Home

EDUCATION

Technologies

Operations

Team

About

careers

NEWS & PRESS

Agentic AI Is Entering the Enterprise: Governance Isn’t Ready

By Or Kohol, AI Expert at CyberproAI Group

The shift happened faster than most security teams expected.

Not too long ago, companies were experimenting with AI assistants to help employees write emails or summarize documents. Now, they’re deploying autonomous AI agents that can execute tasks, access internal systems, and run multi-step workflows on their own.

In some cases, these systems operate with little or no human oversight.

That’s a major shift.

And when something goes wrong, a bigger question emerges, who’s accountable, the human, the system, or the company that deployed it?

How Agentic AI Has Broken the Risk Model

Most enterprise risk frameworks were built for AI that suggests and drafts. Agentic AI does something very different. It takes action, calling APIs, accessing systems, modifying data, and executing workflows across the organization.

And once AI can act inside real systems, the risk model changes completely.

The biggest risks aren’t just malicious attacks. They’re what happens when autonomous systems make decisions and execute them at scale.

  • Agents make mistakes, not just attackers.
    The first wave of incidents will likely come from AI hallucinations, not breaches. An agent can guess the wrong API parameters, approve a misconfigured deployment, or send customer data to the wrong endpoint. When this AI system has write access to production systems, a hallucination isn’t just wrong, it’s an operational failure
  • Blended data becomes a target.
    Agentic systems pull information from multiple sources at once: databases, documents, email, internal tools, and external APIs. That combined context is powerful, but it’s also dangerous. Prompt injection attacks can manipulate an agent into leaking sensitive information through what looks like a normal API call.
  • Runaway costs become a new attack vector.
    Every AI action triggers costly API calls. If an agent gets stuck in a loop or is tricked into calling expensive services thousands of times overnight, the damage may not show up as a breach but will drain budgets overnight. Security researchers call this: “Denial of Wallet.”
  • Agent-to-agent communication (A2A) opens new gaps.
    New protocols like MCP and A2A let agents coordinate across enterprise boundaries, but a vulnerability in one agent’s toolchain can now cascade across an entire workflow.
  • Shadow agents are already appearing.
    Teams are already deploying autonomous workflows outside formal IT governance.  In 2026, these shadow agents will represent a largely invisible attack surface with unmonitored data flows and inconsistent controls.

We aren’t just talking about theory either, this is already happening.

In November 2025, Anthropic disclosed a cyber espionage operation where AI was used across the entire attack lifecycle, the first confirmed case of agentic AI gaining access to major tech companies and government agencies.

The Regulatory Window Is Closing

This is no longer a “tomorrow” issue. The regulatory timeline for AI governance is already unfolding, and many of the first major deadlines arrive within the next year.

In the European Union, on August 2, 2026, the core framework of the EU AI Act becomes operational. Organizations deploying high-risk AI systems will be required to demonstrate structured risk management, transparency, human oversight, and cybersecurity controls.

In the United States, similar pressures are emerging at the state level.

The Colorado AI Act takes effect in June 2026, mandating impact assessments and transparency around high-risk AI deployments. Illinois’ AI in Employment law, effective January 2026, requires disclosure when AI influences hiring or employment decisions.

At the same time, the industry itself is beginning to formalize governance standards.

The Agentic AI Foundation (AAIF),  formed by OpenAI, Anthropic, and Block, aims to establish trusted frameworks for agent development.

Organizations are also expected to align with existing standards such as the NIST AI Risk Management Framework, the CSA AI Controls Matrix, and ISO/IEC 42001.

The direction is clear: organizations will need to prove how their AI systems make decisions, what authority they have, and what safeguards exist when something goes wrong.

These are no longer governance aspirations. They are becoming auditable requirements.

A Practical Path Forward

Governing agentic AI doesn’t start with theory. It starts with visibility and control.

Organizations that act early are focusing on a few practical steps to understand where agents exist, what they can access, and how their actions are monitored.

Start with these first steps:

  • Know what you have.
    Find every agent running in your organization, including the ones teams deployed without IT knowing. You can’t secure what you can’t see.
  • Decide what agents are allowed to do.
    Define clear boundaries for each agent. Which actions need human approval? Which systems can it write to? Document it.
  • Lock down access.
    Give agents read-only access by default. If they need to write, make it narrow, temporary, and logged.
  • Make agent activity visible.
    Log every action an agent takes what it did, why, and what it touched. This is both your safety net and your compliance trail.
  • Test like an attacker would.
    Red team your agents regularly. Try to break them, confuse them, and trick them in conditions that mirror real production, not a sanitized test environment

The Bottom Line

The next major enterprise security incident may not come from an external attacker.

It may come from an autonomous AI agent your organization deployed, operating outside governance, visibility, and control.

The organizations building oversight and guardrails into their architecture today will be the ones that actually scale these systems. Everyone else will be cleaning up.