Securing Agentic AI: Managing Non-Human Identities and Shadow AI Risks

Data security and privacy are critical for 85% of organizations deploying agentic AI, according to research from Dresner Advisory Services. Harish Peri, Okta’s senior vice president and general manager for AI security, warns that “shadow AI”—untracked autonomous agents—creates a high-risk environment where non-human identities require granular, attribute-based access controls to prevent data breaches.

Why is “Shadow AI” more dangerous than traditional Shadow IT?

Shadow AI differs from traditional shadow IT primarily through autonomy and speed. While legacy shadow IT involved employees using unauthorized software, Peri describes a compromised AI agent as an “autonomous attacker” that operates without sleep and possesses “the keys to the kingdom.”

The risk stems from the democratization of agent creation. Because employees can now provision “digital workers” rapidly, organizations struggle with visibility. Without strict identity and access controls, these agents can operate untraced across corporate environments.

Did you know? A Dresner Advisory Services survey of 500 organizations found that over 60% explicitly label data security and privacy as “critical” to the success of agentic AI initiatives.

What are the primary security risks of AI agents?

Peri identifies three specific threat vectors that organizations must manage when deploying autonomous agents:

Insider Threats: Employees who use agentic tools with ill intention.
External Attacks: Motivated hackers utilizing prompt injection to find vulnerabilities from the outside.
Agent Error: Agents that respond incorrectly to prompts, leading to the exposure or misappropriation of sensitive data.

How does agentic AI break traditional security stacks?

Existing security tools were built for humans and static software. According to Peri, human users follow predictable lifecycles and traditional software follows fixed execution paths. Autonomous agents are non-deterministic, meaning they don’t follow a set script.

This unpredictability creates gaps in current identity and authorization stacks. Because agents can execute thousands of API calls in minutes, traditional governance cannot keep up with the required dynamic authorization.

Pro Tip: Move away from managing agents as unmanaged service accounts or static API keys. Instead, treat them as “first-class identities” with the same security rigor and lifecycle controls applied to human employees.

What is the role of “Guardian Agents” in governance?

To manage AI agents operating at machine speed, Peri suggests using agents to police other agents. These “authorization agents” monitor real-time, fine-grained authorizations to stop inappropriate behavior.

How to Discover, Connect & Govern AI Agents | Okta CEO Todd McKinnon & SVP AI Security Harish Peri

This approach requires organizations to implement attribute-based control rather than simple role-based security. Because an agent’s privileges may exceed those of the human who commanded it, governance must occur at the app, process, and data layers simultaneously.

How should CIOs secure non-human identities and vector databases?

AI agents often embed information into vector databases, which traditional security tools weren’t designed to protect. Peri argues that the most effective defense is to rigorously govern the non-human identities accessing these systems.

By enforcing identity-centric access controls and continuous behavioral monitoring, companies can create a “dynamic fortress” around critical data. Peri recommends that every homegrown agent be registered in a central directory to grant security teams visibility into its permissions and lifecycle.

Comparison: Traditional Security vs. Agentic AI Security

Feature	Traditional IT Security	Agentic AI Security
User Behavior	Predictable lifecycles	Non-deterministic
Execution	Fixed paths	Autonomous/Dynamic
Access Control	Role-based (RBAC)	Attribute-based (ABAC)

Frequently Asked Questions

What is a “first-class identity” for an AI agent?
It means treating an agent as a unique entity with its own onboarding, protecting, and governing processes, rather than hiding it behind a generic service account.

Comparison: Traditional Security vs. Agentic AI Security

What is a prompt injection attack?
It is a method where an external attacker provides specific input to an AI to trick it into ignoring its original instructions and performing unauthorized actions.

How do you stop “Shadow AI” in the enterprise?
According to Peri, the solution is a singular control plane that allows organizations to discover all agents—regardless of where they were built—and manage their connection paths centrally.

Do you think “guardian agents” are the answer to AI governance, or does this create a recursive security loop? Share your thoughts in the comments or subscribe to our newsletter for more insights on AI security.