

























Myles Suer,CIO Analyst and Tech Journalist
June 18, 2026
6 Min Read
Data security and privacy remain among the biggest concerns as IT organizations help their companies move ahead with agentic AI. In recent research from Dresner Advisory Services, more than 60% of 500 organizations surveyed said data security and privacy are "critical" to successful agentic AI initiatives. The percentage increases to 85% if you add those who say it is "very important."
To better understand how identity and access management are evolving for AI agents, I recently spoke with Harish Peri, senior vice president and general manager for AI security at Okta. Our conversation covered shadow AI, agent governance, authorization and the challenges of securing non-human identities.
Suer: What identity and access risks aren't CIOs seeing clearly, or actively discounting, when deploying agentic AI?
Harish Peri: The biggest risks right now stem from shadow AI — that is, the agents operating in your environment that you don't know about.
Related:Intuit's chief AI officer on the SaaSpocalypse and disciplined AI
Suer: How is this different from the shadow IT security issues CIOs have dealt with for decades?
Peri: It's an issue of visibility. A compromised AI agent isn't your run-of-the-mill breach — it's an autonomous attacker that doesn't sleep, with the keys to the kingdom.
We're seeing this problem today because organizations are struggling to keep up with the democratization of agent creation, which allows any employee to provision a "digital worker." Teams are spinning up new agents so quickly, and if you don't have the right identity and access controls in place, these agents can run wild and untraced.
Suer: What are the biggest security risks associated with AI agents?
Peri: There are actually three risks that we have determined with the help of our customers. The first is the risk of an employee with ill intention. The second is a motivated hacker who finds a hole in from the outside and performs a prompt injection attack. And the third is an agent that incorrectly responds to a prompt and exposes sensitive data or misappropriates data it has access to.
Suer: Which agentic AI risks are being mistaken for traditional application security problems when they're really identity and authorization problems?
Peri: Current identity and security stacks were tailored for humans and traditional software. Human users have predictable lifecycles, and software has fixed execution paths, but autonomous agents break these assumptions. The non-deterministic nature of agents creates gaps that existing tool stacks aren't built to close.
Related:Time for an AI exit strategy: How CIOs are cutting AI waste
Suer: Some vendors are pushing the idea of writing job descriptions for agents. Should role-based security follow — and how granular does it need to be?
Peri: AI agent access should be incredibly granular. Agents need to be treated as their own unique, first-class identity type. Treating agents as first-class identities means moving away from managing them as unmanaged service accounts or static API keys, and instead discovering, onboarding, protecting and governing them with the same security rigor, lifecycle controls and visibility applied to human employees.
Suer: What does identity governance look like when agents — not employees — begin initiating actions, accessing systems and making decisions? What does governance need to look like?
Peri: AI agents operate at machine speed, meaning they're potentially executing thousands of API calls in a matter of minutes. Traditional identity governance isn't built for the dynamic authorization necessitated by agents. Organizations need to control every app, tool, MCP and API that an agent interacts with. Effective governance requires the ability to continuously authorize all of those individual tool calls and understand the context and intent behind those decisions.
Suer: As organizations deploy more and more Ai agents, how can governance possibly keep up?
Related:CIOs need control before AI gains accountability
Peri: The answer is agents. In this case, it is agents that can identify improper behavior and crack down on that behavior. Here, it is the job of an authorization agent to look at real-time, fine-grained authorizations. To do this, we need fine-grained configurations defined at the start so these guardian agents can stop inappropriate behavior. As well, we need organizations to broaden their use of fine-grained permissions at the app layer, the process layer and the data layer. This is where posture and the authorization layer become critical. Organizations need to govern agents whose privileges can be more than the human who commanded them. And this is not just role-based security -- it is attribute-based control."
Suer: Who should be allowed to build agents inside the enterprise? Are agent builders an unguarded attack surface in the enterprise, and what access controls and guardrails should CIOs be putting around them?
Peri: The democratization of AI and building agents is a net positive. It's less a question of who should be allowed to build, but do you have the right controls in place to secure and manage the agents that teams are spinning up? Every homegrown agent needs to be registered into a central directory, granting security teams the visibility to manage its permissions and lifecycle just like any other enterprise asset.
Suer: With agents sprawled across teams and stacks, how can CIOs maintain visibility into what agents can access, modify and share?
Peri: Visibility is the top concern we're hearing about from customers. It starts with being able to discover agents, regardless of where they were built or being deployed — including the shadow agents that have been spun up without permission. Once discovered, it's about centralized control over agents' connection paths. By having a singular control plane to manage agent access, organizations can observe and audit agent actions, and manage the full lifecycle of an agent from onboarding to decommissioning.
Suer: AI agents are chunking and embedding information in vector databases and other systems that traditional security tools weren't designed to protect. How should CIOs rethink data security in these environments?
Peri: Because agents interact with sensitive data autonomously, the most effective way to protect your databases is to rigorously secure and govern the non-human identities accessing them. By enforcing strict, identity-centric access controls and continuous behavioral monitoring, you effectively build a dynamic fortress around your most critical data.
At the end of the interview, I asked Peri how he arrived at his current perspective. He said it was Okta's customers — early adopters of agentic AI — who led the way. As these customers began implementing agents in their environments, they became aware of how agents could be manipulated. These vanguard customers helped Peri and his team rethink the concept of zero trust. This is clearly a case where staying close to the customer helped ensure the right problems were being considered. It will be interesting to see how data security evolves in the months and years to come. It does seem strange that agents will protect us from other agents — and from agents acting with ill intent.
CIO Analyst and Tech Journalist
Myles Suer is a CIO analyst and tech journalist. Recognized by Leadtail as a top CIO influencer, he is the former leader of #CIOChat, a global community connecting CIOs and senior technology leaders. His insights have been featured in publications such as CMSWire, CIO.com, VKTR, and Cutter Business Technology Journal. Suer frequently reviews books on AI, technology, and business strategy from leading publishers, including Harvard Business Review Press, MIT Press, and Columbia University Press. Additionally, he serves as research director at Dresner Advisory Services.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。