Gen AI

How organisations are rethinking security controls for agentic AI deployments

Monday, 9 February 2026 5:14PM UTC

As enterprises increasingly adopt autonomous AI systems, they are facing new security challenges that require innovative controls like intent governance, provenance tracking, and human oversight to balance productivity and data protection.

Organisations betting on agentic AI face a tension between the technology’s promise to automate complex workflows and the practical challenge of keeping enterprise data secure. Agentic systems, autonomous software that plans and acts toward goals, can deliver major productivity gains, but they also require broad access to information across silos. That access model is forcing security teams to rethink the assumptions behind traditional identity-and-access approaches, industry observers say.

According to TechRadar, the classic perimeter of role-based permissions is ill-suited to agents that reason across datasets and infer connections not explicitly permitted by static policies. The outlet warns of “contextual privilege escalation,” where the meaning an agent derives from otherwise innocuous data becomes the avenue for exposure. The piece recommends shifting controls from rigid access lists toward mechanisms that govern intent: intent binding, dynamic authorisation, provenance tracking, human-in-the-loop checkpoints and contextual auditing.

Security specialists and compliance vendors echo that call for new controls. Vanta’s guidance highlights the opacity of many agentic systems and the attendant compliance risks under emerging regimes such as the EU AI Act. The company advises embedding explainability and decision traceability into agent designs, alongside thorough model documentation, to reduce the “black box” problem and enable audits. Forbes also cautions that agentic AI can inherit biases from training data and that ongoing governance, high-quality training sets and periodic fairness audits are essential to avoid discriminatory outcomes.

Practitioners should expect to balance enabling productivity with hardening the attack surface. Integration missteps can expand exposure, Vanta warns, while TechRadar notes that monitoring an agent’s goals and reasoning paths is as important as controlling which files it may read. Organisations are therefore exploring a layered approach: minimise the data surface agents see through fine-grained data-masking and synthetic proxies; record end-to-end provenance for each action; and require explicit human approvals for high-risk tasks.

Vendor claims about agentic capability require the same editorial caution as other product messaging. Many suppliers position agents as transformational; buyers must demand evidence of explainability, controllable scopes, and repeatable audit trails. Where vendors describe regulatory readiness, purchasers should validate those claims against documentation and independent testing rather than accept them at face value.

The governance toolkit is growing. Enterprises are piloting intent-aware policy engines that evaluate whether a requested sequence of actions matches an approved objective, rather than simply checking file-level permissions. Others adopt runtime monitors that flag anomalous multi-step behaviours for human review. Industry guidance suggests combining technical controls with organisational measures: clear ownership of agent behaviour, regular red-teaming, and cross-functional incident playbooks that include AI-specific scenarios.

The security debate is unfolding alongside broader commercial and staffing moves in the enterprise technology sector. Infor this week named Geoff Thomas as Senior Vice President and General Manager for Asia Pacific and Japan, a move framed by the company as a bid to deepen regional customer engagement and partner networks, according to a PR Newswire release and regional reporting by ITWire and CRN Asia. Such leadership appointments underline that suppliers are reorganising to support complex, locality-specific needs that include AI governance.

Other vendor and customer developments reported this week underline the fast pace of productisation around AI and cloud services. Thomson Reuters said investment in agentic capabilities is accelerating its product innovation and plans further scaling of agentic tools, the company told investors in its full‑year results. Workday announced a Military Skills Mapper to translate veterans’ experience into civilian job skills, citing an autumn 2026 availability window. Any claims of security maturity from companies should therefore be assessed against evidence of independent certification, deployments in sensitive environments, and third-party audits; ANYbotics’ recent ISO/IEC 27001 certification was presented as such evidence in its announcement.

For risk owners, the practical takeaway is that agentic AI cannot be secured by legacy access lists alone. Effective controls will combine intent governance, explainability, provenance and human oversight, backed by third-party validation where possible. As organisations scale agent deployments, those safeguards will determine whether the promised business value arrives without excessive exposure.

