Protecting the world from rogue agents: Zero Trust

In a seminar titled From Chatbots to Change Agents: Securing Agentic AI, Cisco’s Matt Caulfield, VP of product management for identity, and Kevin Kennedy VP of product and solutions for security, laid out some of the key challenges — and solutions — around identity and access in vastly complicated agentic AI environments. One in which thousands of agents roam freely through internal data and SAAS applications — all with the agency to act independently.

“When it comes to giving tools to agentic AI,” Caulfield warned, “we are now opening up our organizations to a whole new level of security risk.”

So how do organizations protect against their own agents being compromised or from outside agents set loose by bad actors?

Caulfield summed up three key steps.

“Knowing your risk is first,” he said. “If you don’t have an agent-discovery tool, if you’re not looking for agents in your environment, that’s step number one. Second step is then controlling that access. So having a consistent place to do enforcement, investing in an AI gateway that can sit in between the agents and the resources, and supplying it with policy about what those agents are allowed to do and a life cycle for what they should do, and then prioritizing which tools you want to onboard. And then third, and most importantly, is agent governance and life cycle.”

Or as Kennedy summarized, “The key is know your agents, authorize every action, what they are allowed to do, what they are not allowed to do, and then adapt to risk because even actions that are allowed by policy are not necessarily safe.”

From a customer perspective, Jeremy Nelson, Insight’s CISO for North America, weighed in on the importance of securing access, not just for humans, but for agents — along with his excitement around Cisco’s extended Zero Trust solution.

“Organizations are eager to embrace AI,” he said, “but they need to do so without creating security coverage gaps. Cisco’s Zero Trust Access for AI Agents gives visibility into agentic identities and restricts access to exactly what’s needed. We’re excited to bring these capabilities to customers to secure their data while scaling their AI initiatives.”