Presented by Snowflake
Too often, the history of enterprise security has been a history of making things harder to use. A new threat emerges, a new control gets bolted on, and somewhere in the process, people start working around the very systems designed to protect them.
Over the course of my career, I’ve seen firsthand that security adoption rarely fails because people don’t care about security. It fails because the secure path feels harder than the insecure one.
In the age of AI, that lesson matters more than ever.
AI expands the attack surface and raises the ceiling on what attackers can do, which makes simplifying security even more critical. Security controls that require effort or inconvenience eventually get ignored. People find workarounds. The answer is to make the secure path the easiest path.
Security works best when it gets out of the way
When security is easier to use than to avoid, people adopt it. Years ago, when the industry was rolling out two-factor authentication at scale, the biggest challenge wasn’t building the security itself, but the friction that came with using it. People had to stop what they were doing, grab a phone, launch a VPN, enter codes, and interrupt their workflow just to log in.
What ultimately drove adoption wasn’t policy, compliance requirements, or security training. It was simplicity. Now that it’s as easy as a fingerprint or a face scan, people use it without hesitation.
The same principle drove browser makers to make security more visible and intuitive for everyday users. Rather than expecting people to manually inspect URLs, modern browsers prominently flag non-HTTPS sites as insecure, helping guide users toward safer behavior by default. Security became stronger in part because the secure path also became the easier and more obvious one.
Where complexity shows up in AI
Agent permissions are a good example of where this plays out in AI systems. Employees accumulate numerous permissions over time through a project here, a system access there, a role that never got cleaned up after a team change. Humans know which access is relevant to a task even if the system doesn’t actively enforce it.
Agents lack that judgment. An agent assigned to a problem will probe every available path. If it can access 12 systems but the task requires only two, it might still explore the other 10. It’s just being thorough, but the result is a potential attack surface far larger than the task required.
The temptation is to put a human in the loop by flagging significant actions and asking for approval before proceeding. But in practice, an agent may prompt a human to approve a deeply technical action without enough context to judge whether it’s appropriate. In most cases, they’ll approve it simply to keep the workflow moving. This only adds friction and a false sense of oversight.
What’s really needed is a permissioning model built around intent. The agent should have only the credentials it needs for a specific task, and they should expire when it’s done. The industry is already beginning to move toward better models. Standards like OAuth are evolving to support agentic AI, allowing agents to carry the identities scoped to a specific task, rather than a user’s full permission set.
Making AI security easy to use
Ease of use starts with visibility, so the first priority is knowing what’s actually happening. Where are your agents connecting? What data are they touching? What permissions are they exercising?
Many enterprises are surprised by the answer when they first look. Most organizations operate with roughly 80% visibility and control. The problem is the remaining 20%, because that’s where the real risk tends to live. AI is going to find those gaps far faster than humans can. Start with monitoring, even if you’re not ready to enforce anything yet. Use AI to sift through what you find and prioritize the highest-risk behaviors. Then close those down systematically.
On the identity side, move toward workload identity wherever you can. The old model of creating service accounts, downloading keys, and distributing them across your infrastructure is fragile and hard to audit. Modern cloud environments offer a better approach: a workload’s identity is established at deployment and credentials are never distributed as static keys. The management burden drops and the attack surface shrinks with it.
For agents specifically, resist the temptation to give them broad permissions on the assumption that human approvals will catch problems before they happen. Scope agent access to the task at hand and ensure those permissions expire once the work is complete. For teams managing multiple agent-to-tool connections, MCP gateways are emerging as a practical way to encode governance rules centrally rather than tool by tool. Keep a human in the loop for consequential actions, not every action, particularly those where the blast radius of a mistake is meaningful.
The pace of risk is accelerating
In the AI era, the gap between exposure and exploitation is rapidly disappearing, collapsing from days to hours and, in some cases, minutes. CrowdStrike’s 2026 Global Threat Report documents that the average attacker breakout time has accelerated by 65% year over year. As AI becomes more capable of autonomously identifying weaknesses, security teams relying on manual response processes will fall behind.
The answer, though, hasn’t changed. Security that creates friction will eventually get bypassed. Security embedded directly into the architecture, enforced by default and invisible in practice, is the kind that actually holds. AI raises the stakes, but the principle remains the same: security only works when the secure path is also the easiest one.
Mayank Upadhyay is Chief Security & Trust Officer at Snowflake.
Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.
