Become a TechRadar Insider
80% of Fortune 500 companies have unleashed AI agents into live environments. Unfortunately, only 14 percent have received full security approval, according to Mimecast at RSAC 2026.
Field CTO at TrustLogix.
That gap is not a compliance footnote; it is the defining security condition of the enterprise right now.
Those agents are in production, touching sensitive data, operating with persistent credentials, making autonomous decisions, and in the vast majority of cases, the security model governing them was designed for a world where only humans asked questions.
That mismatch is a problem.
Role-based security was built for humans. But AI agents aren't human
Traditional access control uses “role”: a user is in a group, the group has a permission, and the permission is reviewed once a year. That model worked reasonably well when the identities in question were people operating within predictable workflows.
But, AI agents break every one of those assumptions. They run continuously. They chain tasks across systems. They act on behalf of users without those users knowing exactly what data was touched. They accumulate entitlements.
And they inherit whatever credentials they were handed at provisioning, usually far more than any specific task requires.
The IBM 2025 Cost of a Data Breach Report spells this out in actual numbers: 97 percent of organizations that experienced an AI-related breach did not have proper AI access controls. Sixty-three percent had no AI governance policies at all.
The WEF Global Cybersecurity Outlook 2026 found that 87 percent of security leaders identified AI-related vulnerabilities as the fastest-growing cyber risk of the past year.
Fortune captured the practical reality in March 2026: most enterprises can tell you how many human users have access to their financial systems. Few can tell you how many AI agents do.
Security needs context too. Just not the same kind
The context that security needs is not the same as the context AI uses to generate a useful answer.
It's a different set of signals entirely: who is making this request, human or non-human; what sensitivity classification applies to the data being requested; what task is currently in scope; what are the entitlements of the human user on whose behalf this agent is operating; and does all of that, together, justify access under current policy.
That evaluation has to happen at runtime, for every request, at the data tier. Not at provisioning. Not at the orchestration layer. At the point where data actually changes hands.
This is also why identity propagation matters. An agent running as a service account should not be able to access data the human who triggered the workflow isn't authorized to see.
The agent's permissions need to be dynamically scoped to the person behind the prompt. Without that binding, agents become a structural bypass for human access controls, through architecture rather than intent.
Shadow AI makes this worse. IBM found it was a factor in one in five breaches, adding $670,000 to average costs. The WEF noted that the top security concern for 2026 has shifted: data leaks through agentic systems now outrank adversarial AI capabilities. The threat model has shifted from AI as a weapon to AI as an exposure vector.
Attackers are moving at machine speed. Your approval queue isn't
Context-aware enforcement has to be automated because the attacks sure are. At RSAC 2026, CrowdStrike reported that the fastest recorded adversary breakout is now 27 seconds.
Gartner projects that by 2027, AI agents will cut the time to exploit account exposures by 50 percent. A human approval queue cannot keep up in that environment.
IBM's data shows what automated, context-aware security delivers: organizations using it extensively saved $1.9 million per breach on average and cut the breach lifecycle by 80 days. Speed is not a feature. It's a structural requirement.
Keeping an eye on what agents do is not the same as stopping them
Logging what agents do, monitoring at the orchestration layer, and generating access reports are all useful prerequisites for data security. But none of it stops a bad request before the data moves.
Enforcement has to live at the data tier, and every request should be evaluated against real-time context: who is asking, how sensitive the data is, whether the task scope justifies the request, and whether the conditions under which access was granted are still relevant.
When the request doesn’t meet the criteria, access is automatically blocked, masked, or scoped down.
Organizations that have built that enforcement layer see the results: 90 percent faster remediation of access misconfigurations, provisioning reduced from days to minutes, and audit preparation time cut by 25 percent.
The fix is not slower AI. It’s smarter security
AI systems work because they were designed to understand context before acting. Security systems fail because most of them weren't. Throttling agents down or bubble-wrapping them in manual approval processes isn’t the answer.
Building a security layer with its own relevant context is: role and entitlement data from HR and identity systems, risk signals from security tools, and location and behavior data from network monitoring.
Cross-referencing what a user or agent is supposed to be doing against what they're actually doing, in real time, and adjusting access controls the moment something doesn't add up.
Security context isn't about making AI smarter. It's about knowing enough about the environment to know when something is wrong.
We've featured the best AI tools.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit