Gartner predicts that by 2028, 33% of enterprise software applications will include agentic AI. That’s an impressive figure, considering the number was just 1%in 2024. The firm also expects that agentic AI will enable 15% of day-to-day work decisions to be made autonomously within four years, and with that will come incredible benefits. This includes everything from improved decision-making and the automation of complex tasks to cost reductions and efficiency bumps.
However, agentic AI will introduce a new breed of autonomous workflows powered by large language models (LLMs) that aren’t just gathering information; they are making actual decisions, collaborating, and even taking actions across complex digital environments. These are even capable of determining user intent, accessing sensitive systems, and interacting with APIs without human oversight.
If that sounds like a potential security challenge, you are right. And if you’re wondering how we can secure these agents who resemble employees more than bots and are always on, you’ve come to the right place.
Why Agentic AI Is Different
To understand and address these challenges, it’s best to begin by examining what makes agentic AI so unique. Unlike static service accounts or robotic process automation (RPA) bots, agentic AI uses dynamic, adaptive workflows that can reason autonomously. Take, for example, an AI-powered travel concierge where multiple agents may collaborate to collect a customer’s preferences, search databases, generate itineraries, and ultimately confirm bookings. In this instance, each agent is focused on a different aspect of the job. Therefore, they interact with a different system and gain varying levels of access to sensitive data. The end result may be great for the customer, but lurking underneath are dangers that traditional identity and access management models cannot address.
That’s because the identity and access management models were never designed for intelligent agents that operate at machine speed and require access to resources that their human counterparts may not have anticipated. They were intended for human users, and later, non-human identities (NHIs), such as service accounts, scripts, bots, and automated cloud workloads, instances where access requirements were more predictable, and static credentials based on predefined roles were not an issue, as other safeguards and security measures were put in place.
The Risk Landscape
As multi-agent systems grow, businesses will face several new challenges. One of the most pressing is persistent access, where AI agents often retain privileges well beyond the scope of their tasks, creating unnecessary exposure if credentials are compromised. There’s also excessive privilege, where agents are given access to far more areas than necessary, which violates the principle of least privilege. This principle dictates that users, systems, and processes should be granted only the minimum access rights and permissions necessary to perform their assigned tasks—nothing more.
Further compounding the problem is the continued use of hard-coded credentials, such as usernames, passwords, or API tokens, that are written into codebases, scripts, or logs and can be easily exposed or forgotten over time. One last area is that multi-agent systems introduce AI identities that are not always governed by the same oversight, policy, or audit trails as human users, which ultimately expands the attack surface dramatically.
These threats are not all future-looking. Real-world breaches are happening today, highlighting these gaps. In several high-profile incidents, attackers exploited stale or over-provisioned credentials tied to DevOps pipelines and automation accounts to gain unauthorized access and move laterally across critical infrastructure. These incidents underscore a crucial reality: identity misuse, not malware, is often the root cause of major security failures.
Taking Back Control
To counter these threats, organizations are adopting a dynamic approach to access known as Zero Standing Privileges (ZSP). Built on just-in-time (JIT) access and Zero Trust principles, ZSP eliminates the concept of always-on credentials by granting access only when required and revoking it immediately after use.
ZSP introduces a new paradigm where credentials and roles are ephemeral, with access granted only in the moment and scoped granularly to the specific task at hand. When that task is complete, the authorization is automatically removed. As a result, ZSP ensures that even when a credential is compromised, its utility is extremely limited to a tight time frame and function. To help matters, all access provisioning and deprovisioning are automated. There is no manual intervention involved, which helps ensure consistency, speed, and scalability. At the same time, organizations adhering to Zero Trust principles should also log every access event, providing teams with complete visibility, auditability, and accountability.
A Multi-Agent Workflow in Action
To better understand how ZSP works, let’s revisit our earlier travel booking example, where multiple agents are at work.
● The first is the preference agent, which is tasked with gathering user information. To do so, it needs temporary, read-only access to a customer profile database.
● Next comes the matchmaker agent, which compiles potential destinations. To do so, it is given limited access to travel and booking datasets.
● From there, the logistics agent steps in to handle confirmations and itinerary updates. To achieve this, the ZSP provides temporary access to airline and hotel APIs.
● Last is the compliance agent, charged with ensuring that the data-handling process meets organizational policy with brief, scoped access to system logs or audit records.
At each of these steps, the agents are given time-bound access fitting their role, and once their task is completed, that access is removed immediately. In addition, their credentials are never stored persistently, which ultimately reduces the attack surface while also creating a clean, traceable record of how every non-human identity interacts with systems and data.
Scaling ZSP Across the Enterprise
Eliminating always-on access drastically reduces the number of exploitable entry points that attackers can exploit, while providing security operations teams with greater agility by enabling the deployment of intelligent agents and automated systems at scale without the delays and complexities associated with traditional identity frameworks. From a compliance perspective, having audit-ready logs and proof of least-privilege enforcement streamlines regulatory reporting, making it far easier to remain compliant.
The adoption of multi-agent systems is growing fast, thanks to their ability to automate complex tasks and accelerate decision-making at scale. But those organizations still relying on traditional credential-based access will struggle to scale securely, and without the right controls in place, intelligent agents can quickly become high-risk liabilities. The future of AI may be autonomous, but it also must be accountable. And that begins with secure access.
