Agentic AI Security Recommendations for the Next Phase of AI

As Agentic AI deployments scale—a phenomenon where autonomous software agents perform multi-step tasks with minimal human oversight—the security risks detailed in our last article become immediate threats. The speed and scale of agents requires a revolutionary approach to security, shifting from reactive defense to proactive, integrated resilience.

Below, you’ll find actionable recommendations across policy, infrastructure, vulnerability management, and SOC operations to secure the use of Agentic AI.

Core Security Principles for Agentic AI

The fundamental challenge posed by Agentic AI is its autonomy and velocity. Unlike traditional software, these agents make decisions in real-time and access sensitive data. Security controls designed for slower human-centric operations are inadequate. Core security principles must focus on visibility, speed, and identity management to keep control over this new workforce.

• Implement Security at Agentic Speed: Security controls must be deployed and enforced with the same agility and speed as the agents to prevent security gaps.
• Gain Visibility and Control: Establish full visibility into all AI systems, including generative AI (GenAI) and Agentic AI. Apply corresponding security controls upon discovery.
• Align Risk Exposure to Tolerance: Ensure the risk exposure from AI agents aligns with your organization’s risk tolerance, particularly in relation to critical business assets that agents may access.
• Eliminate Unmanaged AI Security Debt: Actively find and remediate undocumented or unmanaged AI implementations, including Shadow AI, which often bypass standard controls.
• Use Non-Human Identity (NHI) and Least Privilege: Treat AI agents as Non-Human Identities (NHI). Use least privilege access combined with microsegmentation to severely limit the scope of data access and lateral movement for agents.

Recommendations for Policy and Governance

Traditional IT policies are insufficient for agentic systems capable of acting on their own. Agents often run outside established workflows. New rules must define acceptable behavior, accountability, and the limits of their power. Governance must treat agents as a high-risk entity, setting clear boundaries for their independent operation.

• Update Policies to Include Agentic AI: Ensure all relevant organizational policies (not just those for GenAI/ChatGPT) are updated to specifically address the unique characteristics and risks of Agentic AI.
• Leverage Cross-Functional Teams: Form teams that include IT, Legal, Risk, Business Units, and Security to develop comprehensive policies, as AI deployments will inherently cross departmental lines. These teams should focus on:
  • Acceptable Use Policies and Awareness Training.
  • Vetting procedures for all AI and autonomous agents.
  • Specific Data Access Policies for Agents.
• Treat Agents as Risky Human Employees: Apply the strictest human employee security paradigms to AI agents:
  • Zero Trust architecture is essential.
  • Enforce strong PAM/IdP session policies.
  • Mandate Least Privileged access at all times.
• Standardize Incident Response for Agent Misbehavior: Treat any instance of agent misbehavior—including cascading hallucinations or unauthorized actions—as a formal security incident, activating all standard Incident Response (IR) steps.
• Adapt Risk Assessments: Update Risk Assessments and Tabletop Exercises to include specialized AI/Agentic AI scenarios. Threat vectors evolve quickly. 

Recommendations for Infrastructure Management

Agentic AI requires new security enforcement points beyond standard network perimeters. Agents communicate using new protocols (like MCP), interact through various proxies, and access resources via APIs. To ensure every transaction is validated, managed, and confined, place infrastructure controls at all points where agents interact with data, models, or other systems.

• Configure All AI Features with Security in Mind: Implement security measures on all AI features, including:
  • AI proxies (e.g., RAG/MCP/A2A gateways).
  • MCP Protocol Detection on edge devices.
  • Prompt and Output Validation 
  • Logging using tools like Web Application Firewalls (WAF) or Secure Web Gateways (SWG).
• Accelerate Identity-Based, Zero-Trust Adoption:
  • Mobile Device Management (MDM) is key to protecting endpoints.
  • Protect APIs/MCPs by only allowing managed and approved devices to access them.
• Use SASE for Policy Enforcement: Use a Secure Access Service Edge (SASE) architecture, including Data Loss Prevention (DLP) and SWG, to enforce granular policy on all agent and user traffic.
• Establish an Agent Governance Board (AGB): Create an AGB in addition to the traditional Change Advisory Board (CAB). CABs are typically too slow for Agentic AI’s rapid pace.
  • The AGB should treat orchestration and agents similarly to software.
  • The goal is to pre-approve as many agentic workflows as possible. Block the rest until a formal request and review are complete.

Recommendations for Vulnerability Management

Agentic AI amplifies the challenge of Shadow IT as the bar for deployment is lowered. Employees can easily deploy powerful agents locally on workstations or in cloud environments, creating unauthorized access points and potentially insecure models. Vulnerability management must expand to continuously scan for unauthorized AI tools and test the security of authorized LLMs against specialized attack vectors.

• Continuous Scanning for Unauthorized AI Tools: Conduct constant scanning to find Shadow AI and rogue Model Context Protocol (MCP) servers and tools you didn't authorize.
  • Use host-based and network scans, as users may run local agents on workstations or cloud environments.
  • Look for non-standard ports and specific code libraries, such as the presence of fastmcp, installed on workstations.
• Continuous Testing for LLM Vulnerabilities: Regularly test against standards like the OWASP Top 10 for Large Language Models (LLMs) to ensure any in-house model training and specialization adheres to security best practices.
• Specialized AI Pentesting and Red Teaming: Dedicate resources to AI Pentesting and Red Teaming. These teams must understand the AI weaknesses to simulate realistic and evolving attack scenarios.

Recommendations for the Security Operations Center (SOC)

The SOC is on the front line of an AI-accelerated arms race, facing attacks that are faster and more sophisticated than ever. Moreover, the line between human and automated malicious activity is blurring. The SOC must evolve by automating its response, enhancing traceability, and using AI against AI to support efficiency and rapidly contain threats before they cause damage.

• Improve Traceability: Human behavior used to be distinct from script behavior, but AI agents blur this line. Traceability is vital. Log the exact AI prompts and detailed commands to provide necessary context for investigations.
• Ensure Comprehensive Alerting: Check that all security tools are logging AI and MCP-specific alerts.
• Implement Behavioral Anomaly Detection: Use advanced analytics to monitor AI access patterns for anomalies, including:
  • Access to sensitive data outside of a predefined scope.
  • Odd API call patterns.
  • Unusual data movement or signs of infiltration/exfiltration.
• Prioritize SOAR Workflows: Since AI workflows move fast and impact can become large quickly, Security Orchestration, Automation, and Response (SOAR) platforms are critical. Automate the containment of compromised AI/Agent/MCP entities.
• Evolve Threat Hunting: Integrate Threat Intelligence for adversarial AI campaigns and implement Hypothesis/Objective-based threat hunts that are directly relevant to your organization's specific Agentic AI risks.

Securing Agentic AI Requires a Fundamental Shift in Cyber Defense

Securing Agentic AI is not merely an IT upgrade; it is a fundamental shift in cyber defense strategy. By adopting a posture of speed, Zero Trust, and comprehensive governance, organizations can manage the inherent risks of autonomous systems. 

Success hinges on updating policies to reflect agent identity, controlling infrastructure at the protocol level, relentlessly scanning for shadow AI, and empowering the SOC with automation and deep traceability. Only through this holistic, adaptive approach can businesses safely harness the transformative power of Agentic AI.