AI agent governance gets harder when agents outnumber your people

In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments.

He opens with a real case: a reconciliation agent at a financial services firm had legitimate access to a customer database. A poison instruction from upstream changed its behavior, and it scanned the entire table, extracting six million records and posting them to a Slack webhook that sent them outside the company. Every step was permitted. That is the core problem.

Gautam walks through three patterns driving this risk, employee co-pilots, sanctioned agentic workflows, and MCP integrations, and explains why agents differ from old service accounts: they are non-deterministic, easy to manipulate, and growing fast. He then lays out four pillars for governing them: discovery, permission scoping, exfiltration controls, and audit trails.

Download: The IT and security field guide to AI adoption