Samantha Rule, CISO at Ninety One, outlines the considerations and concerns of implementing AI agents in enterprises. Offering efficiency gains and the potential for cost reduction, the adoption of AI agents in the enterprise is growing. However, despite the benefits offered, AI agents also open a wealth of cyber security risks, which need to be considered. This is according to Samantha Rule, CISO, Ninety One. The fundamental area of concern is that AI agents have autonomy. Rule warns this means that, compared to the introduction of previous technologies into an enterprise, the approach for agents must be considered differently. “An agent is not a chatbot. This is not just another piece of technology; these are AI work colleagues. They might not be human, but they are going to have autonomy, and they need to be treated like a human colleague, in the same way we've got policies, a code of conduct or governance aspects.”In addition to considerations about autonomy, thought must be given to identity and access privileges, and their introduction and management in a corporate environment must be carefully managed and governed. “From a cyber security angle, we need to think about how to build the governance to monitor these agents. How do we enable our business from a risk basis, from a security basis? How do we enable our businesses to start to think they can innovate, but do it with the security mindset?” She adds that ethics, guidelines and responsible use of AI sometimes can get sidelined for the sake of speed to deliver. “To rapidly innovate, you sometimes need to drop something. At what stage are the ethics, the responsible AI, all the governance standards dropped so you can get your product out quickly and get ahead? That's something we need to watch for.” Another area of risk to consider is around whether agents are developed ‘officially’ by company software engineers, or thanks to open-source frameworks such as Open Claw and Claude Cowork, they are developed by non-technical employees leading to shadow agents being introduced. “It depends on the organisation’s risk appetite; some corporate environments might not be so restricted. People could see an opportunity to use Open Claw, so they bring an agent they’ve created into the corporate environment, put in their username, their password, and start experimenting using corporate information. “People think this agent is going to make life simpler for them, but they're not thinking about what it can do if somebody compromises it. There's no knowledge or understanding around what Open Claw is, or the ecosystem it has access to, or who has access to it.”She adds: “People are programming agents not realising they are starting to evolve and build their own intelligence.” Rule cites the example of the Moltbook social network, built exclusively for AI agents to engage with each other without human involvement, which was launched earlier this year. “The interesting thing for me around MoltBook was just how quickly it came up, the ecosystem that it was able to develop, and then the way that the agents started to communicate and learn.”She recommends creating awareness across the organisation around the capabilities of agents and the enterprise policies to be implemented. For those organisations accepting of agents, Rule recommends creating a sandbox so no-code agents can be tested locally, but without company data. Once there is comfort in the model, and that data won’t be compromised, then potentially the technology can make it into production. Rule has designed a cyber security framework around the implementation of agents, with five key steps: identity, authority, intent, provenance and accountability. She will be explaining this framework and the cyber security considerations about the implementation of agentic AI into an organisation at the upcoming Cape Town leg of ITWeb’s Security Summit. Rule adds that her talk will be suitable to both technical and strategic audiences, and says: “I’m pro AI and I don't like the fear stuff (around cyber security), so I'm not trying to scare people. Ultimately, I want to leave people with the story so they can think about it and a framework they can reference.”