People Talk, but Should AI Agents?

Trevor Dearing
Illumio

Artificial intelligence is moving from hype to action, but not all AI is created equal. The current wave of interest primarily focuses on large language models (LLMs) and generative AI tools that create content, summarize data, and automate human workflows. Useful as they are, these systems still depend on people to guide and apply them.

Instead of waiting for prompts, agentic AI can decide on a course of action, connect with other systems, and carry out tasks on its own. That level of independence is already drawing interest from attackers, who are testing ways to use automation and adaptation to gain an edge in cyberattacks.

What Makes AI Agents Different

To understand why agentic AI matters, it is helpful to examine how it differs from other forms of AI.

LLMs are the best-known example. Tools like ChatGPT are massive, general-purpose systems hosted in the cloud. They excel at generating text, answering questions, and summarizing information, but they still rely on humans to prompt them.

Small language models (SLMs) take a different path. They are slimmer, built for specific purposes, and are usually integrated right into the software people already use. A SLM might run a help desk chatbot, analyze network data, or handle routine office processes. They bring AI into daily operations, but only within the boundaries of the application that contains them.

AI agents move beyond these limits by operating independently. They can link actions together, interact with different systems, and follow a task through to completion without constant oversight. For consumers, that might look like booking a dinner reservation or operating a car's controls. In a security setting, it could mean probing for weaknesses, shifting tactics on the fly, or carrying out containment steps.

It is tempting to think of these agents as virtual employees to whom you can assign logins, permissions, and responsibilities. But unlike people, AI agents lack ethics, situational awareness, and accountability. They will follow their programming without pausing to consider context, consequences, or corporate values. Treating them like human team members is not only misleading but also potentially dangerous.

The Risks of "Talking Agents"

One appeal of agentic AI lies in their ability to "talk" to each other and complete tasks without human input. That sounds efficient, but it is also risky. If an agent can connect to external systems, it could inadvertently share sensitive data or execute actions outside its intended scope. Agents should only be allowed to communicate with authorized peers or applications. Segmentation and containment are essential guardrails.

"Poisoning" is another risk that organizations must mitigate. Smaller models that support agents are relatively easy to corrupt. Think of it like adding food coloring to a glass of water, rather than a lake. The impact is immediate and obvious. If attackers insert bad data or manipulate training inputs, they can influence how an agent behaves in unpredictable ways.

Scale adds another layer of complexity. Enterprises could soon be running thousands of agents. Unlike employees, these agents do not tire, but they also lack judgment. Securing and monitoring such a large, fast-moving population will be far harder than managing a workforce of humans.

Finally, there are moral blind spots. Again, autonomous systems may make split-second decisions without any ethical framework to guide them. In business and security contexts, the absence of ethics and accountability can have serious consequences.

Why Security Must Be Different for AI Agents

The unique risks posed by these autonomous systems demand a shift in strategy, one that treats agents as untrusted technologies from the outset and prioritizes segmentation as a foundational safeguard. Segmentation belongs in the same category as patching and multifactor authentication as a core part of basic cyber hygiene that every enterprise should apply.

By confining agents to interact only with approved peers and applications, organizations can block unauthorized access and mitigate the fallout if an agent is compromised or makes a mistake.

Other controls are just as critical. For example, authentication ensures only trusted entities can interact with an agent. Encryption protects the data it handles while continuous monitoring detects unusual activity. Additionally, containment keeps any mistakes or malicious actions from spreading across the environment.

These measures reinforce one another and align with Zero Trust principles. Applying Zero Trust systematically means treating every agent as untrusted until you verify it. Without that discipline, organizations hand too much autonomy to systems that lack human judgment.

Practical Implications

As adoption of agentic AI increases, these systems may eventually control critical infrastructure. An agent might balance an energy grid, regulate water flows, or direct transportation systems and drones. In such environments, a single mistake or compromise could have consequences far beyond the business itself. The stakes will only grow as agentic AI moves into more high-value and high-risk industries.

Another pressing issue is literacy. Most organizations today have only a surface-level understanding of agentic AI. Security professionals urgently need education on the risks and safeguards before adoption accelerates. Without that awareness, companies may deploy agents faster than they can secure them.

Finally, there are lessons to learn from the past. During the early stages of digital transformation, many organizations often added security as an afterthought, resulting in considerable costs. With AI, it’s possible to make the same mistake. That’s why it’s essential to embed security from the beginning, built into every step of the design and deployment process.

