1. Forum
  2. tqwNet
  3. TQW GENTECH

  • AI agents are the new unmanaged endpoints

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 13, 2026 10:00:32
    AI agents are the new unmanaged endpoints

    Date:
    Wed, 13 May 2026 08:51:36 +0000

    Description:
    AI agents are multiplying fast, and your existing security controls aren't ready for them.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Remember the late 2000s, when personal smartphones started showing up in enterprise environments? Employees were connecting personal devices to corporate Wi-Fi, syncing work email to iPhones and accessing internal systems from hardware the security team had never touched and had no authority over. Ronan Murphy Social Links Navigation

    Chief Data Strategy Officer at Forcepoint. Security teams were caught
    entirely flat-footed. There was no policy. There was no governance. And by
    the time organizations started scrambling to respond, the devices were
    already everywhere. I've spent more than 20 years in this industry, watching the same pattern repeat itself in different forms, across different technologies, with depressing reliability. Shadow IT. Cloud sprawl. Now AI agents. Latest Videos From You may like How businesses can stop their AI agents from running amok The mobile app traffic your security team can't see and AI agents are generating it Shadow AI and agents like OpenClaw are hijacking corporate data too easily

    The script is identical. Unfortunately, the stakes this time are considerably higher. The 82-to-1 problem Non-human identities now outnumber human users in enterprise environments by a ratio of 82 to 1, according to Rubrik Zero Labs' Identity Crisis Report published in 2025.

    That means that for every employee your IT team has carefully provisioned, there are 82 machine identities operating across your environment. And unlike employees, most of those machine identities were never reviewed by security
    or attached to an accountable human being who can be questioned when
    something goes wrong.

    When an organization deploys an AI agent, it doesn't create a single identity . It creates a cascade. One per tool the agent connects to, one per API it calls, one per data source it reads from. Those identities accumulate faster than any governance process built for human users can track. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Many organizations I speak to cant answer the most basic questions about
    them: Who authorized them? What permissions do they have? What sensitive data can they reach? What are they doing right now?

    The honest answer, more often than not, is that nobody knows. Why your existing controls won't save you Agentic AI is a meaningful step beyond the generative AI tools that security teams are still working to govern. Rather than responding to a single prompt, an agent reasons, plans and acts. What to read next Always-on AI Agents put everything hackers could ever want behind a single attack surface AI agents create new risks requiring continuous monitoring and oversight Shadow AI 'double agents' are outpacing security visibility and that's a serious concern for UK businesses

    It does this across multiple tools, data sources and application
    integrations, with minimal human involvement at each step. You give the agent a goal, not an instruction, and it determines how to get there.

    That autonomy is the key differentiator that makes these systems valuable. It is also precisely what makes the security gap so dangerous.

    When a human makes a decision about data sending a file, querying a database , exporting a report there is at least some cognitive checkpoint, however imperfect. Agents remove that checkpoint entirely.

    They operate at machine speed. The static, rule-based controls organizations have spent years tuning for human behavior were not designed for an entity that can interact with an API, read a cloud storage bucket, summarize email threads and push output to an external service in the time it takes a human
    to open a browser tab.

    The old "block or allow" binary does not work when an AI agent is making hundreds of data decisions per minute. And there is a harder problem underneath that one: prompt injection.

    A malicious instruction hidden inside a webpage, document or email that an agent retrieves can cause that agent to execute unauthorized actions, because it interprets the instruction as legitimate. The agent has been manipulated. It doesn't know it. And no alert fired, because nothing triggered a rule.
    What a credible response actually looks like The organizations that navigate this well will be the ones that treat it like the BYOD problem they
    eventually solved by establishing governance frameworks before the scale becomes unmanageable.

    Three things need to happen.

    First, inventory. You cannot govern what you cannot see. Building a complete, accurate picture of the agents operating in your environment what they're authorized to do, what data they can touch, who provisioned them is the foundational step. This sounds obvious. Almost nobody has done it.

    Second, identity policy has to cover non-human actors explicitly. Access governance frameworks written for humans do not automatically extend to agents. A machine identity operating at admin-level privileges warrants the same scrutiny as a privileged human user. Policy needs to reflect that, not assume it does already.

    Third, enforcement needs to adapt dynamically. Because agent behavior changes in real time, static rules written in advance cannot keep pace. Controls need to respond to what an agent is actually doing in context, not just whether
    its credentials checked out at login. The window is shorter than it might
    look Organizations that build agent governance frameworks now, while adoption is still early and the environment is still mappable, will have a structural advantage.

    Those that wait for a significant incident will find themselves doing what security teams always end up doing after an unmanaged technology proliferates without oversight: retrofitting controls onto systems that were never
    designed to be governed.

    We learned that with BYOD and again with cloud . We're going to learn it one more time with AI agents. The only real question is whether we start before
    or after something goes wrong. We've featured the best business VPN. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/ai-agents-are-the-new-unmanaged-endpoints


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)