AI agents in enterprises fall into three categories with distinct risk profiles: agentic chatbots (low autonomy, credential governance risks), local agents (inherit user permissions, least governed, fastest-growing attack surface), and production agents (fully autonomous, machine identities, prompt injection and privilege escalation risks). Risk scales with access and autonomy. CISOs should prioritize gaining visibility into what agents exist, what identities they use, and whether permissions align with intended purpose. Identity governance is framed as the core control plane for AI security.
Table of contents
AI Agent Risk Is Driven by Access and AutonomyDeploy AI at enterprise scale without introducing new security riskAgentic Chatbots: The Entry Point for Enterprise AILocal Agents: The Fastest-Growing Security GapProduction Agents: Fully Autonomous AI InfrastructureAI Agents Introduce a Significant Identity Security ChallengeSort: