Summary: A new report by Deloitte’s AI Institute reveals a dangerous gap: while 74% of companies plan to deploy autonomous AI agents by late 2026, only 21% have “robust guardrails” to prevent them from acting maliciously. The report cites “Prompt Injection” against agents as the #1 emerging threat, turning helpful assistants into “High-Privilege Backdoors.”
Business Impact: “Shadow AI” has evolved into “Shadow Agents.” Employees are authorizing AI tools to “act on their behalf” (read email, book travel, commit code). Without governance, an attacker only needs to trick the *agent* to bypass all human authentication layers.
Why It Happened: The rush to adopt “Agentic Workflows” for productivity has outpaced the development of “Identity Security” for non-human entities.
Recommended Executive Action: Update your IAM (Identity & Access Management) policy to create a specific category for “Non-Human Identities” (NHIs). Ensure AI agents are granted “Least Privilege”—they should not have broad read/write access to the CEO’s inbox.
Hashtags: #Deloitte #AIGovernance #AgenticAI #IdentitySecurity #IAM #FutureOfWork