Synopsis: Marta Dern Simon, senior product marketing manager at Oasis Security, discusses the emerging challenges of managing AI agents, particularly around permissions and security. She highlights the complexities of securing these agents as they expand organizational attack surfaces, emphasizing the need for proper oversight and the potential risks if security lags behind innovation.

In this interview, Marta Dern Simon, senior product marketing manager at Oasis Security, discusses the emerging challenges organizations face with the rise of AI agents. She emphasizes that these agents, while capable of autonomously executing tasks like human employees, should not be treated the same when it comes to identity and security. Organizations must decide how to authenticate, manage, and monitor these agents, which significantly expand the attack surface and raise the risk of cyberattacks like “agent jacking.” Marta suggests a hybrid approach: viewing agents as workloads with decision-making autonomy, while still ensuring they have appropriately scoped permissions.

As AI agents become more prevalent—some integrated within third-party applications and others developed in-house—security teams must classify and govern them based on privilege levels, similar to human identities. Marta warns that attackers may already be targeting these agents, and the security community must avoid the historical lag in response seen with past technologies. She notes the potential rise of an “AI native” generation, more comfortable and intuitive with AI technologies, but stresses that human oversight is still essential. Relying solely on AI agents to govern other agents, she argues, is not a viable short-term solution.

To prepare, organizations should first clean up existing digital identities and accounts, then define and limit each AI agent’s access to align with specific tasks. Ongoing monitoring is critical to catch and mitigate risks early. Marta also differentiates between traditional automation and AI agents: whereas past systems followed fixed workflows, today’s agents pursue goals more independently, learning and optimizing along the way. She cautions that unless proactive security strategies are adopted now, we’re likely to see a significant AI-related security incident sooner rather than later.