Why self-running agents are creating the biggest security crisis of 2026

Date:
Mon, 25 May 2026 10:28:30 +0000

Description:
Securing autonomous agents - how enterprises can bridge the gap in this new
AI era.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter The enterprise relationship
with Artificial Intelligence has previously been defined by a simple exchange of prompts and answers. Organizations have experimented with language models to draft emails, summarize documents, or generate code. In 2026, this dynamic has shifted into the era of the agentic enterprise. Jamie Moles Social Links Navigation

Senior Technical Manager at ExtraHop. AI is no longer a passive recipient of instructions. It has become a network of active, autonomous agents that act
on behalf of a customer or employee to move data, interact with core business systems, and execute multi-step workflows without intervention. While this transition offers unprecedented scale, it has created a significant trust
gap. Traditional security tools often fail to distinguish between legitimate autonomous workflows and malicious exploits, leaving a critical blind spot in the modern tech stack. Latest Videos From You may like AI agents are the new unmanaged endpoints How AI agents are wrecking havoc in legacy security
setups and enterprises are catching up AI agents create new risks requiring continuous monitoring and oversight

Security teams must now manage risks that move faster than human oversight, making the distinction between automated utility and automated threat an urgent priority. The expanding attack surface of AI The rapid adoption of autonomous agents has fundamentally altered the corporate attack surface. Every new Model Context Protocol server or API represents a potential doorway into the heart of a business.

This has given rise to Shadow AI 2.0. Previously, the primary concern was employees using unapproved web-based chat accounts to process company data. Today, the risk involves unsanctioned agents spinning up on the network and creating hidden paths to sensitive internal information.

These unauthorized agents often operate outside the purview of standard identity and access management protocols. Because they are designed to
connect disparate systems to accomplish tasks, they inherently possess the permissions required to traverse sensitive parts of the network. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Organizations must establish a continuous and automated AI asset inventory. The logic is identical to that of securing the Internet of Things. Just as a security team must know a physical device exists before they can patch it, they must now map every tool endpoint and server involved in an AI workflow.

Without a comprehensive map of these connections, blind spots become
permanent fixtures in the network architecture. This inventory must be dynamic, capable of identifying new agents as they are created and decommissioned in real time. Real-time monitoring and the intent gap Monitoring an autonomous agent in real time presents a unique technical challenge because traditional perimeter tools are insufficient for tracking internal movement. What to read next Always-on AI Agents put everything hackers could ever want behind a single attack surface The mobile app traffic your security team can't see and AI agents are generating it Shadow AI and agents like OpenClaw are hijacking corporate data too easily

Standard firewalls and endpoint solutions are built to guard the gates, but they often lack the granularity to inspect the complex traffic flows
occurring deep within the network fabric.

When an agent initiates a complex sequence of actions across different departments, determining if the agent is compromised is difficult. A set of actions that looks normal in isolation might represent a serious breach when viewed as a collective sequence.

The solution lies in deep network observability. All AI-related traffic must be analyzed and decrypted to correlate actions across the entire stack.

This level of visibility allows security teams to track how permissions move across a workflow and makes it possible to detect if an agent is attempting
to escalate its own privileges or move data to an unvetted destination.

Focusing on the behavior of the data rather than just the identity of the user, organizations can reveal when an agent has veered away from its
intended purpose. Defending against prompt injection and behavioral
deviations Adversaries are increasingly using prompt injection to manipulate agent behavior at the network level. By feeding specific instructions into a system, a malicious actor can trick an agent into ignoring its security constraints or leaking proprietary data.

These attacks often look like legitimate traffic to a firewall, meaning they require a different defensive approach. Traditional signature-based detection fails here because the attack is delivered through natural language, which appears as standard, non-malicious interaction to legacy monitoring tools.

Using the network as a source of truth is the most effective way to counter these maneuvers. Monitoring for deviations from established behavioral baselines, security teams can spot anomalous prompt structures or data flows as they happen.

This does not rely on knowing what a specific attack looks like in advance.
It relies on knowing what normal looks like for a specific agent and flagging anything that falls outside those parameters.

For instance, if an agent typically accesses a database to generate a report, a sudden attempt to initiate a file transfer to an external IP address would act as an immediate trigger for investigation.

Compliance and policy frameworks are frequently the first elements to fail during periods of rapid technological scaling. As enterprises rush to deploy more agents, the gap between official policy and actual network activity
tends to widen.

Governance should not be viewed as a set of static rules but as an active process supported by forensic visibility.

Ensuring that AI remains within its defined operational lines requires the ability to audit every action and decision-making path. This level of oversight provides the necessary evidence for regulatory compliance while giving the business the confidence to innovate.

When security teams can prove that an agent is operating safely and transparently, AI moves from being a perceived risk to a verified asset. The objective is to create a digital environment where the benefits of agentic automation can be fully realized without sacrificing the integrity of the underlying data infrastructure.

Comprehensive oversight is the only way to ensure that the era of the agentic enterprise is as secure as it is productive. As the line between AI decision-making and business outcomes continues to blur, the ability to monitor and govern these autonomous actors will define the long-term success of the enterprise. We've featured the best AI tool. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



======================================================================
Link to news story: https://www.techradar.com/pro/why-self-running-agents-are-creating-the-biggest -security-crisis-of-2026


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)