IT Security: Three Guidelines for the Era of Autonomous AI

Looking at the current state of AI in businesses, one thing quickly becomes clear: By 2026, the focus will no longer be on implementing artificial intelligence, but on controlling it. AI threats have evolved faster in the last 12 months than most organizations can process, and there is barely any time to catch up. Recent figures confirm this. According to a survey by Dark Reading, 48 percent of cybersecurity experts view agentic AI as the most significant attack vector for 2026.

Autonomous AI agents are acting and making decisions inside environments today, becoming a key part of the value chain – from software development and customer service to process automation and IT operations. This rapidly creates new vulnerabilities. According to the Netskope AI Risk and Readiness Report 2026, 56% of companies are already reporting an actual threat from agent-based AI. So why are we trying to manage this new class of threat with a playbook that was designed for a pre-agentic era?

2026 needs to be the year we replace that playbook with something that reflects how agents (both our own and those belonging to the threat actors) actually behave, how they fail, and what they can access. It is time to build the right security foundations for operating in an agent-driven world, and therefore the following points should be at the top of CISOs’ priority lists:

1. Building an embedded, automated security approach

Agents are already operating inside organizations, and most teams still don’t know where and how agentic AI is being used. Security starts with knowing every agent in your environment: what it can access, and what decisions it is allowed to make. Without this inventory, you can’t secure anything.

In practice, this inventory exercise always surfaces more than companies expect. Development teams provision agents for internal projects and move on. Automation workflows accumulate permissions over time. Integrations get stood up and are never formally reviewed. Most AI activity is invisible to security. In fact, 82% of companies have unknown AI agents running in their IT infrastructure.

But the moment that visibility exists, the next problem appears: speed. Agents are created, changed and deployed at developer speed, usually in minutes, not months. That means security can no longer sit behind the development process. Security teams now need controls that plug directly into how agents are built, tested and deployed. With governance that is automated, embedded and continuous, including real-time policy enforcement and monitoring that detects activity the moment it happens.

This challenge intensifies in environments that extend beyond the traditional enterprise network. In industrial and manufacturing settings such as factory floors, operational technology (OT) networks, and connected production systems. Here, AI is increasingly being given access to data from devices that can’t run security agents at all: sensors, programmable logic controllers, cameras, and industrial control systems. We’ve seen this firsthand. Working with global manufacturers, to help security teams deploy agentless device intelligence across the factory floors to gain visibility into connected devices for the first time. This can reveal hundreds or thousands of devices, with many already feeding data into cloud-based AI systems, with no classification, no policy enforcement, and no place in any existing security inventory. In a just-in-time production environment, an AI agent acting on unvalidated data from an OT device can create more than a compliance problem, but a production stoppage.

2. Rethinking Incident Response

Traditional incident response models assume that security incidents are caused by human error – such as phishing or misconfigurations. In an agent-based environment, this understanding falls short. If an AI agent performs a critical action because it misinterprets the context or follows manipulated instructions, the incident cannot be reconstructed using traditional methods. Companies must learn to treat agents as independent actors.

The work starts by defining what evidence matters in an agentic investigation: the agent’s instruction chain, the model outputs it received, the context window it acted on, the permissions it used, and the decision boundaries it crossed. Without capturing this, we cannot explain why an agent behaved the way it did. And failure looks different for agents, too.

Consider a real-world scenario involving an industrial control system (ICS): If an autonomous agent optimizing a manufacturing pipeline acts on incomplete sensor data and hallucinates a step that alters a safety threshold, traditional IR models won’t catch why the production line failed. And it’s no longer theory; recent industry data from Netskope shows 37% of organizations have already experienced AI agent-caused operational issues. Agents can hallucinate steps, act on incomplete context, follow an attacker’s crafted instruction, drift outside their intended scope, or chain actions together in ways no human would. These behaviors create a new category of incidents that IR teams have never had to dissect before. Incident response must therefore analyze machine-generated intentions in the future – not just human ones.

3. AI Red Teaming as an Ongoing Capability

Traditional security teams are trained to protect systems – not to deliberately exploit them. Yet it is precisely this perspective that is needed to identify vulnerabilities in agent-based systems.

But while it is tempting to focus solely on how autonomous agents act in the wild, best practice is to secure the brain (the LLM) before empowering the hands (the agents). AI red-teaming should primarily focus on proactively stress-testing the underlying private models themselves, revealing weaknesses and vulnerabilities before those models are ever connected to agents in a live production environment.

Manual testing is simply too slow and impossible to scale as developers rapidly build new tools. Best practice requires an automated approach – using APIs to integrate stress tests directly into CI/CD pipelines to continuously screen for vulnerabilities prior to every production release. Teams need to automatically simulate thousands of adversarial scenarios, such as complex skeleton key and crescendo attacks that trick LLMs into bypassing safety guardrails. This is the only way to identify vulnerabilities early on – before they are exploited in production environments.

AI red-teaming the underlying models also works hand in hand with incident response. If organizations are struggling to understand why an agent went rogue, the answer often lies in understanding how its underlying model was tricked into a failure – prompt injections, harmful instructions, privilege misuse, scope drift, or bypassing safety protocols to leak proprietary data from an edge deployment. Security teams should be proactively testing these model vulnerabilities regularly, because while we haven’t lived through these things at scale yet, they’re coming.

From Awareness to Action

Autonomous AI agents are already changing the way systems are operated and attacks are carried out. The most resilient companies will be those that don’t wait for complete clarity but act now: with transparency regarding agents, an adapted IR model, and continuous AI red teaming. These capabilities are no longer an investment in the future – they form the security foundation for the operational deployment of AI within the enterprise.