Overview
- Anthropic researchers showed an AI system could autonomously carry out most steps of a cyberattack, reducing timelines from days to minutes.
- Security leaders warn that tools built for human-paced, static environments miss risks created by agentic systems that act without logging in like employees or following predictable workflows.
- Rapid growth in non-human identities drives a move to short-lived credentials with clear ownership and automatic rotation to curb silent access creep.
- Unmanaged use of AI is evolving into shadow operations as employees wire up agents with API keys and broad permissions outside IT oversight.
- Mature programs now keep a live inventory of models and agents, map their data access, enforce least-privilege policies, and monitor continuously as boards seek visibility and accountability.