The agentic blind spots in your zero trust program

Tags:

Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, likens AI agents to “really smart kindergartners.”

“They know how to do something, but they have no clue as to why they should do it,” Wilson says.

This combination of superior execution power and lack of judgment can create a significant challenge for organizations trying to fit AI agents into their existing zero trust architectures. In a robust zero trust environment, Wilson notes, human users are first authenticated, then given escalating decision-making powers and access over time, with many organizations potentially taking weeks to onboard an IT employee with elevated privileges. But that model breaks down with AI agents that can be spun up for single tasks and then quickly destroyed.

“Imagine having to onboard and offboard one of these entities within your ecosystem once every second,” Wilson says. “The introduction of AI agents isn’t necessarily creating new problems. But it is exacerbating problems that have always been there.”

‘You don’t know when they’re going to be wrong’

The pressure for organizations to aggressively adopt AI has brought a corresponding pressure to lower or delete barriers between authentication, decision-making, execution, and authorization, Wilson says. Rather than rearchitecting their zero trust programs for AI agents, many organizations are essentially giving the tools broad access and hoping for the best.

“These agents move so quickly, and no one is quite certain exactly what access they should have,” Wilson says. “I’ve never seen this before, where really smart security people are just closing their eyes and moving at a rate that can be dangerous.”

Already, unfettered access for agentic AI could unleash “calamity” within some organizations, Wilson says, with a report emerging that an AI agent deleted entire production databases. “We’ve seen an example of months and months of work disappearing, even in stable software development environments,” Wilson says. “Even if we estimate that AI agents are right 80% of the time, the problem is the other 20%—what happens when they’re wrong?”

Taking the long view

While agentic AI can raise short-term security problems, Wilson sees the technology as a forcing function that will spur long-term improvements to organizations’ zero trust environments. “We’re at an inflection point where we’re going to have to do the hard things,” he says. “With human users, we’ve accepted that we’re not going to move as fast as we want, and we’re going to have to say no a lot. But this is a tidal wave.”

Wilson likens the rise of agentic AI to the debut of the iPhone (“but 10 times more potent”), noting that smartphones forced organizations to create security and governance practices for bring-your-own-device (BYOD) and remote work programs. “Before the iPhone, there was no such thing as BYOD,” he says. “It was very painful at first, but we would not have remote work if it wasn’t for the iPhone.”

“AI brings that same challenge,” Wilson says. Doing the hard things, he adds, means moving to zero standing privilege, issuing dynamic credentials at the moment of use rather than relying on long-lived secrets, and building security in rather than bolting it on. The goal is to keep the human “on the loop” rather than in it, supervising agents without slowing them down. “Some organizations are going to take some hard lumps, but I think we’re going to be more secure in the long run.”

To learn more, visit us here.

Categories

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *