Why CISOs Keep Asking The Same Question About AI Agents

David Goldschlag is co-founder and CEO of Aembit, an identity and access management platform for agentic AI and workloads.

getty

Over the years, after presenting to CISOs, more than one has pulled me aside for a private chat.

I've spent my career watching security problems evolve, from mobile devices to zero trust networking to the software workloads that now run most of the enterprise. When the room clears and an infosec leader asks for a candid moment, I usually know what's coming.

The conversation is rarely about the product they just saw. In most cases, it's about the tension between progress and control and how to move forward without weakening what they're responsible for protecting.

One CISO recently told me that their company was all in on agents and was moving forward with them. The CISO wasn't trying to block the move but just needed to know that they weren't signing up for something they couldn't control.

Put another way: "Help me say yes to AI."

This CISO's concern is understandable. Their job is to prevent exposure and maintain accountability. In the era of autonomous AI, when an agent, for example, reads data from a collaboration tool, updates CRM records or queries a data warehouse, someone has to answer for those actions.

What access does it have? How is that access limited or taken away? When something breaks, can anyone trace what happened? Those questions and responsibilities ultimately land on one desk—the CISO's.

In our 2026 research report with the Cloud Security Alliance covering more than 200 enterprises, 67% of respondents said they already use task automation agents in production. Nearly half also claimed to use agents for research, development or security monitoring, while 73% expected them to become critical within the next year.

However, the same study also found that 74% of surveyed organizations said agents often received more access than necessary, while 68% reported they couldn't clearly distinguish between actions taken by a person and those taken by an agent. One-third didn't know how often agent credentials rotate. Additionally, ownership is spread across security, engineering and IT, and in some cases, no single team is clearly responsible.

Adoption keeps accelerating, but control lags.

The industry has solved dilemmas such as this before in stages. First came user identity—tying actions to people and limiting what they could do. Then came workload identity, where the scope of what an application or service needed to access was knowable in advance (although in practice, most organizations are still struggling to define and enforce that scope).

Agents break both models. They make decisions, take branching actions and can span internal apps, SaaS platforms, cloud services and data warehouses in a single workflow—often in ways nobody fully anticipated. They also tend to inherit the bad habits of the systems around them, such as long-lived credentials, static permissions and shared accounts. When that happens, the boundary between human and system activity fades fast.

The playbook to address this is proven. We just need to extend it.

How should CISOs approach this? ​

1. Stop letting agents hide behind other identities.

I've seen pilots where an agent runs under a shared service account or inherits a human's full access because it was expedient. That decision feels small in the moment and expensive later. A CISO can draw a firm line here via policy. If an agent touches enterprise systems, it authenticates as itself. Give it a distinct identity and attach a named owner to it.

2. Narrow authority before it spreads.

In early deployments, teams often grant broad roles so the agent can "just work." Instead, require teams to state, in advance, what the agent needs to read, write or modify. Tie those permissions directly to its identity and avoid standing access where possible. When scope is explicit at the beginning, expansion becomes a conscious decision rather than drift.

3. Mandate a revocation test.

Failure can happen. Ask a direct question: If this agent misbehaves tomorrow, how do we shut it down? Then test the answer by ensuring the identity is disabled and the access closes. Review the logs to see what that specific agent did and under whose authority it operated.

​These best practices served as the reassurance the CISO was after. It was proof that oversight could scale with adoption. As agents take on more responsibility, identity becomes the mechanism through which access can be evaluated and actions can be attributed. The balance of speed and control is what every security leader is after.

It's how they say yes. As a security industry, we just need to help them do that.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?