logo_header
  • Topics
  • Research & Analysis
  • Features & Opinion
  • Webinars & Podcasts
  • Videos
  • Dtw

Agentic AI isn't just software – it's the ultimate insider threat

Cequence Security CTO Shreyans Mehta explains the concept of ‘agentic zero trust’ and why organizations must continuously validate the behavior of AI agents.

Shreyans MehtaShreyans Mehta
13 Jul 2026
Agentic AI isn't just software – it's the ultimate insider threat

Agentic AI isn't just software – it's the ultimate insider threat

For decades, enterprise software has largely been passive. Applications waited for users to authenticate, click buttons, submit forms and make decisions. Security models evolved around that assumption: verify identity, authorize access and monitor activity.

Agentic AI changes that equation.

Unlike traditional software, AI agents don’t simply respond to requests – they reason, plan, make decisions and execute sequences of actions across enterprise systems with little or no human intervention. Once connected to APIs, business applications and enterprise data, these agents begin acting much more like employees than software. The most important question is no longer "Can this agent access the application?" but "Should it be performing this action right now?"

That’s why organizations should stop thinking about agentic AI as another technology purchase and start governing it as a digital insider operating at machine speed.

As TM Forum’s Agentic Interaction Security in Telecommunications Guidebook (GB1087) correctly points out, “AI could be the ultimate ‘trusted insider’ threat,” often operating unconstrained in real time, at scale.

Authorization is not enough

Traditional security assumes that authorization is enough. If an authenticated user or application has permission to invoke an API or access a database, the request is generally allowed. AI gateways have largely followed this model, adding authentication, authorization, model routing, rate limiting, logging and content filtering.

The problem is that a sophisticated AI agent can remain completely within its authorized permissions while still producing harmful outcomes. An agent may access too much information, perform actions outside its intended business purpose, or combine individually legitimate API calls into behavior that creates operational, security or compliance risk.

Every individual request may be authorized, yet the overall behavior is still wrong. This is the same insider risk security teams have managed for years with human employees.

The vast majority of people would never intentionally do something that might get them fired. Human insiders are governed by context and personal ethics, something AI agents are not constrained by.

An accounts-payable employee can access financial systems but shouldn’t suddenly begin downloading engineering documentation. A customer service representative shouldn’t modify HR records simply because they possess valid credentials. Organizations establish expected roles and investigate behavior that deviates from those expectations.

In the same way the new human employees operate against job descriptions and role requirements, AI agents deserve the same treatment.

Every enterprise agent has a defined purpose: summarize contracts, resolve customer issues, analyze inventory or automate IT workflows. That purpose becomes its job description.

Governance should continuously evaluate whether the agent’s actions remain consistent with that job, not simply focused on whether each API call passes an authorization check. As a result, modern AI security requires continuous behavioral validation throughout an agent’s entire session, not just verification at login.

‘Agentic zero trust’ continuously validates behavior

This is where “agentic zero trust” extends traditional zero-trust principles. Conventional zero trust focuses on continuously verifying identity and enforcing least-privilege access. Agentic AI requires organizations to go a step further by continuously validating behavior.

Identity tells you who the agent is. Authorization defines what resources it may access. Agentic zero trust asks the more important question: Is the agent behaving according to its assigned role and intended business purpose? Trust is no longer established once at authentication but is earned continuously during runtime behavior.

This represents a broader architectural shift for enterprise AI. Identity and authorization remain essential, determining who or what the agent is and what resources it may access.

However, neither answers the most important governance question: “Is the agent behaving according to its intended role?” As AI agents become more capable, behavioral governance becomes the missing control layer that complements existing identity and access management (IAM) rather than replacing it.

Treating agents as insiders

The enterprises that succeed with agentic AI won’t necessarily be those deploying the most agents. They’ll be the organizations that recognize autonomous AI for what it has become: a new category of enterprise insider.

Digital insiders don’t need coffee breaks, don’t wait for business hours and can execute thousands of actions in the time it takes a human to approve a single request. While that speed creates enormous opportunities for productivity, it also amplifies mistakes, misuse and compromise just as quickly.

Treating AI agents as software tools made sense when AI simply generated text. It doesn’t make sense when AI is making decisions, interacting directly with enterprise systems and autonomously carrying out business processes.

The future of enterprise AI won’t be defined by how many agents organizations deploy. It will be defined by how effectively they govern those agents after they’ve been granted access.

In an agentic enterprise, every AI agent should be treated as a digital insider, and every action should be evaluated through the lens of agentic zero trust, where trust is continuously earned through behavior rather than permanently granted through authentication alone.