Rise of AI agents should finally force zero-trust issue

Artificial intelligence (AI) agents are all the rage these days but in the rush to increase productivity many are, once again, overlooking the cybersecurity implications. Each AI agent that an organization deploys will not only be able to perform specific tasks but also interact with other AI agents and humans. This digital labor force, as a result, promises to sharply reduce much of the drudgery that the average worker regularly experiences when performing inefficient tasks.

As awesome as that might be, however, there is from a cybersecurity perspective a significant potential downside. Each AI agent is ultimately the equivalent of an employee that adds yet another identity that needs to be secured. In effect, the number of credentials that cybersecurity teams will need to secure is about to exponentially increase.

Given how problematic securing credentials already is today, the prospect of thousands of AI agents having access to multiple applications and services is deeply troubling. Cybercriminals are already using millions of stolen credentials to simply log into various applications and services without having to go to the trouble of writing malware. If the number of credentials that need to be secured increases by millions more, the odds a cybersecurity team will be able to secure them all will only diminish even further.

None of those concerns is likely to slow down the pace at which AI agents will be deployed so it’s now going to be up to cybersecurity teams to determine how best to secure them. That challenge is as of yet there is no standard framework for achieving that goal. Proposals include MAESTRO, STRIDE, PASTA, LINDUNN, OCTAVE, TRIKE and VAST, each of which is an acronym for a framework that if followed will make it simpler to secure AI agents.

Each cybersecurity team will need to determine for themselves which of these frameworks lends themselves best to securing the AI agents they deploy but the most important thing is start doing something about securing them now. Cybercriminals in anticipation of being presented with new rich attack surfaces are already paying close attention to how AI agents are being built and deployed.

Hopefully, more organizations will conclude that the time to more aggressively implement zero-trust IT policies has arrived. While a lot of progress toward achieving that goal has been made over the last few years, adoption remains uneven. Most organizations now realize that an ability to manage identities is at the core of any meaningful effort to enforce zero-trust policies. The issue, as always, is that the effort required to manage effectively the identities that have been assigned to not just individuals but also machines, software components, services and now AI agents is substantial. One of the reasons there has not been as much progress made is the simple fact the number of identities and associated privileges is already too overwhelming to secure.

Like it or not, AI agents will most likely be the straw that finally breaks the identity management back. Existing directories and platforms will simply not be up to the task. The only thing left to determine now is how proactively organizations will address AI agent security versus yet again waiting for an actual crisis to emerge that in hindsight might have been easily avoided.

Barracuda can help

Zero Trust is not just a security model — it’s the future of cybersecurity. Organizations that adopt Zero Trust now will prevent costly breaches, enhance productivity, and remain compliant in an ever-evolving digital landscape. Don’t wait — start today to secure your organization's future.

Take the next step toward Zero Trust:

• Explore Barracuda's Zero Trust Access Starter Kit, which includes a webinar and valuable resources to get you started: https://www.barracuda.com/products/network-protection/zta-starter-kit
• Experience the benefits firsthand with a free trial of Barracuda SecureEdge: https://www.barracuda.com/products/network-protection/secureedge/try-free

Remember: Zero Trust is a journey, not a destination. Start today and build a more secure future for your organization.