Express Computer
Home  »  Guest Blogs  »  One step ahead of agentic AI: The security team’s new playbook

One step ahead of agentic AI: The security team’s new playbook

0 19

By Sujatha Iyer, Head of AI (Security), Zoho Corp

Agentic AI systems that are capable of contextual reasoning, retrieving relevant information from different systems, and acting autonomously, can create enterprise value only when built on privacy-first boundaries. When the access is not properly scoped, even a single overbroad query to an agent that operates across multiple enterprise systems can end up triggering a cascade of security vulnerabilities.
For instance, if a manager asks a payroll AI agent what the salary structure for a particular job level is, the agent should not inadvertently reveal the exact salaries of individual employees instead of returning an approved compensation range. Understanding the nuance between simple analytics queries and queries involving sensitive data can make or break AI adoption.

As businesses are rushing to win the AI race, key decision makers should not forget that hasty AI integrations will only add to the security team’s load.

The Data Access Permission Layer Key
When a request involves sensitive and proprietary data, agents must be capable of enforcing the right authorisation, purpose, aggregation, and privacy controls before returning any answer. That is why the foundation of the data access permission layer is crucial to ensure that agents operate under strict boundaries. A weak data access layer leaves the organisation’s critical data vulnerable to hackers. With AI, this vulnerability escalates as attackers don’t need to breach the network, they just have to trick the model.

In 2025, it was found that by sending a single well-crafted email, an attacker could cause a leading global AI model to access internal files and exfiltrate the contents with minimal intervention. The solution to tackle such instances is not just runtime guardrails such as system prompts, policy instructions, input/output validation, and monitoring. While these mechanisms can reduce risk considerably by clearly establishing security policies that the AI model must follow, the models must still sit behind enforceable access-control and monitoring layers.

It is essential to ensure that the data access layer is secure by design, with guardrails defined not only through prompts but also by the underlying data architecture itself. Agents should operate on purpose-bound access with identity, authorisation and access controls.

The Explainability Factor
Modern LLMs are powerful because they can interpret unstructured information, reason over context, and generate useful responses across a wide range of scenarios. However, they are probabilistic systems. Even when the outputs are configured for a lower variability, LLMs do not behave like deterministic rule engines where a user input always triggers the same fixed decision path.

However, in cybersecurity, AI explainability always takes precedence and probabilistic outputs are acceptable only if they are constrained, verifiable and auditable.

For instance, consider an AI agent that assists with loan eligibility reviews. It can be used to summarise an applicant’s profile, identify missing documents, highlight risk indicators, or prepare a recommendation note. However, if the applicant has a poor credit score and the agent still recommends approval, the organisation must be able to reconstruct why it did so, what data was accessed, which eligibility rules were applied, whether an exception was triggered, whether a human approver reviewed the case, and what final action was taken. Without that traceability, audits and forensics become guesswork.

The solution is not to avoid LLMs, but to use them where they are appropriate. Structured and repeatable decisions may be better handled by rules-based engines, workflow systems, policy engines, or classical ML models with explainability controls. LLMs are better suited for unstructured, language-heavy, contextual tasks.

Agentic AI is the most helpful when the workflow requires reasoning or tool calling, and even then, it must be constrained by access control, validation, monitoring, auditability, and human oversight, especially where the risk is high.

Being Better Prepared
When security is treated as an afterthought—a compliance check list or an added layer to appease audit trails—agentic AI adoption becomes unreliable. Even before AI, having clear data and user boundaries ensures customer data stays protected. An organisation that treats data privacy and security as a core philosophy, would naturally inherit the same principles when implementing agentic AI.

It is also essential to have human oversight in a high stakes environment. The strategic placement of human review at check points in an agentic workflow where the consequences of an error or the irreversibility of an action is high, goes a long way. It also helps to have agents responsible for smaller and well-scoped tasks before gradually scaling. This helps measure concrete productivity gains and strengthens AI confidence in the long run.

The Shifting Role of the Security Team
As AI entered the picture, both cybersecurity practices and the attacks they defend against began evolving together. The pace of this shift has placed an unprecedented demand on today’s security teams. As the modern cybersecurity playbook changed, the role of the security team moved from purely defensive and reactive to anticipatory and dynamic. The extent to which this playbook is adopted today will determine whether an organisation’s agentic AI rollout is a competitive advantage or a breach waiting to happen.

Leave A Reply

Your email address will not be published.