A recent report by SailPoint highlights a critical shift in the security landscape as 98% of organisations in Southeast Asia plan to expand their use of AI agents over the next year. However, 96% of tech professionals view these agents as a growing security risk, signalling an urgent need for enhanced identity governance.
The report, titled ‘AI agents: The new attack surface,’ reveals that while 82% of organisations already utilise AI agents, only 44% have established policies to secure them. This discrepancy raises alarms, particularly as 72% of respondents believe AI agents pose a greater security risk than traditional machine identities.
AI agents, or agentic AI, are autonomous systems capable of making decisions and taking actions to achieve specific goals. They require various machine identities to access sensitive data and applications, which introduces complexities such as self-modification and the creation of sub-agents.
The report identifies several factors contributing to their risk profile, including:
- Access to privileged data (60%)
- Potential for unintended actions (58%)
- Sharing of privileged data (57%)
- Decision-making based on inaccurate data (55%)
- Accessing inappropriate information (54%)
Chandra Gnanasambandam, EVP of Product and CTO at SailPoint, emphasised the dual nature of AI agents:
“They are a powerful force for innovation but also introduce a new attack surface. With broad access to sensitive systems and limited oversight, they become prime targets for attackers.”
As AI agents increasingly handle sensitive customer information, financial data, and intellectual property, the need for robust governance becomes critical. An overwhelming 92% of respondents agree that managing AI agents is essential for enterprise security. Alarmingly, 23% reported their AI agents had been tricked into revealing access credentials, while 80% noted that these agents had taken unintended actions, such as:
- Accessing unauthorised systems (39%)
- Sharing sensitive data (31%)
- Downloading confidential content (32%)
With nearly universal plans to expand the use of agentic AI, organisations must adopt comprehensive identity security solutions. These should govern not only human identities but also AI and machine identities, ensuring unified visibility, enforcing least privilege access, and providing auditability.
In an era marked by increasing data breaches, poorly governed AI agents pose significant risks. For CISOs and CSOs in Southeast Asia, the imperative is clear: evolve security strategies to encompass AI agents, ensuring they are managed with the same rigor as human identities to safeguard sensitive enterprise data.