CISO ME Issue 01 | Page 40

f

e

a

t

u

r

e

existing security models to autonomous AI.“ With traditional transformations, you establish foundational controls, then roll out the technology. But agentic AI is different.
“ Because these systems operate like autonomous employees, there’ s a natural temptation to treat them like human employees and just adapt your existing identity and access frameworks. The problem is, these aren’ t the same thing.”
Despite the challenges, Ayad said he was encouraged by the progress many organisations were already making.“ I’ m seeing real momentum in the right direction. Organisations are investing in agent inventory, knowing which agents exist and who owns them. They’ re building visibility into agent actions through proper monitoring and audit trails.”
Applying Zero Trust to autonomous AI
As AI agents become increasingly autonomous, cybersecurity leaders believe organisations must fundamentally rethink how they manage trust.
For Mostafa Kabel, CTO, Mindware Group, the answer begins with extending Zero Trust principles directly to AI agents themselves.
“ Organisations should treat AI agents with the same level of scrutiny applied to privileged users,” he said.
“ Second, guardrails belong at build time, not as an afterthought.
“ Third, ensure continuous monitoring and auditability. Once an agent is live, its actions need to be logged and reviewed like those of any privileged identity, with anomalous behaviour flagged the same way you would catch a compromised user account.”
Yahya said organisations should begin by measuring their existing operational performance before introducing AI agents into security workflows.“ Before scaling, organisations should map and measure existing workflows: baseline mean time to detect, mean time to respond, containment time, false-positive rate and cost per incident, then identify the highest-volume, most repeatable tasks suitable for early automation.”
He added that integration should become the next priority.“ From there, the priority is integration: ensuring API connectivity between SIEM, EDR, identity systems, threat intelligence, case management, CMDB, cloud and GRC platforms, so agents operate with rich, accurate context rather than in isolation.”
Identity must evolve alongside AI
Identity and access management is emerging as one of the defining challenges of the agentic AI era.
Mostafa Kabel, CTO, Mindware Group
Rather than granting broad permissions, agents should operate within clearly defined boundaries, have access only to the resources required for specific tasks and remain under continuous monitoring.
Comprehensive logging, behavioural analytics and policy-based controls are essential to identify abnormal actions before they impact business operations.
Even as autonomy increases, Kabel said human oversight should remain part of the decisionmaking chain, ensuring critical business processes continue to benefit from human judgement.
For Ayad, the answer is clear.“ Absolutely. But it’ s not as radical as it might sound. The core insight is that you need to treat every AI agent as you would a privileged human user. Give it its own identity, an assigned owner, a clear purpose, and a defined set of permissions. Track everything it does.”
However, he warns that legacy identity practices cannot simply be extended to autonomous systems.” The old model of handing out broad service accounts or letting agents borrow human credentials doesn’ t scale. It creates blind spots you can’ t see through.”
Praneeth added organisations should treat every AI agent like a new employee with privileged system access rather than as a black box.
“ Three things matter most,” he said.
“ First, implement least-privilege access by design. An agent should only get the tools and data it strictly needs. If it is compromised or manipulated, the damage stays contained to that narrow scope.
Instead, organisations should embrace a far more dynamic model of access.
As enterprises accelerate towards autonomous operations, the security conversation is shifting from protecting applications to governing intelligent actors. Agentic AI promises unprecedented gains in efficiency, productivity and decision-making, but only if organisations build equally autonomous security controls around it.
40 WWW. INTELLIGENTCISO. COM / MIDDLE-EAST