SailPoint: Is Cybersecurity Prepared for Agentic AI’s Rise?

A recently published research study from US-based identity security firm SailPoint has called attention to a striking contradiction in the attitudes of technology executives towards AI.

The study shows that, above all else, the tech sector is concerned about agentic AI – the form of artificial intelligence that can act independently of human direction.

For its research, SailPoint surveyed 353 industry professionals and found that whilst 96% view AI agents as a growing security risk, 98% of organisations still plan to expand their adoption within the next year.

Consequently, rapid adoption of agentic AI represents something of a risk-reward dilemma for enterprises.

Removing that risk will depend on investments in new cybersecurity measures, which are capable of dealing with new kinds of threats.

“Agentic AI is both a powerful force for innovation and a potential risk,” says Chandra Gnanasambandam, EVP of Product and CTO at SailPoint. 

“These autonomous agents are transforming how work gets done, but they also introduce a new attack surface. 

“They often operate with broad access to sensitive systems and data, yet have limited oversight. 

“That combination of high privilege and low visibility creates a prime target for attackers.”

The details of SailPoint’s study

The industry’s greatest fear regarding agentic AI is its ability to act autonomously.

Of all the respondents to SailPoint’s survey, 72% believed that AI agents pose greater risks than traditional machine identities.

The main factors cited were:

• AI agents’ ability to access privileged data (60%)
• Their potential to perform unintended actions (58%)
• Sharing privileged data (57%)
• Making decisions based on inaccurate or unverified data (55%)
• Accessing and sharing inappropriate information (54%)

And whilst the anxiety in these statistics is palpable, SailPoint’s study reveals that too few companies are taking proactive measures to bolster their cybersecurity.

SailPoint’s study finds that 82% of organisations are already using AI agents in day-to-day work, yet only 44% have policies in place to secure them.

Access to sensitive enterprise data

Large language models (LLMs) like ChatGPT generally do not have access to the kind of sensitive data that AI agents do.

Current agentic models have access to customer information, financial data, intellectual property, legal documents and supply chain transactions, which is worrying the tech sector.

92% of respondents to SailPoint’s survey said that governing AI agents is critical to enterprise security.

The firm’s research also uncovered some concerning incidents, with 23% reporting their AI agents had been tricked into revealing access credentials.

80% of companies reported their AI agents had taken unintended actions, including accessing unauthorised systems (39%), sharing sensitive data (33%) and downloading inappropriate content (32%).

Chandra believes that stringent governance regulations are required to prevent recurring issues like this. 

“As organisations expand their use of AI agents, they must take an identity-first approach to ensure these agents are governed as strictly as human users, with real-time permissions, least privilege and full visibility into their actions,” he says.

Cybersecurity going forward

SailPoint suggests that in order to govern AI agents, they should be treated as distinct identity types rather than simple system components.

SailPoint, which is known for its comprehensive identity security solutions, believes that this form of cybersecurity can discover all AI agents within enterprise environments whilst also providing unified visibility.

In order to be effective, such systems would need to ensure full auditability to help organisations meet regulatory requirements and strengthen overall security postures.

The timing of these findings coincides with increasing regulatory scrutiny of AI systems and growing concerns about data protection in an era of widespread cyberattacks.

Explore the latest edition of Technology Magazine and be part of the conversation at our global conference series, Tech & AI LIVE.

Discover all our upcoming events and secure your tickets today.

Technology Magazine is a BizClik brand