Agentic AI brings new cybersecurity risks, Gartner warns

Agentic AI represents a significant evolution in artificial intelligence technology, enabling autonomous decision-making and task execution with minimal human oversight, according to new research from Gartner.

Market projections and potential impact: The integration of agentic AI into enterprise software is expected to surge dramatically in the coming years, transforming how businesses operate and interact with technology.

• Gartner forecasts agentic AI inclusion in enterprise software applications will grow from 1% today to 33% by 2028
• By 2028, AI agents could handle 20% of interactions currently managed through digital storefronts
• Approximately 15% of daily work decisions could be made autonomously through agentic AI by 2028, compared to zero in 2024

Technical capabilities and applications: Unlike traditional large language models (LLMs), agentic AI systems can operate independently and adapt to complex environments while pursuing defined objectives.

• These systems can autonomously examine data, conduct research, and complete tasks in both digital and physical environments through APIs and robotic systems
• Current enterprise products incorporating AI agent capabilities include Microsoft Copilot Studio, Azure AI Studio, AWS Bedrock, and Google NotebookLM
• A significant capability gap exists between current LLM-based assistants and fully autonomous AI agents, though this is expected to narrow initially for specific, narrowly-defined tasks

Emerging security challenges: Agentic AI introduces new cybersecurity risks that extend beyond traditional AI-related threats, requiring enhanced vigilance and security measures.

• The threat surface expands to include chains of events and interactions that may be invisible to human operators
• Key risks include data exposure along agent event chains and unauthorized or malicious coding logic errors
• Supply chain vulnerabilities could arise from third-party code and libraries used in AI agents

Risk mitigation strategies: Organizations must implement comprehensive security measures to safely deploy agentic AI technologies.

• IT leaders should prioritize educational initiatives to help staff understand inherent risks associated with AI agents
• Organizations should develop systems to detect and flag anomalous AI agent activities
• Implementation of preset enterprise policies and comprehensive mapping of AI agent information flows is crucial

Looking ahead: While agentic AI promises transformative benefits for enterprises, success will depend on developing robust governance frameworks and building trust in these autonomous systems, with initial adoption likely focused on narrow, well-defined use cases before expanding to broader applications.