What recent government AI guidance signals for enterprise security: secure the actor, not just the model

New guidance from CISA, the NSA, and international cybersecurity agencies signals that identity and access will become foundational to safe enterprise AI adoption

AI has crossed an important threshold. It is moving from assistant to actor.

What began as technology that helped people write, summarize, search, and analyze is now integrated into enterprise systems where it can retrieve information, invoke applications, trigger workflows, interact with infrastructure, and make decisions at machine speed.

That evolution is reshaping how governments and security leaders think about risk.

Recent guidance from CISA, the NSA, and international cybersecurity agencies reflects a broader shift in how governments are approaching AI. It’s now viewed as more than an innovation opportunity or emerging technology category. AI is increasingly being treated as a cybersecurity, operational resilience, and national security issue.

This signal is especially important for agentic AI systems. Unlike traditional generative AI tools that typically wait for human input and validation, agentic systems can operate with greater autonomy across applications, data sources, tools, and enterprise workflows. The more these systems can act, the more important it becomes to understand what they can access, what they are allowed to do, how their actions are monitored, and who is accountable when something goes wrong.

In other words, the future of secure AI adoption will depend less on securing the model alone and more on securing the identities, permissions, and trust relationships around it.

Why now?

AI adoption is outpacing most organizations’ governance models.

Teams are experimenting with copilots, workflow agents, automation tools, AI-enabled service desks, coding assistants, clinical documentation tools, and back-office agents. Many of these efforts begin as productivity experiments. But once AI systems are connected to enterprise applications, sensitive data, or operational workflows, they become part of the security architecture.

An AI agent with access to email, financial systems, patient records, source code, cloud infrastructure, or privileged workflows is operating inside the business. And if that access is over-permissioned, poorly monitored, or governed outside normal security processes, the organization has created a new source of risk.

The recent government guidance recognizes that AI will introduce entirely new threats and magnify the security gaps organizations already have. Fragmented identity governance, inconsistent access policies, long-lived credentials, privilege sprawl, limited visibility, and siloed deployments are existing weaknesses that AI can rapidly amplify.

AI will stress-test existing foundations

One of the most important messages in the guidance is that AI security should not be treated as a separate discipline.

Agentic AI systems still run on software, interact with networks, connect to applications, use credentials, and access data. That means many of the most important controls are familiar: identity and access management, least privilege, secure design, monitoring, segmentation, incident response, and human oversight.

While a human user may make a request, click through a workflow, or manually access a system, an AI agent may chain together multiple steps, call tools, interact with other agents, retrieve data from different sources, and continuously execute actions with greater speed, scale, and autonomy.

The real risk is unmanaged autonomy

For most organizations, the most immediate concern is not a science-fiction version of rogue AI. It is the practical reality of deploying autonomous systems into environments that were not designed for autonomous actors.

An over-permissioned agent can increase the blast radius of a single compromise. A poorly governed agent can make changes faster than teams can review them. A spoofed or hijacked agent identity can make malicious activity appear legitimate in audit logs. A fragmented AI deployment can create blind spots across departments. A workflow designed for efficiency can bypass the checks and balances that made the original process safe.

This is where AI governance and identity governance need to come together.

A strong AI strategy goes beyond model selection, productivity gains, or business use cases. It focuses on building a trust fabric that supports both humans and non-human actors working together safely across the enterprise.

That shift raises important questions for security leaders:

• Who or what initiated the action?
• Was the agent authorized to take that step?
• Did the action align with the original user’s intent?
• Were permissions evaluated once or continuously?
• Can the organization trace the decision path after the fact?
• Can access be revoked quickly if the agent behaves unexpectedly?

These are identity and access questions as much as they are AI challenges.

Identity becomes the control plane for enterprise AI

Even in an AI-powered threat landscape, attackers often still need trusted access to cause meaningful damage. That’s an important point because it gives defenders something concrete to control. While enterprises may not be able to predict every AI-enabled attack pattern, they can strengthen who and what is allowed into the environment, what each identity can do, and how quickly abnormal behavior is detected.

AI agents should be treated as non-human identities with clear ownership, scoped permissions, strong authentication, lifecycle management, continuous monitoring, and auditability. They should not inherit broad access simply because they are useful. They should not rely on static, long-lived secrets. They should not operate as invisible service accounts buried inside departmental experiments. And they should not be allowed to take sensitive actions without appropriate human oversight.

Simply put, the security model needs to ask a more dynamic question: Can this human, machine, agent, or workflow be trusted to take this specific action, in this specific context, right now?

That is the new enterprise security challenge.

What enterprises should do next

Organizations that want to scale AI responsibly should start by strengthening the security foundations that will matter most as AI becomes more autonomous.

That means:

• Establishing trusted identities for both human and non-human actors
• Applying least privilege access policies across AI-enabled workflows
• Implementing strong authentication and short-lived credentials
• Integrating AI governance into existing IAM, privileged access, and zero trust strategies
• Maintaining visibility, monitoring, and auditability across AI access and activity
• Requiring human oversight for high-impact or sensitive actions
• Identifying and reducing fragmented or siloed AI deployments across the organization

It’s critical for organizations to pressure-test how AI agents are introduced into sensitive workflows and evaluate the potential impact of compromised, misconfigured, or poorly governed autonomy.

The rise of enterprise AI is placing greater pressure on organizations to strengthen core security foundations. The latest government guidance reinforces an urgent message: before enterprises give AI more autonomy, they must govern its access.

The organizations that move fastest will not be the ones that deploy AI everywhere first. The fastest will be those that build the identity, access, and governance foundations that enable AI to scale safely and quickly, unlocking their employees’ full potential with the tools.

Learn more about securing AI agent access in enterprise security environments.