AI/ML , Identity , Security Management Securing every door: Scalable strategies to manage machine and AI agent risks April 29, 2026 Share By Paul Wagenseil Credit: Adobe Stock Images Organizations are rapidly deploying AI agents — and security managers are facing a new class of risks tied to AI visibility and governance. In a recent CRA webcast , host Adrian Sanabria and his guest, SailPoint Field CTO Matt Fangman, discussed the conflict between harnessing the potential of AI and mitigating the risks AI creates. While AI agents promise huge increases in productivity, they also increase attack surfaces — and IT managers and staffers are united in their concerns. "I've never seen a technology, in my 30-plus years in the industry, that has really forced everybody to come together right away," said Fangman. "This is the first time where I've seen the DevOps team, the CloudOps team, the data team, security teams really all coming together, and this has been that catalyst." But, Fangman added, the pressure to adopt AI, whatever the consequences, forces many security managers to hold their tongues. "The CISOs and the cybersecurity community in general have lost the ability to say no … even though we know some of this technology represents a risk to the organization," he said. " We've really lost the ability to say no to the board, no to the executive teams." In fact, most organizations are still struggling to fully deploy their AI controls. Teams know they need visibility and governance but don't have scalable frameworks to implement them effectively. AI agents must be treated as identities with full lifecycle management, not just tools — and those lifecycles can't be indefinite, Fangman said, as permissions and abandoned agents may persist. "Is it too risky to have an agent that sticks around for a long period of time and maybe goes through — I haven't seen anybody apply this term, but I'll call it agent dementia," Sanabria asked. "I've not seen that yet," replied Fangman, "but … it's super interesting to think about." As AI deployments grow into the thousands, organizations create a tangled mess of relationships among agents, humans, applications, and data , a governance challenge that can't be solved manually. "The graph of who's allowed to do what, not only between employees and agents, but between agents and other agents, that's a lot of relationships," observed Sanabria. "Then you start compounding apps and data and MCP servers and tools like that, that becomes a very hard matrix to manage," replied Fangman. Unless organizations can deploy continuous discovery and identity-based controls, they risk losing track of how many agents they have, what they can access, and how they behave. Because AI agent behavior is inherently unpredictable, it requires new forms of monitoring and control. AI agents can learn from each other, share memory, and act autonomously — sometimes in unintended ways if agents lose track of which agent did what. "[Shared memory is] the number one thing I see right now that really starts agents going wild," said Fangman. "The agent starts thinking, 'Oh, I did this.' They start hallucinating . They start sharing this. Then they start discovering each other." This unpredictability reinforces the need for continuous behavioral monitoring, governance thresholds, and the ability to retrain or decommission agents quickly when necessary. "You're going to need to have the ability to fire these agents," Fangman said. "We truly have to have the ability to shelve them." Fangman and Sanabria emphasized the importance of balancing innovation with guardrails. Organizations cannot simply block shadow AI usage, they agreed, because employees will find workarounds. The better approach is to guide user behavior by designating approved tools and enforcing policies. This includes monitoring for sensitive data exposure and enforcing least-privilege access. Identity governance can become the central control plane for AI agents, enabling organizations to manage not just who or what has access, but how agents interact with systems and data in real time. Finally, scalable risk management requires a shift toward lifecycle thinking. Agents must be continuously evaluated, retrained, and, when necessary, deprovisioned. This includes managing ownership, ensuring accountability, and maintaining a clear chain of custody. Without this discipline, orphaned or misconfigured agents can persist as hidden risks, much like legacy service accounts. "Who's responsible for this thing? Who owns this thing?" asked Sanabria. "If this thing is out of line, if it's doing something and I'm not sure if it's supposed to be doing that thing or not, who do I go ask, where's the parent of this agent? You know, come get your child!" Fangman replied that the solution is to assign an owner — and then plan succession for that ownership. "If this owner takes a new role, leaves the organization, whatever, I then need to have that secondary owner, third owner," he explained. "We literally want to follow that chain of command in behind it, so that way there's never an agent that's out there running that nobody has visibility or ownership of." Managing AI-agent risk at scale is less about deploying any single technology and more about integrating identity, governance, and continuous visibility into a unified strategy, Fangman and Sanabria agreed. Organizations should treat agents as first-class entities on a par with humans, enforce lifecycle controls, and align teams around a common operational model. Otherwise, they'll end up with a fragmented, opaque environment in which AI agents operate faster than security can respond. An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More Paul Wagenseil Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com. Related AI/ML LiteLLM exploited within 36 hours of disclosure via SQL injection bug Steve Zurier April 29, 2026 Latest case was the second time in five weeks the Python package was exploited. AI/ML Wiz launches Red Agent for AI vulnerability simulation SC Staff April 29, 2026 The expansion adds support for Databricks and studio environments, including AWS Agentcore, Gemini Enterprise Agent Platform, and Salesforce Agentforce, addressing the risk created when autonomous agents gain access to live data. AI/ML Handling shadow AI at the source: Why the browser is the new control layer Paul Wagenseil April 29, 2026 Blocking shadow AI isn't realistic. But you can manage it through its interface: the web browser. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Discretionary Access Control (DAC) You can skip this ad in 5 seconds