Introduction

Enterprises have spent years fortifying perimeter security - patching CVEs, enforcing MFA, encrypting data at rest and in transit. In 2026, a growing share of material security incidents will not be the result of attackers breaking through those controls. They stem from adversaries exploiting the autonomous systems the enterprise itself deployed and trusted: Agentic AI.

Agentic AI - systems that autonomously perform multi-step tasks, make decisions and interact with APIs to write and deploy code without requiring human intervention have rapidly advanced from the proof of concept to production. By 2026, Gartner predicts that nearly 40% of enterprise applications will include task-specific agents and has indicated that Agentic AI oversight will be the top cybersecurity concern.

The principal concern is not that AI agents are poorly designed. It is that most enterprises have deployed them before the governance structures, such as identity governance, data classification and incident response, needed to control and contain them. This approach - first deploy, then govern, has established a systemic resilience gap not at the perimeter, but at the operational core of the enterprise. Enterprises have fortified their vaults but provided keys to the machines. Agentic AI is the self-generated insider threat.

Where the governance gap exists

Oversight has failed to keep pace with deployment

A Gartner CIO poll conducted in late 2025 revealed 24% of organizations had deployed AI agents and 50% were in the process of doing so. Most lacked governance frameworks for deployments. The IBM Cost of a Data Breach Report 2025 explains the costs associated with the lack of structured governance for AI. The deployment of AI agents means security teams must retroactively implement controls for agents operating with privileged access.

Why shadow AI should worry you

According to the 2026 Gartner cybersecurity survey, 57% of employees use personal GenAI tools for work and at least 1 in 3 enter sensitive data (e.g., customer data, financial information, legal documents) into tools that have not undergone a security review. The use of personal AI tools has become easier with no-code or low-code platforms that enable the deployment of AI agents without requiring security personnel. The vulnerabilities of these engagements are outside the existing DLP, backup and classification controls.

Machine identities: A new IAM crisis

Every agent creates a unique digital identity using an API key, a token, or OAuth. The Cloud Security Alliance's 2026 study found that a majority of organizations do not maintain a real-time record of all deployed agents. Among those who do, very few have confidence that their IAM systems can keep pace with the machine identities they deploy. In reality, agent identities are created with intentionally broad permissions and these permissions are seldom changed, or even revoked. The CrowdStrike 2025 Threat Hunting Report shows how adversaries can use agent identities to pivot and move through an infrastructure more quickly than any manually orchestrated attack. Among new threats in 2026, Gartner specifically lists the implementation of agent registration, the adoption of the least privilege principle for IAM credentials for agents and the monitoring of agent behavior as the most critical security architecture enhancements for 2026.

What a resilient architecture for agentic AI actually looks like

This risk profile does not call for a slowdown in AI adoption. Instead, it demands architecturally governed adoption from the outset. Three technical disciplines shape the architecture.

1. Agent inventory and behavioral baselines

   You cannot apply controls to assets you cannot enumerate. This requires a comprehensive, perpetually updated inventory of all agents in the environment — both sanctioned and unsanctioned, internal and external, including third parties, along with their access scope, credentials and anticipated behavioral profiles. Once a baseline is established, behavioral anomalies caused by unexpected API calls, unusual data access patterns and the use of credentials outside their normal time frames will become detectable. Without this, Zero Trust and SIEM tools will operate with the gaps of an incomplete asset inventory.

2. Zero trust extended to non-human identities

   Zero Trust principles, continuous verification, least privilege and assume breach, were designed for human user sessions and workloads. To apply them to machine actors, the identity stack needs to be completely re-engineered. This consists of creating auditable identities for each agent, using credentials scoped to the minimum access required by the specific task, using short-lived tokens with mandatory refresh and shifting from static to context-based runtime permissions.

3. Data lineage and classification for AI-generated output

   Traditional data protection assumes known assets reside in known locations. The agentic workflow single-handedly breaks this assumption. It may read from a CRM, pull unstructured files from a content store, generate intermediate inferences and write outputs to a collaboration platform, all within seconds and create data artifacts that span multiple levels of classification and reside in locations that no datamap foresees. Resilience means tagging data at the point AI is created, keeping lineage through multi-agent workflows and putting the same governance controls on AI-generated data as we do on human-generated data. Forrester's 2026 cybersecurity predictions make the governance implication explicit: without the right guardrails, Agentic AI systems may sacrifice accuracy for speed of delivery and when failures occur, they stem from a cascade of failures across the system, not a single point of error.

4. Human-in-the-loop governance

   Gartner’s 2026 cybersecurity research stated that to realize the full potential of AI in security operations, organizations must prioritize people as much as technology. In practice, this means defining explicit human approval checkpoints within agentic workflows for actions that touch sensitive data, trigger financial transactions, or modify access controls. Agents should operate within their clearly defined boundaries; any action outside these boundaries must be escalated to a human owner before proceeding. This governance layer makes AI operations auditable, which is increasingly a regulatory requirement under frameworks like DORA and NIS2.

Conclusion:

The enterprise security perimeter no longer sits at the network edge. It now runs across every agent, every machine identity and every data artifact produced by autonomous AI systems. Closing this cyber-resiliency gap requires new technical capabilities that most organizations have not yet built, such as agent inventories, machine identity governance, AI data lineage and incident response playbooks for cascade scenarios rather than point-of-entry breaches.

At HCLTech, we have complementary capabilities to tackle this challenge. HCLTech AI Factory provides a governed foundation for Agentic AI operations – with built-in agent orchestration, model observability and governance controls that set human oversight boundaries at the infrastructure level. It also provides Red Teaming, which enables simulation of adversarial engagements to aid in determining how the agents will use its tools. VisualizeNXT extends AI Factory’s capability at the data layer by identifying dark and sensitive data dispersed amongst unstructured storage environments. This includes data generated by AI agents that land in file storage and collaborative workspace outside of governance scope. Together, they govern what agents do and protect what agents create.

The deployment of AI Agents without any form of control is not an accelerator; it is a form of deferred technical debt wrapped in a security concern. Organizations that deploy AI Agents while simultaneously building a control mechanism will have a competitive advantage over those that implement controls post-incident as a reactive measure.

References

• Gartner — Top Cybersecurity Trends for 2026
• Gartner — How to Secure Enterprise Agentic AI Ambition, Jeremy D'Hoinne & Dionisio Zumerle
• Forrester — Predictions 2026: Cybersecurity and Risk Leaders Grapple With New Tech and Geopolitical Threats, Paddy Harrington
• IBM — Cost of a Data Breach Report 2025 (Conducted by Ponemon Institute)
• CrowdStrike — 2025 Threat Hunting Report: Adversaries Weaponize and Target AI at Scale
• Cloud Security Alliance — Agentic AI Identity and Access Management Research
• HCLTech – Securing AI Agents by Design: Autonomous, Compliant, Secure
• HCLTech – VisualizeNXT: Securing the unseen – Dark Data Assessment for Enhanced Security