Agentic AI is still in its earliest stage. Version 1.0 systems are immature, unpredictable, and prone to vulnerabilities. Organizations cannot afford to assume these agents behave like people or trust them with human-like responsibilities.

Now is the time to build guardrails. Segmentation, Zero Trust principles, and ongoing education are crucial for managing risks before they spiral out of control. By treating AI agents as untrusted technologies and embedding security from the start, enterprises can benefit from their speed and autonomy without exposing themselves to unnecessary danger.

Trevor Dearing is Director of Critical Infrastructure Solutions at Illumio

Related Links

Hot Topics

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...

People Talk, but Should AI Agents?

Trevor Dearing
Illumio

Artificial intelligence is moving from hype to action, but not all AI is created equal. The current wave of interest primarily focuses on large language models (LLMs) and generative AI tools that create content, summarize data, and automate human workflows. Useful as they are, these systems still depend on people to guide and apply them.

Instead of waiting for prompts, agentic AI can decide on a course of action, connect with other systems, and carry out tasks on its own. That level of independence is already drawing interest from attackers, who are testing ways to use automation and adaptation to gain an edge in cyberattacks.

What Makes AI Agents Different

To understand why agentic AI matters, it is helpful to examine how it differs from other forms of AI.

LLMs are the best-known example. Tools like ChatGPT are massive, general-purpose systems hosted in the cloud. They excel at generating text, answering questions, and summarizing information, but they still rely on humans to prompt them.

Small language models (SLMs) take a different path. They are slimmer, built for specific purposes, and are usually integrated right into the software people already use. A SLM might run a help desk chatbot, analyze network data, or handle routine office processes. They bring AI into daily operations, but only within the boundaries of the application that contains them.

AI agents move beyond these limits by operating independently. They can link actions together, interact with different systems, and follow a task through to completion without constant oversight. For consumers, that might look like booking a dinner reservation or operating a car's controls. In a security setting, it could mean probing for weaknesses, shifting tactics on the fly, or carrying out containment steps.

It is tempting to think of these agents as virtual employees to whom you can assign logins, permissions, and responsibilities. But unlike people, AI agents lack ethics, situational awareness, and accountability. They will follow their programming without pausing to consider context, consequences, or corporate values. Treating them like human team members is not only misleading but also potentially dangerous.

The Risks of "Talking Agents"

One appeal of agentic AI lies in their ability to "talk" to each other and complete tasks without human input. That sounds efficient, but it is also risky. If an agent can connect to external systems, it could inadvertently share sensitive data or execute actions outside its intended scope. Agents should only be allowed to communicate with authorized peers or applications. Segmentation and containment are essential guardrails.

"Poisoning" is another risk that organizations must mitigate. Smaller models that support agents are relatively easy to corrupt. Think of it like adding food coloring to a glass of water, rather than a lake. The impact is immediate and obvious. If attackers insert bad data or manipulate training inputs, they can influence how an agent behaves in unpredictable ways.

Scale adds another layer of complexity. Enterprises could soon be running thousands of agents. Unlike employees, these agents do not tire, but they also lack judgment. Securing and monitoring such a large, fast-moving population will be far harder than managing a workforce of humans.

Finally, there are moral blind spots. Again, autonomous systems may make split-second decisions without any ethical framework to guide them. In business and security contexts, the absence of ethics and accountability can have serious consequences.

Why Security Must Be Different for AI Agents

The unique risks posed by these autonomous systems demand a shift in strategy, one that treats agents as untrusted technologies from the outset and prioritizes segmentation as a foundational safeguard. Segmentation belongs in the same category as patching and multifactor authentication as a core part of basic cyber hygiene that every enterprise should apply.

By confining agents to interact only with approved peers and applications, organizations can block unauthorized access and mitigate the fallout if an agent is compromised or makes a mistake.

Other controls are just as critical. For example, authentication ensures only trusted entities can interact with an agent. Encryption protects the data it handles while continuous monitoring detects unusual activity. Additionally, containment keeps any mistakes or malicious actions from spreading across the environment.

These measures reinforce one another and align with Zero Trust principles. Applying Zero Trust systematically means treating every agent as untrusted until you verify it. Without that discipline, organizations hand too much autonomy to systems that lack human judgment.

Practical Implications

As adoption of agentic AI increases, these systems may eventually control critical infrastructure. An agent might balance an energy grid, regulate water flows, or direct transportation systems and drones. In such environments, a single mistake or compromise could have consequences far beyond the business itself. The stakes will only grow as agentic AI moves into more high-value and high-risk industries.

