AI agents are rapidly changing the way enterprises operate, reshaping the cybersecurity landscape for those that use them — and expanding risk across different parts of the business.
The appeal to deploy the technology is massive. Enterprises are set to more than double their spending on generative AI models and AI agents, with an additional $6 billion in spending on them in 2026, a recent Gartner report found. While some organizations report agentic systems and agents are used for very discrete tasks, others say they’ve embedded AI into human decision-making with plans to use it mostly without human intervention.
But in the last month, newer, more powerful models such as Anthropic’s Mythos and OpenAI’s launch of the Daybreak initiative have highlighted just how much access agentic AI can get. Executives must steer their organizations toward a new model for risk management that responds to the shifting profile of cybersecurity in the agentic era.
More than half of executives said their organization had an AI-related security incident or a close call last year, according to a recent Okta report. AI providers themselves have gotten in on enterprise AI security management as cyber risk becomes a greater concern.
Although many enterprises quickly jumped on the hype of agentic AI, tech leaders are realizing they introduce a complicated mix of benefits and risks to organizations, Shiva Varma, senior director analyst at Gartner, told CIO Dive. Agentic AI is changing the type and frequency of risk that enterprises face and is making security a cross-organization responsibility.
“They don’t solve every problem, they come with a lot of risk, and they are very expensive to run,” Varma said.
A new risk landscape
Agentic AI has developed beyond the ability to generate text, images or code, and has taken on decision-making and task execution, performing duties traditionally done by human employees, said Aunshul Rege, a cybersecurity professor at Temple University.
An average agent could be accessing the internet, querying a database or combing through sensitive information across an enterprise’s entire knowledge base. Because AI agents are given this autonomy, their permissions must be carefully considered, Janet Worthington, a senior analyst at Forrester, said.
Worthington said she’s seen a trend of clients giving too much agency to agents in the name of productivity. Although companies form AI guidelines or policies for their employees, agents are built to complete tasks, Worthington said, often at any cost. As companies embed them into systems, they can learn to overcome obstacles even when they run into security-focused roadblocks or guardrails.
“Every time they create an action, they learn from that, and so when they encounter issues in the real world, when they’re being asked to do something, they will go back, learn and try a different way,” Worthington said.
Humans operate this way too, she said. But agents don’t “clock out,” she added.
“If we don’t start treating these agents as their own particular identities and constrain them, then we’re going to see a lot more issues,” Worthington said.
Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, likened the rise of agentic AI to the cloud revolution a decade ago. Companies are moving from operating their own equipment and processes to automating them.
“It changes the amount of risk when we take on new tools,” Steinhauer said. “It’s a new skill set, and much more to manage than we’ve seen before.”
Aside from overreaching agents, the technology also makes companies more vulnerable to malicious outside attacks, Rege said, as human behavior and trust still play a large role. Employees could begin trusting automated systems the same way they trust their human colleagues.
“Many attacks succeed because they exploit people, workflows and organizational protocols,” Rege said.
Who is responsible for secure AI?
Historically, cybersecurity has been the responsibility of the CISO or IT teams. But AI systems used across an organization are disrupting this structure, Rege said. Tech executives’ biggest challenge is no longer control, but rather coordination of an organization’s tech strategy, Deloitte recently found.
HR might use AI for hiring, finance may use agents for procurement or analysis, and legal teams may use AI for contracts. Security teams can’t govern all of these decisions in isolation.
“I think what we are seeing is a shift toward shared responsibility,” Rege said.
A technology leader such as a CIO might own the decision-making around which AI models to use, while the cybersecurity team puts controls in place, Steinhauer said. Human resources and other people-focused teams might take on the enforcement of policy violations.
“It’s important to get these groups aligned,” Steinhauer said.
The role of the CISO is also changing, Worthington said. The role is morphing into the trust and assurance authority within an organization who has to think about AI outcomes, if they can be audited and how to explain outcomes to the board.
Steinhauer said he’s seen AI management roles get added to the C-suite in titles such as chief AI officer.
“The thing with AI is it can do a lot, but it doesn’t have a lot of context, so you need somebody who’s been in the business and can understand [the] context of your business,” Steinhauer said. “They can answer, ‘Is this a desired output from what we’re doing with AI?’”
Security vs. governance
The rollout of AI has come hand-in-hand with the desire for governance, though many organizations struggle to determine which guiding principles to apply to their systems. But just because an organization has a governance policy does not mean it’s absolved of security risks, Rege said.
Executives should think of governance as a set of rules for how human employees are expected to use AI, Steinhauer said. This is where organizations should aim to be collaborative so expectations are understood across each department.
“Governance asks questions such as: Should we be using this system? What decisions is it allowed to make? Who is accountable if something goes wrong?” Rege said. “What level of human oversight is necessary?”
Meanwhile, a security strategy is focused on protecting the systems, data and infrastructure from compromises. It more closely aligns with the traditional goals of cybersecurity teams.
Security, governance and risk management should be reviewed cyclically, and policies will likely ebb and flow as the technology develops and organizations figure out which tools are essential.
“Organizations should resist the temptation to treat AI as either magic or catastrophe,” Rege said. “The better approach is to be structured and risk-based.”
