Agentic AI is changing the game—but is it a security nightmare in the making? In this episode of the Security Cocktail Hour, co-hosts Joe Patti and Adam Roth sit down with Kevin O’Connor to dive into one of the hottest (and most misunderstood) topics in cybersecurity: Agentic AI Security.
Episode Highlights
Kevin O’Connor joins us to explore the emerging world of agentic AI—autonomous AI agents that can take actions independently. We discuss:
- What makes agentic AI different from traditional Gen AI and chatbots
- Shadow AI risks: How employees are deploying AI tools without security review
- The scale problem: Why this feels like shadow IT all over again, but faster
- Security challenges: From prompt injection to “remote co-pilot execution”
- Real-world scenarios: What happens when AI agents have too much autonomy
- The path forward: How security teams can get ahead of agentic AI risks
The term “agentic AI” wasn’t even searchable before summer 2024—but it’s quickly becoming the next big challenge in cybersecurity governance. As Kevin explains, we’re seeing a repeat of history: just like shadow IT and cloud adoption, agentic AI enables rapid innovation while outpacing security controls.
Shadow AI
An IT organization can invest months making sure new systems have the security controls they need to hit their compliance goals. And while they’re doing that, a business user discovers they can solve that same problem in minutes with generative AI.
This is shadow AI—and it’s becoming one of the fastest-growing challenges in cybersecurity governance.
Shadow AI occurs when employees deploy AI tools and large language models (LLMs) without security review, compliance checks, or data governance. Unlike traditional shadow IT, shadow AI can process vast amounts of sensitive data in seconds. A single prompt might expose intellectual property, customer information, or confidential strategy to unauthorized systems.
The rise of agentic AI—autonomous AI agents that can take actions independently—takes the risk to a new level, especially when people with no coding skills discover they can use AI to write and deploy those agents.
The risks are significant:
- Data leakage: Sensitive information fed into public LLMs may become training data
- Compliance gaps: GDPR, HIPAA, and other regulations apply to AI deployments
- Inconsistent outputs: Teams getting conflicting AI-generated recommendations
- Agentic unpredictability: Autonomous AI systems acting without human oversight
Solving this with AI risk management isn’t about blocking innovation. It’s creating AI governance frameworks that enable productivity while managing cybersecurity risk.
Key components include:
- Vetted AI tools with proper data controls
- Clear AI security policies
- Training on responsible AI use
- Monitoring AI compliance without stifling teams
Organizations that proactively build AI governance frameworks position themselves to leverage AI’s benefits while managing its risks.