Another pressing issue is literacy. Most organizations today have only a surface-level understanding of agentic AI. Security professionals urgently need education on the risks and safeguards before adoption accelerates. Without that awareness, companies may deploy agents faster than they can secure them.

Finally, there are lessons to learn from the past. During the early stages of digital transformation, many organizations often added security as an afterthought, resulting in considerable costs. With AI, it’s possible to make the same mistake. That’s why it’s essential to embed security from the beginning, built into every step of the design and deployment process.

Agentic AI is still in its earliest stage. Version 1.0 systems are immature, unpredictable, and prone to vulnerabilities. Organizations cannot afford to assume these agents behave like people or trust them with human-like responsibilities.

Now is the time to build guardrails. Segmentation, Zero Trust principles, and ongoing education are crucial for managing risks before they spiral out of control. By treating AI agents as untrusted technologies and embedding security from the start, enterprises can benefit from their speed and autonomy without exposing themselves to unnecessary danger.

Trevor Dearing is Director of Critical Infrastructure Solutions at Illumio

Related Links

Hot Topics

The Latest

Manufacturing Organizations Doubled AI Investment Yet Only 37% Fully Prepared to Operationalize AI

While 87% of manufacturing leaders and technical specialists report that ROI from their AIOps initiatives has met or exceeded expectations, only 37% say they are fully prepared to operationalize AI at scale, according to The Future of IT Operations in the AI Era, a report from Riverbed ...

Optimizing Decisions with Edge-First Cognitive Intelligence

Many organizations rely on cloud-first architectures to aggregate, analyze, and act on their operational data ... However, not all environments are conducive to cloud-first architectures ... There are limitations to cloud-first architectures that render them ineffective in mission-critical situations where responsiveness, cost control, and data sovereignty are non-negotiable; these limitations include ...

The New Perimeter Is the User: Why Identity Is the Real Network Edge

For years, cybersecurity was built around a simple assumption: protect the physical network and trust everything inside it. That model made sense when employees worked in offices, applications lived in data centers, and devices rarely left the building. Today's reality is fluid: people work from everywhere, applications run across multiple clouds, and AI-driven agents are beginning to act on behalf of users. But while the old perimeter dissolved, a new one quietly emerged ...

When AI Infrastructure Stops Behaving Like Infrastructure

For years, infrastructure teams have treated compute as a relatively stable input. Capacity was provisioned, costs were forecasted, and performance expectations were set based on the assumption that identical resources behaved identically. That mental model is starting to break down. AI infrastructure is no longer behaving like static cloud capacity. It is increasingly behaving like a market ...

Enterprise Resilience: Understanding the Shift from Static to Dynamic

Resilience can no longer be defined by how quickly an organization recovers from an incident or disruption. The effectiveness of any resilience strategy is dependent on its ability to anticipate change, operate under continuous stress, and adapt confidently amid uncertainty ...

Mobile Users Expect Perfection in 2026

Mobile users are less tolerant of app instability than ever before. According to a new report from Luciq, No Margin for Error: What Mobile Users Expect and What Mobile Leaders Must Deliver in 2026, even minor performance issues now result in immediate abandonment, lost purchases, and long-term brand impact ...

AI Confidence Is High. Readiness Is Not. What the Data Tells Us - and Why It Matters

Artificial intelligence (AI) has become the dominant force shaping enterprise data strategies. Boards expect progress. Executives expect returns. And data leaders are under pressure to prove that their organizations are "AI-ready" ...

Agentic AI, Realistic Expectations and the Future of IT Operations in 2026

Agentic AI is a major buzzword for 2026. Many tech companies are making bold promises about this technology, but many aren't grounded in reality, at least not yet. This coming year will likely be shaped by reality checks for IT teams, and progress will only come from a focus on strong foundations and disciplined execution ...

Trust, But Verify: Building Confidence in AI Through Human Oversight

AI systems are still prone to hallucinations and misjudgments ... To build the trust needed for adoption, AI must be paired with human-in-the-loop (HITL) oversight, or checkpoints where humans verify, guide, and decide what actions are taken. The balance between autonomy and accountability is what will allow AI to deliver on its promise without sacrificing human trust ...

Data Centers Plan to Reduce Reliance on Grid

More data center leaders are reducing their reliance on utility grids by investing in onsite power for rapidly scaling data centers, according to the Data Center Power Report from Bloom Energy ...