Microsoft: How to Secure Enterprises from Agentic AI Risks
AI powered automation with human-agent teams are redefining the frontiers of work in major companies.
With vibe coding blowing up, application and agent development has been democratised, opening doors for non-developers with area specific skills to use these low-code tools to build their own agents, thereby rapidly increasing adoption.
Microsoftâs AI security report titled Cyber Pulse shows that over 80% of the Fortune 500 companies have active agents built using these lowâcode/noâcode tools.
This is contributing to a drastic change in workflows as organisations encourage embedding task-specific AI agents into their everyday workflows.
âA key difference we are seeing in AI agent adoption from other technology eras (such as early cloud adoption) is the pace and magnitude of change,â Charlie Bell, former Executive Vice President at Microsoft Security writes on LinkedIn.
âAI agents are moving from experimentation to operating at scale at a furious rate. This shift is fundamentally changing the security landscape.â
Agentic AI adoption by industry
According to the Microsoft report, software and technology industries have the highest rate of agentic AI adoption rated at 16%.
Displaying a systematic change in workflows across factories, supply chains and energy operations, the manufacturing sector boasts 13% of global agent use.
Financial services sector â which includes banking, capital markets and insurance â are also leading the charge in agentic AI adoption along with the operationally intensive manufacturing sector as well as customer-facing retail sectors.
As Microsoftâs first-party telemetry from November 2025 reveals, the financial sector accounts for 11% of all globally active AI agents.
This dominance of the financial sector in AI adoption also has considerable upside, as proven by Barclays wherein it surpassed 1 million hours of productivity using Microsoft Copilot.
Microsoftâs first-party telemetry puts retail at 9% as AI agents are used to âoptimise inventory, enhance customer experience and streamline frontline operationsâ.
What are Double Agents?
Research from Microsoftâs AI Red Team discerned how AI agents can be turned against the organisation using many subtle techniques such as embedding harmful instructions in everyday content and redirecting agent reasoning by manipulating task framing.
Thereby arises the conundrum of the double agent â a misaligned AI agent with too much access or wrong instructions which can be used by bad actors to exploit enterprises.
The risk arising from them is manyfold, including prompt injections and incorrect data permissioning which can cause data leakage.
Sometimes, even a single misdirected file or overshared document could have extreme financial or regulatory repercussions making agent security non-negotiable as adoption amplifies.
Security concerns soar with Microsoft's Data Security Index revealing that only less than half (47%) of the organisations have implemented Gen AI security controls and over a quarter (29%) of employees use unsanctioned AI agents for work.
- Registry: This is a centralised registry which acts as a âsingle source of truth for all agentsâ. It fosters observability that allows to restrict or quarantine misbehaving or unsanctioned agents, prevents agent sprawl and enables accountability.
- Access Control: Least privileged permissions should be used to ensure that each agent only has access to the data, systems and workflows that are essential to complete their tasks.
- Visualisation: Use real-time dashboards to reveal the activity of each agent to monitor behaviour and immediately stop misuse.
- Interoperability: Having a consistent governance model for agents operating under various platforms, including in-house and third party systems allow for agents to be managed with the same shared enterprise controls.
- Security: Agents require built-in protections that prevent tampering by internals and external security threats.
How to securely use agents to âinnovate at machine speedâ
To secure AI agents, organisations must design systems assuming attackers will get inside.
The Microsoft report suggests a holistic AI risk management effort that takes a top-down approach with a dedicated executive who is accountable for governance.
By adopting zero trust principles for AI agents, organisations can verify the identity, device health and location to evaluate the risk level before agents are allowed access.
Ensuring that agents only receive the privileges needed for carrying out a task can root out privilege escalations.
This can be done by defining the scope and least privilege required for each agent instead of assigning broad privileges.
Organisations should apply regulatory data compliance laws to AI channels and develop business continuity playbooks for various AI scenarios.
âAs AI becomes embedded in every workflow, the real differentiator isnât adopting models â itâs governing them quickly and correctly," the report states.
âStrong identity, data security and oversight for agents and co-pilots are now essential to earning trust and avoiding escalating operational, legal, and reputational risk.
âLeaders who act now to put guardrails in place wonât just mitigate threats â theyâll unlock faster innovation, protect customer trust and build a durable advantage in an AIâdriven economy.â
Company portals
Executives
Charlie Bell
Executive Vice President, Engineer
- Veeam: Why Rogue Agentic AI Is a CISO ResponsibilityTechnology & AI
- HMRC Taps Quantexa AI to Dismantle Cyber-Enabled Fraud RingsTechnology & AI
- Microsoft Azure Local: Why Enterprises Need Sovereign AICloud Security
- Stellantis Boosts AI Cybersecurity with Help From MicrosoftCyber Security