How Zero Trust can help organizations manage mounting agentic AI security risk (www.techradar.com)

Agentic AI—systems that plan, reason and act autonomously—are arriving fast (OpenAI’s ChatGPT agents are a high-profile example), promising big productivity gains (Gartner predicts large-scale autonomous resolution of customer issues by 2029). But their autonomy also amplifies security and privacy risks: agents can take irreversible actions (delete files, send emails), accrete sensitive user knowledge, and be manipulated via indirect prompt injection (e.g., malicious text embedded in webpages the agent visits), creating new attack surfaces across integrated systems. The article argues organizations should adapt Zero Trust rather than bolt agent usage onto legacy access models. Key technical measures include treating each agent as a distinct identity with its own credentials; enforcing fine‑grained, tool‑level and time‑bound permissions (segmentation of capabilities, not just networks); and instituting robust IAM for a digital workforce of agents. Traditional MFA is weak for non‑human actors, so human oversight should serve as a second verification layer for high‑risk actions—balanced to avoid consent fatigue. Finally, comprehensive logging and behavioral monitoring are essential for detection, accountability and incident response. For the AI/ML community this implies new design and ops priorities: built-in policy enforcement, runtime monitoring, adversarial‑resilience (against prompt injection), and privacy controls must be integrated into agent architectures from the start.