AI agents aren’t magic coworkers. They’re powerful, error-prone systems that can be hijacked, over-permissioned, and “social-engineered” just like humans. Chris Hughes, CEO of Aquia, Resilient Cyber podcast host, author of Securing AI Agents, and United States Air Force veteran, dives into why identity and access are brutally hard in an agentic AI world. He also explains how incentives, compliance, and culture shape what actually gets secured.
AI agents: the fundamentals matter, but don’t miss the nuance
AI agents are risky “users” too. Agents make bizarre mistakes humans wouldn’t. And they can be taken over by threat actors. That means they need an identity, permissions, and access controls, not an all-access backstage pass.
Identity and access management (IAM) is hard.... and SaaS often makes it harder. Most orgs over-provision access, never clean it up, and struggle to keep permissions current. SaaS tools frequently miss the business context needed to do access right. Chris cautions that those IAM tools themselves become part of the attack surface.
The fundamentals still matter (a lot). Least privilege, micro-segmentation, and off-boarding are still important, even for agents. The goal? Minimize the damage agents can do and take away those permissions when they’re no longer needed.
Developers should be aware of the many flavors of context manipulation. Context manipulation is where malicious instructions entice the AI agent to perform actions or disclose information it shouldn’t. Bookmark the OWASP GenAI Security Project, which continually updates these risks.
Zero Trust applies to agents, but incentives fight it. Zero Trust principles map cleanly onto agentic AI use cases, but business leaders are focused on speed, revenue, and market expansion, rather than abstract security models. They start caring when Zero Trust and agent security are framed as compliance, regulatory, or market-entry requirements. Compliance is still a primary driver of cybersecurity headcount and tooling. Use that lever.
Agentic AI doesn’t change the need for good access control and security fundamentals, it just raises the stakes. As Chris says, “you can’t secure what you don’t understand,” so start by truly understanding how your agents act and what they have access to. If you’re in DevSecOps or application security, think about how you can make life easier for your dev team: “make doing the right thing the easy thing.”
About Chris Hughes
Chris Hughes is a United States Air Force veteran and the CEO and co-founder of Aquia, where he helps secure state and federal agencies as well as the Department of Defense. He is the host of the Resilient Cyber podcast and a recognized expert in application security, software supply chain security, vulnerability management, and DevSecOps. Chris previously served as a Cyber Innovation Fellow (CIF) at the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Check out Chris’s three books:
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem
Securing AI Agents: Foundations, Frameworks, and Real-World Deployment
Software Transparency: Supply Chain Security in an Era of a Software-Driven Society
