibility creates a prime target for attackers.”
The details of SailPoint's study
The industry’s overriding concern about agentic AI is its ability to function independently. Among SailPoint survey participants, 72% recognised AI agents as more threatening than traditional machine identities.
Primary risks identified include:
- AI agents’ access to privileged data (60%)
- Potential for unintended actions (58%)
- Sharing sensitive data without authorisation (57%)
- Making decisions grounded on inaccurate or unverifiable data (55%)
- Disseminating inappropriate information (54%)
Despite these palpable worries, SailPoint’s study reveals a lack of proactive steps towards cybersecurity improvements, with only 44% of companies implementing policies to safeguard AI agents even as 82% engage them in daily operations.
Access to sensitive enterprise data
Contrary to large language models (LLMs) like ChatGPT, which typically lack exposure to sensitive data, current agentic models do engage with customer details, financial records, intellectual assets, legal documentation and supply chain information - alarming the tech community.
A striking 92% of SailPoint survey respondents insist that governing AI agents is vital for enterprise security. Additionally, the study unveiled troubling occurrences, with 23% indicating that their AI agents were duped into divulging access credentials.
Moreover, 80% of companies encountered AI agents executing unintended tasks, such as unauthorised system access (39%), sensitive data dissemination (33%) and inappropriate content acquisition (32%).
Chandra underscores the necessity for stringent governance guidelines to deter repeated incidents of this nature.
“As organisations expand their use of AI agents, they must take an identity-first approach to ensure these agents are governed as strictly as human users, with real-time permissions, least privilege and full visibility into their actions,” he states.
The outlook for cybersecurity
To effectively govern AI agents, SailPoint recommends treating them as distinct identity types, rather than mere system components.
Through its specialised identity security solutions, SailPoint proposes a cybersecurity framework that can identify all AI agents within an enterprise while offering a unified perspective on activities.
For optimal performance, such systems must guarantee total auditability to facilitate regulatory compliance and augment security postures overall.
The timing of these insights coincides with intensifying regulatory examination of AI processes and escalating anxieties surrounding data protection amidst pervasive cyber threats.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