Source: Noah Wire Services

More on this

https://www.enterprisetimes.co.uk/2026/02/09/news-from-the-week-beginning-february-2nd-2026/ - Please view link - unable to able to access data
https://www.techradar.com/pro/ai-agents-are-about-to-make-access-control-obsolete - This article discusses how traditional access control systems are being challenged by the rise of AI agents in enterprise workflows. These agents operate based on goals and reasoning rather than fixed access rules, enabling them to infer and compile sensitive information without breaching explicit permissions. The core concern is 'contextual privilege escalation,' where meaning and intent—not direct access—become the vector for data exposure. The article advocates for a new security paradigm that focuses on governing intent rather than access, proposing safeguards like intent binding, dynamic authorization, provenance tracking, human oversight, and contextual auditing.
https://www.prnewswire.com/apac/news-releases/infor-appoints-geoff-thomas-to-lead-asia-pacific-and-japan-302678403.html - Infor has announced the appointment of Geoff Thomas as Senior Vice President and General Manager for Asia Pacific and Japan (APJ). Based in Sydney, Thomas will focus on enhancing customer experiences and driving innovation in key markets, including Japan, Australia and New Zealand (ANZ), Southeast & North Asia (SENA), and India. Under his leadership, Infor aims to deepen local expertise, expand its trusted partner network, and provide customers with world-class support and industry-specific cloud technologies designed to help their businesses thrive.
https://www.forbes.com/sites/tonybradley/2025/04/04/how-agentic-ai-is-revolutionizing-security-and-how-to-keep-it-safe/ - This article explores the transformative impact of agentic AI on security, highlighting both its potential benefits and associated risks. It discusses how agentic AI can revolutionize security by automating tasks and improving efficiency. However, it also raises concerns about the potential for AI to inherit biases from its training data, leading to flawed or discriminatory decisions. The article emphasizes the need for proper oversight to prevent AI agents from misinterpreting tasks and introducing new security risks. It advocates for training AI agents on high-quality, unbiased data and regular audits for fairness and accuracy.
https://www.vanta.com/resources/agentic-ai-security-challenges - This resource outlines the security challenges associated with agentic AI, emphasizing the complexity and 'black box' nature of these systems. It discusses the lack of transparency in decision logic, which poses compliance risks under frameworks like the EU AI Act. The article highlights the importance of embedding explainability into AI design, using techniques such as model documentation, decision traceability, and explainability frameworks. It also addresses integration complexities, noting that without careful planning, agentic AI systems can inadvertently expand the attack surface and introduce misconfigurations, leading to weakened security controls.
https://itwire.com/it-people-news/people-moves/infor-taps-qlik-veteran-geoff-thomas-to-lead-apj-growth-push.html - Infor has appointed Geoff Thomas as Senior Vice President and General Manager for Asia Pacific and Japan (APJ) to strengthen its regional leadership and expand its presence across key markets. Based in Sydney, Thomas will oversee operations in Japan, Australia and New Zealand, Southeast and North Asia, and India, focusing on customer engagement, regional strategy, and market development. His appointment reflects Infor's commitment to deepening its engagement with organizations across the region and responding to evolving business and technology requirements.
https://www.crnasia.com/news/2026/channel-news/infor-unveils-new-leadership-appointments-for-apac - Infor has appointed Geoff Thomas as Senior Vice President and General Manager for Asia Pacific and Japan (APJ). Based in Sydney, Thomas will focus on strengthening Infor’s commitment to delivering exceptional value and tailored solutions to customers across the region. Thomas takes over the role from Terry Smagh, who has now taken over a global role as Senior VP and GM – International, Strategic Solutions at Infor. With Thomas in the role, Infor will continue to focus on deepening local expertise, expanding its trusted partner network, and providing customers with world-class support and industry-specific cloud technologies designed to help their businesses thrive.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The article was published on February 9, 2026, covering events from the week beginning February 2, 2026. The appointment of Geoff Thomas as Senior Vice President and General Manager for Asia Pacific and Japan by Infor was announced on February 4, 2026. ([prnewswire.com](https://www.prnewswire.com/apac/news-releases/infor-appoints-geoff-thomas-to-lead-asia-pacific-and-japan-302678403.html?utm_source=openai)) The discussion on agentic AI security concerns aligns with recent industry conversations, with sources from December 2025 and October 2025. ([vanta.com](https://www.vanta.com/resources/how-security-leaders-can-safely-and-effectively-implement-agentic-ai?utm_source=openai)) The article appears to provide timely information without significant delays.

Quotes check

Score: 7

Notes: The article includes direct quotes from TechRadar, Vanta, and Forbes. The TechRadar quote about 'contextual privilege escalation' matches content from a June 2025 article. ([techrepublic.com](https://www.techrepublic.com/article/news-ai-agent-security-beyondid-research/?utm_source=openai)) The Vanta guidance on embedding explainability and decision traceability into agent designs is consistent with their December 2025 publication. ([vanta.com](https://www.vanta.com/resources/how-security-leaders-can-safely-and-effectively-implement-agentic-ai?utm_source=openai)) The Forbes caution about agentic AI inheriting biases from training data aligns with their September 2025 article. ([forbes.com](https://www.forbes.com/sites/davidprosser/2025/09/16/meet-the-start-ups-promising-to-hold-ai-agents-to-account/?utm_source=openai)) While the quotes are consistent with their respective sources, the absence of direct links to these articles raises concerns about verification.

Source reliability

Score: 6

Notes: The article cites reputable sources such as TechRadar, Vanta, and Forbes. However, the Enterprise Times website is a niche publication with limited reach, which may affect the overall reliability of the information presented. Additionally, the article appears to be a summary of various sources without original reporting, which could impact its credibility.

Plausibility check

Score: 7

Notes: The article discusses the challenges of securing agentic AI, referencing concerns about 'contextual privilege escalation' and the need for new controls. These topics are consistent with recent industry discussions, such as the June 2025 TechRepublic article highlighting AI agents creating insider security threat blind spots. ([techrepublic.com](https://www.techrepublic.com/article/news-ai-agent-security-beyondid-research/?utm_source=openai)) The mention of Geoff Thomas's appointment at Infor is corroborated by the February 4, 2026, PR Newswire release. ([prnewswire.com](https://www.prnewswire.com/apac/news-releases/infor-appoints-geoff-thomas-to-lead-asia-pacific-and-japan-302678403.html?utm_source=openai)) The content appears plausible and aligns with known industry developments.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The article provides timely and plausible information, with references to reputable sources. However, the lack of direct links to these sources and the reliance on a niche publication for original reporting raise concerns about the verification process and source reliability. While the content appears accurate, the medium confidence reflects these uncertainties.

AI security
Agentic AI
Data governance