As AI continues to evolve and healthy, companies are beginning to build AI agents, which behave very differently from other types of AI. Unlike conceptual or traditional AI, which act in response to a human fast or demand, AI agents freely perform complex tasks that require multi-step strategies. To accomplish their goals, officials may gather information from various sources and communicate with internal and external systems.
Equipment identities far outnumber humans in business networks, and system personality management becomes quite difficult, very quickly. However, many of the rights given to AI agents are far too large. If officials are compromised, intruders can use them to move laterally across the channel, escalate their permissions to steal information, install malware and hijack vital internal systems.
When people find they can’t do their jobs because they don’t have large much rights, they complain, and it gets fixed. Models, on the other hand, don’t worry. They simply bust, which creates problems that IT must check. Every IT division is overstretched, but officials are likely to err on the side of giving the AI agent extremely wide privileges. This may produce managing AI agents easier in the short term, but it increases the long-term security threat.
Come say IT has deployed an AI representative that acts as a robot to help sales reps find information immediately about leads and customers. This broker will have access to CRM data, but an admin may mistakenly provide it wide read-write access to numerous enterprise databases.
” With these privileges, if bad actors compromise the broker, they may delete records, drop entire databases, take over applications and do a serious information breach”, says Phil Calvin, chief product officer at Delinea.
The ease of spinning AI agents creates other issues: primarily, shadow AI and agent sprawl. It has become possible, even simple, for non-technical employees to download an agent from open-source sites, spin it up, and connect to data sources — all without any input or awareness from IT.
To properly manage AI agent identities, IT needs to continuously discover all agents in the environment, a process that should be automated and continuous, so IT can become aware of new agents as they appear. Next, IT needs a unified view of all machine identities and their permissions for efficient management.
Agent permissions should default to read-only. Those agents that need the ability to create, update or delete data should each be handled individually and with great care. Next, adhere to the principle of least privilege. If an agent is deployed to provide employees with easier access to information in the knowledge bases, then there’s no reason it should have read access to customer information in the CRM. Restrict access only to the data sources the agent needs to accomplish its tasks.
Delinea has built a cloud-native identity security platform that runs on a global scale to continuously discover, provision, and govern all machine and human identities, including AI agents. IT gains a coherent, comprehensive view of all identities — , even those not under IT’s direct control —via a single pane of glass.
” As an industry, we tend overcomplicate identity management for our customers”, Calvin said. ” At its most basic, an AI agent is just an account, and you need to understand the account sprawl and permissions. We give the customer an easy-to-comprehend view into all of that, which exponentially simplifies management”.