Author: Duncan Greatwood, CEO, Xage Security

Agentic AI is 2025’s hottest tech topic — and yet AI agents are being held back by the risks. Fears of rogue behavior abound, with cautionary tales like a Replit agent deleting a customer’s entire code base leaving businesses hesitant to trust agentic AI with critical tasks. Human leaders are understandably reluctant to put themselves in a position where they must answer for AI’s costly mistakes.

At the same time, ignoring agentic AI would be short-sighted. Well-governed agents that deftly accomplish their tasks promise major efficiency gains and enable new ways of working.

This presents CISOs and CIOs with a pressing problem. Agents need clear controls that keep them on the tracks and restrict deviations that may have disastrous ripple effects. Current methods like prompt guardrails are insufficient, being too easily bypassed by deliberate or accidental “jailbreak” inputs. Zero Trust identity-based controls can provide the needed jailbreak-proof protections — provided they are extended to operate in the agentic era.

Controlling AI Agents

Agents need to have identities applied to them, much like human users and machines do, but the controls placed on those identities should be tailored to meet the unique challenges that agents present. The paradigm needs to be built around both what makes agentic AI similar to existing entities and different from them.

What are the specific requirements for agentic Zero Trust?

1. Agent identity for each agent, such as is provided in the A2A protocol/OpenAPI card
2. Authentication and entitlement management for agents
3. Enforcement of what agents can do with identity-based, jailbreak-proof, granular controls
4. Multihop entitlement delegation for user-to-agent and agent-to-agent controls
5. Least-privilege entitlements delegating only what’s needed for the task at hand

Implementing these requirements stops attackers from gaining control over critical systems by using agents to escalate their privileges. It creates accountability so it is always clear who is ultimately responsible for initiating an action. It stops rogue AI agent behavior, by avoiding excessive entitlement delegation to autonomous agents. And it stops data leakage by enforcing identity-based control of data retrieval and data transmission.

With properly implemented Zero Trust for AI agents, each agent operates in a focussed, controlled and task-appropriated way, avoiding the potentially catastrophic risks of unmanaged AI privileges.

Examples to Learn From

The Replit incident may be the most notorious example of rogue agent activity to date, but it’s just one example of misbehavior uncovered by prominent AI research. 

September findings from OpenAI and Apollo Research found that many of the leading AI models are capable of scheming, or veiling their behaviors to achieve alternative goals. They even detect when they’re being watched, and act accordingly.

It’s therefore irresponsible to give agents anything more than least-privilege access to operational systems — their controls need to consider and block every rogue possibility and ensure that efficiency gains don’t come at the expense of security and predictability.

Why Zero Trust is the Answer

Zero Trust principles grounded in time-bound, identity-based access controls are ideal for agents. Their missions are focused in scope and clearly defined, making them a prime candidate to be managed with granular, identity-based access controls. It’s a framework that’s proven to be effective in both preventing and mitigating the effects of breaches.

Recent incidents like the $2.5 billion breach that affected Jaguar Land Rover have offered reminders of how wide-reaching and tangible the effects of external cyberattacks can be. Internal disruptions like agent misbehavior and data leakage can be just as costly though, and applying the same Zero Trust safeguards to employees, chatbots, agents, and external parties is the best way to protect organizations from missteps (intentional or not) that cause compounding damage.

AI agents are both a critical innovation for businesses to employ and a new point of vulnerability where protective measures are urgently needed. Securing them needs to ensure both convenience and resilience, allowing agents to operate as efficiently as intended while also holding them accountable to their goals and restrictions.

Zero Trust is a tried-and-true framework that allows them to do just that, leaving room to root new security measures in identity-centric principles that stops rogue behavior and abuse before it starts.

Originally published in Solutions Review.