Here are some effective strategies to ensure your AI remains prepared for the future.

In a recent interview with Help Net Security, Rohan Sen, Principal of Cyber, Data, and Tech Risk at PwC US, emphasised the importance of strong governance in the design of autonomous AI agents. He stated that organisations must treat these agents as digital identities with real-world implications, necessitating governance comparable to that of human users. This includes implementing least-privilege access, assigning unique credentials, and ensuring comprehensive logging for auditability from the outset. Strong implementations feature layered safeguards such as tightly scoped permissions, sandboxed environments, strict escalation paths, and real-time monitoring. In contrast, weak implementations often treat agents as mere automation, granting them broad access without oversight, which can lead to vulnerabilities like prompt injection and adversarial manipulation. The distinction lies in how seriously an organisation regards the agent’s identity, authority, and associated risks.

Looking ahead to the next 12–24 months, Sen identified several operational and reputational risks stemming from poorly governed autonomous agents. These include impersonation and brand damage, where malicious actors exploit unsecured agents to impersonate executives or customer service representatives, leading to phishing and fraud. Additionally, over-permissioned agents may execute irreversible actions without human oversight, resulting in unintended business consequences. Regulatory and compliance exposure is another concern, as agents handling sensitive data may inadvertently breach privacy regulations, complicating compliance efforts. Furthermore, many organisations lack the necessary frameworks to detect and remediate misbehaving agents in real time, which can hinder effective incident response. To build resilience in AI ecosystems, business and IT security leaders must prioritise governance and risk control mechanisms from the outset.