In 2025, agentic AI is already transforming how organizations build software and automate decision-making, but it also introduces a new layer of complexity to cybersecurity. The recent OWASP Agentic AI Threats & Mitigations research sheds light on the evolving risks that come with autonomous AI systems.
Here are three key takeaways that every security professional should know:
Enterprise Security for AI Agents & Non-Human Identities
Takeaway 1: Agentic AI amplifies existing threats
Agentic and autonomous AI don’t really introduce entirely new cyber threats – instead, they evolve existing ones into more complex security challenges. The difference lies in how Agentic AI amplifies the impact and complexity of familiar risks, making them harder to detect, mitigate and control.
How does agentic AI complicate known threats?
- Increased autonomy and decision-making power:
Unlike traditional systems, AI agents make decisions and perform actions autonomously, often with no human oversight. This autonomy means that once compromised, an AI agent can continue harmful actions without interruption, amplifying the potential impact of the attack.
- Dynamic context and intent confusion:
Agentic AI is designed to interpret context and intent, but it lacks true understanding. This makes it vulnerable to Confused Deputy attacks, where an AI agent with higher privileges than its user is tricked into executing unauthorized actions. This occurs because the agent cannot reliably distinguish between legitimate requests and adversarial inputs, leading to unintentional privilege escalation or data exfiltration.
- Broad and unpredictable permissions:
AI agents often require broad permissions to perform tasks across multiple systems, services, and APIs. These over-permissioned identities make them prime targets for attackers looking to pivot laterally across environments or exploit multiple systems simultaneously.
As AI-based workflows and system designs gain autonomy, known security risks become more difficult to tackle.
Takeaway 2: Non-Human Identities are the backbone of Agentic AI – and its weakest link
Agentic AI relies heavily on non-human identities (NHI) such as API keys, service accounts, secrets and tokens to enable seamless interactions across cloud services, databases, and third-party tools. NHIs empower AI agents to automate tasks, access resources, and execute complex workflows autonomously. However, this also makes NHIs the number one target for attackers, as they serve as the keys to the kingdom for AI-driven systems.
Once compromised, NHIs can be easily exploited for a wide range of malicious activities.
If we take a look at the “single-agent architecture” taken from the OWASP research, we can see at least 9-12 NHIs in action. These include API keys, service accounts, and temporary auth tokens used for authenticating and authorizing interactions across Services (Content, Data, APIs), Agent components (Function Calling, Memory), Supporting Services (Long-Term Memory, Vector Datastore), and the LLM Model itself.
With this many NHIs spread across every layer of the single-agent architecture (and many more on multi-agent ones) they become incredibly difficult to govern, monitor, and manage, increasing the risk of privilege misuse, data breaches, and unauthorized actions. This complexity makes NHI security and lifecycle management a critical requirement for securing Agentic AI systems.
Takeaway 3: Agentic AI expands attack surfaces with autonomous tool execution
One of the most significant challenges with Agentic AI is its ability to autonomously call external tools, APIs, and LLM models to complete tasks. This dynamic interaction is what makes Agentic AI so powerful, but it also expands the attack surface exponentially. The more tools and applications an AI agent can access, the more potential entry points exist for attackers to exploit.
Why is this a security risk?
- Uncontrolled tool execution
Agentic AI systems use function calling to dynamically execute tasks, often with broad permissions to access various tools, databases, and external APIs. This makes them vulnerable to tool misuse or even remote code execution (RCE) if inputs are manipulated. - Chained tool interactions and cascade failures
Agentic AI often chains multiple tool interactions to perform complex workflows. This creates a cascading risk where compromising one tool can lead to the compromise of interconnected systems. - Third-party API risks and supply chain exposure
Agentic AI systems frequently integrate third-party APIs to enhance functionality. However, this reliance on external services introduces supply chain risks. If any third-party service is compromised, it can impact the entire execution flow, leading to data breaches or privilege escalation.
Final thoughts: securing Agentic AI with Entro
The OWASP Agentic AI Security Research makes one thing clear: Agentic AI is redefining cybersecurity by amplifying existing challenges, expanding attack surfaces, and creating new risks around NHI. As organizations embrace the power of AI-driven automation and decision-making, the complexity of managing and securing these systems will only grow.
But with increased complexity comes the need for advanced security solutions designed specifically for highly distributed environments. Entro’s platform is built to secure NHIs across hybrid clouds, APIs, and third-party integrations. We provide:
- Comprehensive NHI discovery and inventory: ensuring no API key, token or secret goes unmonitored.
- Real-time monitoring and anomaly detection: continuously analyzing NHI behavior to detect abnormal activities and potential compromises (NHIDR™)
- Automated lifecycle management: rotating secrets and securing NHIs throughout their lifecycle to prevent unauthorized access.
With Entro, organizations can confidently embrace Agentic AI without compromising security. We enable businesses to innovate faster while staying secure.
Ready to secure your AI-enabled future?
Discover how Entro can protect your NHIs today
