Risks of Unchecked AI Agents in Cybersecurity
Severity: High (Score: 61.2)
Sources: Itweb.Co.Za, Blog.Knowbe4
Published: · Updated:
Keywords: agent, governance, agents, beware, unchecked, part, beyond
Summary
AI agents are increasingly autonomous and active within organizations, posing significant security risks. Samantha Rule, CISO at Ninety One, reported that 88% of organizations experienced AI agent security incidents in the past year. The average enterprise has 37 deployed AI agents, yet only 24% have full visibility of agent-to-agent interactions. A concerning 41% to 44% of organizations lack human oversight for high-risk decisions made by these agents. Rule emphasized the need for governance similar to human employees, including accountability and verification of actions. She recommended treating AI agents like personnel, ensuring proof for privileged actions, and implementing safeguards for irreversible actions. As AI agents evolve from tools to autonomous actors, organizations must adapt their security strategies accordingly. Key Points: • 88% of organizations reported AI agent security incidents in the past year. • Only 24% of enterprises have full visibility of AI agent interactions. • 41%-44% of organizations lack human oversight for high-risk AI agent decisions.
Detailed Analysis
**Impact** Enterprises deploying AI agents are affected globally, with the average organization operating 37 agents. Approximately 88% of organizations reported confirmed or suspected AI agent security incidents in the past year. Between 41% and 44% of organizations lack human-in-the-loop controls for high-risk agent decisions, increasing exposure to unauthorized actions such as data deletion or fund transfers. The sectors impacted include any with AI agent deployments, as these agents interact with internal systems, customers, and workflows. **Technical Details** AI agents operate autonomously, executing actions such as sending emails, moving data, and triggering workflows across systems without human intervention. The attack vector involves compromised or unchecked AI agents acting with granted privileges, often without full visibility into agent-to-agent traffic—only 24% of organizations have such visibility. No specific malware, CVEs, or IOCs were detailed in the sources. The threat manifests primarily during the execution and action stages of the kill chain. **Recommended Response** Implement strict governance treating AI agents as extensions of the workforce, enforcing identity, authority, intent, chain of custody, and accountability for all privileged actions. Record all agent activities and require human approval for irreversible actions like data deletion or fund transfers. Increase monitoring of agent-to-agent communications to improve visibility and detect anomalous behavior. No specific patches or detections were identified; focus on policy enforcement and operational controls.
Source articles (2)
- AI Agent Governance Part 1 - Beyond the Chatbot: Mastering AI Agent Governance — Blog.Knowbe4 · 2026-05-26
In 2024, we talked to AI. In 2026, AI is talking to our systems, our customers, and increasingly, acting on our behalf. With AI agents, we are moving AI from a tool to an actor, from assistance to age… - Beware the unchecked AI agent — Itweb.Co.Za · 2026-05-27
Artificial intelligence ( AI ) agents are already active inside your business. But are you monitoring and managing them effectively? This question was posed by Samantha Rule, CISO at Ninety One, durin…
Timeline
- 2026-05-26 — ITWeb Security Summit 2026 held: Samantha Rule presented on AI agent risks and governance at the Cape Town leg of the summit.
- 2026-05-27 — Article published on AI agent governance: KnowBe4 discussed the evolution of AI agents from tools to autonomous actors, highlighting governance challenges.