CybersecurityAI

AI Agents Are Insider Risk

Paul Asadoorian
Paul AsadoorianApr 20, 2026

Why It Matters

Unmanaged AI agents can become covert insiders, exposing firms to data breaches and regulatory penalties; early security controls safeguard assets and maintain trust.

Key Takeaways

  • AI agents require security tools for visibility and control.
  • Treat AI agents as employees with distinct identities and permissions.
  • Implement monitoring and alerts for anomalous AI agent behavior.
  • MFA may be infeasible; enforce strict access boundaries instead.
  • Early adoption of insider‑risk tools mitigates AI‑driven security threats.

Summary

The video warns that AI agents, increasingly embedded in enterprise workflows, should be viewed as insider‑risk vectors. Security teams must deploy tools that give continuous visibility into what these agents access and how they interact with corporate systems.

Key recommendations include assigning each agent a unique identity, applying the same least‑privilege principles used for human staff, and establishing robust monitoring to flag anomalous actions. While multi‑factor authentication isn’t practical for bots, organizations can restrict agents to narrowly defined permissions and enforce strict access controls.

The speaker emphasizes, “treat them like any other employee and any other type of insider risk,” noting that without dedicated oversight, agents can silently exfiltrate data or misuse privileges. He also acknowledges the limitation: “you’re not going to be sitting them up with MFA,” underscoring the need for alternative safeguards.

For businesses, ignoring these controls invites new attack surfaces. Proactive deployment of insider‑risk platforms not only protects sensitive information but also ensures compliance with emerging regulations governing AI‑driven processes.

Original Description

AI agents and chatbots are increasingly integrated into systems with access to data and services. However, they often lack traditional identity controls like MFA and may not be fully monitored.
Without visibility and restrictions, these agents can behave like unmanaged insiders—accessing systems, moving data, or triggering actions without proper oversight. Treating them like employees, with identity, access controls, and monitoring, reduces the risk of unintended or malicious outcomes.
If your AI systems have access to critical resources, are they governed like users—or operating without clear boundaries?
Subscribe to our podcasts: https://securityweekly.com/subscribe
#AISecurity #IdentityAccessManagement
#SecurityWeekly #Cybersecurity #InformationSecurity #AI #InfoSec

Comments

Want to join the conversation?

Loading comments...