How AI Agents Are Creating a New Kind of Security Risk

For almost two years, a big change has been taking place when it comes to the security architecture used by most businesses. While most IT teams are still focused on vulnerabilities and fighting common types of ransomware, there has been a new type of risk that has been gradually developing called autonomous access. This risk goes by various names, such as agentic AI, automated workflows and autonomous agents, but ultimately, they all do the same thing.

Nowadays, it is permitted to act on data without human intervention. Even when it makes transactions, it does not always need approval. It’s an automatic system with an instruction to “get things done” as efficiently as possible.

The term that is commonly used by IT security practitioners to refer to these problems is OpenClaw. According to the SANS Institute, OpenClaw agents make up “the single greatest expansion of the attack surface since the migration to cloud infrastructure.” The organization’s 2025 State of Identity Threat Report also added that up to two-thirds of organizations are using AI agents with access to sensitive data without having key security measures in place.

Another bit of work by the Cloud Security Alliance (CSA) identified that automated systems, including AI agents, now make up over 80% of authentication attempts in modern environments, even though they receive less than 5% of security oversight.

Switching to write-execute access

Over decades, data security worked according to a simple concept. You were required to protect the keys. If a human’s passwords were fiddled with, they were revoked. If a database was compromised, it was removed from the system.

Autonomous systems are changing the game. They are being used to execute complex systems. The Cloud Security Alliance’s Complete Technical Guide on Non-Human Identity Security cites that humans with 1,000 or more employees usually maintain 10,000 non-human connections in the form of API keys, OAuth tokens, service accounts and internal secrets. These all secured a unique entry point.

The research also identified that up to 23% of applications that are connected to Google Workspace have good access permissions (read, write, delete) and can change the sensitive data of organizations. Fifty percent of tokens that link Salesforce to third-party applications are not really used and create unused credentials.

Through knowledge, an autonomous agent in finance could initiate transfers and adjust payment methods. A customer support agent may modify Personally Identifiable Information (PII) in order to fix an issue. An engineering agent may change repositories and make changes to the way that work is done.

In all of these scenarios, the agent will not be a human with control but rather an API key that is able to make decisions. A potential problem is that most identity and access management (IAM) strategies were built to be used in simple service accounts.

A Gartner Peer Community dialogue revealed that established companies face challenges due to debt through accounts that are “quite old and lack necessary metadata,” which makes it difficult for monitoring purposes across the company.

How to limit the risk

To reduce the risk associated with OpenClaw, you do not need to end AI adoption completely. You have to update your key qualities. For one, automated management needs to become important in the boardroom. Service accounts, API keys and account information must start to heavily outnumber human actors. Gartner claims that by 2028, close to 70% of CISOs will need Identity Visibility and Intelligence Platforms in order to reduce IAM risk. They will progress beyond human-centered identity governance to also have non-human access reviewed.

Secondly, security teams will need access to tools that can comprehend what the user may be asking for. The Snyk AI Red Teaming tool uses this approach through testing LLM agents with prompt-based risks and thereby helping developers to include security testing in their development work. The foundation of Cloud Security Alliance’s CSAI is currently doing something like this through a focus on controlling privileged access and monitoring the behavior of users.

Lastly, there must be a separation of duties at the user level. Automated systems should not be able to access sensitive data and do bad things with it.

Automated systems are not something that represents a future risk. They are current systems used by companies in order to gain advantages in the AI race.

SC Media stated, “NHI’s are the fastest-growing, least-governed and most exploited attack vector in the enterprise. The organizations that act now to prioritize their protection will be the ones resilient enough to withstand the next generation of cyber threats, safeguarding their systems, customers, reputation and bottom line.”

The companies that win this competition will be the ones that realize that delegating software duties to AI requires more intensive human oversight, not less.

For almost two years, a big change has been taking place when it comes to the security architecture used by most businesses. While most IT teams are still focused on vulnerabilities and fighting common types of ransomware, there has been a new type of risk that has been gradually developing called autonomous access. This risk goes by various names, such as agentic AI, automated workflows and autonomous agents, but ultimately, they all do the same thing.

Nowadays, it is permitted to act on data without human intervention. Even when it makes transactions, it does not always need approval. It’s an automatic system with an instruction to “get things done” as efficiently as possible.

The term that is commonly used by IT security practitioners to refer to these problems is OpenClaw. According to the SANS Institute, OpenClaw agents make up “the single greatest expansion of the attack surface since the migration to cloud infrastructure.” The organization’s 2025 State of Identity Threat Report also added that up to two-thirds of organizations are using AI agents with access to sensitive data without having key security measures in place.