{"id":8653,"date":"2026-07-06T14:37:20","date_gmt":"2026-07-06T14:37:20","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8653"},"modified":"2026-07-06T14:37:20","modified_gmt":"2026-07-06T14:37:20","slug":"operationalizing-agentic-ai-from-assisted-to-autonomous","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8653","title":{"rendered":"Operationalizing Agentic AI: from assisted to autonomous"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption.<\/p>\n<p>Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While this freewheeling activity presents obvious risks, many users and businesses have so far been spared from catastrophic consequences.<\/p>\n<p>Stephen Wilson, field chief technology officer for HashiCorp, an IBM company, notes that most people are still using AI tools largely as \u201cassistants,\u201d with the technology only taking action at the direction of human users. But, as AI agents are given more ability to act on their own, the risk calculus is changing. And so far, Wilson says, security and governance practices aren\u2019t keeping up.<\/p>\n<p>\u201cRight now, what\u2019s happening is that organizations are starting to use AI tools as full partners but governing the tools the same way they did when they were only using them as assistants,\u201d Wilson says. \u201cWhen AI is an assistant, the user is very close to the execution, and they\u2019re handing over API keys, social media credentials, and bank information. But now we\u2019re starting to ask AI to do things on our behalf autonomously.\u201d<\/p>\n<p>As organizations move from assisted use cases toward more autonomous workflows, Wilson says, they need to mature their governance models across three common adoption patterns: AI as assistant, AI as an agent, and AI as operator.<\/p>\n<h1 class=\"wp-block-heading\">AI as assistant<\/h1>\n<p>The most basic and widespread form of enterprise AI adoption is AI as an assistant. In this model, a human remains close to the work, using the technology to summarize information, draft content, generate code, and complete other discrete tasks. The user enters a prompt, evaluates the response, and decides what to do next.<\/p>\n<p>Although humans remain close to the execution at this stage, activity is not free from risk. When users interact with AI assistants, they can easily bring sensitive data, credentials, or permissions with them into the workflow. A user with privileged access might paste an API key into a prompt or even ask an LLM to analyze confidential records.<\/p>\n<p>\u201cYou need to have a very tight handoff from the human identity to the machine identity,\u201d Wilson says. \u201cYou also need to be able to govern what that machine can access from a machine-to-service perspective, because if I get elevated privilege, it\u2019s not hard to inject that privilege into the context window.\u201d<\/p>\n<p>At the assistant stage, organizations largely need to ensure that AI activity is governed by the same boundaries already established for users. But as AI moves from answering prompts to completing work, those governance boundaries must expand.<\/p>\n<h1 class=\"wp-block-heading\">AI as an agent<\/h1>\n<p>At this stage, human users begin asking AI tools to complete certain tasks autonomously. For example, instead of going back and forth with an LLM to outline and draft a piece of content, a user might simply give an AI tool a set of inputs and basic instructions and then ask the tool to generate the piece on its own. In fact, the writing agent may even pass off the finished draft to an editing agent or other AI tools before coming back to a human user.<\/p>\n<p>\u201cWhen that happens, the governance controls and the identity and auditability have to go up because you\u2019re moving the human out of the loop even more,\u201d Wilson says. \u201cWith AI assistants, the human is still the initiator of the request that happens back and forth. But with AI as agent, you\u2019re making a request and then just letting it run.\u201d<\/p>\n<p>At this stage, Wilson says, organizations must determine what level of access different agents need to complete certain tasks, as well as how to confer identity upon AI agents. \u201cHow do you manage the persona? How do you accelerate its ability to be more correct often? These are the things you have to think about as you start to move to AI as an agent.\u201d<\/p>\n<h1 class=\"wp-block-heading\">AI as operator<\/h1>\n<p>This is the stage where AI agents take on not just individual tasks but entire projects. Instead of prompting agentic tools to write and edit a single article, an organization might ask a team of AI agents to design and execute an entire marketing campaign.<\/p>\n<p>\u201cThe human comes back in two or three hours and has the entire project, including where to publish, individual social media posts, and engagement strategies,\u201d Wilson says. \u201cThe level of governance and identity and auditing have to increase as your level of oversight decreases.\u201d<\/p>\n<p>Wilson notes that it is important at this stage to establish strong governance not only around data access but also around accuracy. For example, if an AI agent creates social media content, the organization needs to know that the content uses approved messaging, moves through the right review process, and is published only through authorized channels.<\/p>\n<p>This is a complex challenge because AI agents are probabilistic systems, while many enterprise workflows are deterministic. Before giving agents the power to complete these workflows, Wilson says, leaders must think carefully about where AI-generated work should end and controlled execution should begin.<\/p>\n<h1 class=\"wp-block-heading\">The road ahead<\/h1>\n<p>Most organizations are only beginning to deploy agentic AI beyond the assistant stage, and Wilson notes that security leaders are still debating the right governance, identity, auditability, and observability models for these systems.<\/p>\n<p>But the overarching governance demand is clear: As AI systems gain more autonomy, organizations must implement more rigorous controls. An AI assistant can be governed largely as an extension of the individual user. An AI agent must be governed as part of a team, with clear visibility into the work it performs and the systems it touches. And an AI operator must be governed as a business function, with controls that span data access, workflow execution, approvals, and audit trails.<\/p>\n<p>\u201cYour scope of governance, identity, and observability has to increase at the same rate as if you were moving from an individual to a team to an organization,\u201d Wilson says. <\/p>\n<p>To learn more, visit us <a href=\"https:\/\/url.usb.m.mimecastprotect.com\/s\/JmXpCVJDNDFOzA4ZfGf1cEukO9?domain=ibm.com\">here<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Ever since ChatGPT made its public debut nearly four years ago, governance and security have largely lagged behind AI adoption. Eager to experiment with AI tools and find ways to improve their work and personal lives, users have uploaded corporate data, financial records, and even their own health information to large language models (LLMs). While [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8654,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8653","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8653"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8653"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8653\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8654"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8653"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8653"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8653"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}