Agentic AI is a new third‑party risk

An employee can reset a password, but an artificial intelligence agent can reset 5,000 of them before anyone notices the pattern. That is why security teams are starting to treat these systems less like software and more like outside vendors with badges, keys, and spending authority. (infosecurity-magazine.com) An artificial intelligence agent is a program that does not just answer questions. It can log into tools, call application programming interfaces, move files, trigger workflows, and keep going after a human gives it a goal instead of a step-by-step script. (infosecurity-magazine.com) That changes the risk model because most companies already know how to review a human contractor. They run vendor checks, limit access, watch activity, and shut off credentials when the job ends. (infosecurity-magazine.com) Many artificial intelligence agents now need their own machine credentials, and that number is rising fast. A SANS Institute survey reported that 74% of organizations already use agents or automations that require credentials, while 76% reported growth in non-human identities such as service accounts, application programming interface keys, and bots. (infosecurity-magazine.com) A non-human identity is just a login for software instead of a person. If one agent gets broad access to email, cloud storage, ticketing, and finance tools, it can become a single point of failure with the reach of four departments at once. (infosecurity-magazine.com; infosecurity-magazine.com) Security vendors are reacting like this is a new attack surface, not a passing feature. On April 8, 2026, OPSWAT announced Predictive Alin AI for its MetaDefender platform, describing it as an artificial-intelligence-native detection engine that tries to flag malicious files before execution with near-zero false positives. (prnewswire.com) Network vendors are changing the plumbing too. On February 10, 2026, Cisco said agentic artificial intelligence will push more mission-critical workflows across enterprise networks and tied that to a broader rollout of post-quantum cryptography and interaction governance in its security stack. (newsroom.cisco.com) Standards bodies are moving, but the rulebook is still incomplete. The National Institute of Standards and Technology released its Generative Artificial Intelligence Profile in July 2024, and on April 7, 2026, it published a concept note for a profile on trustworthy artificial intelligence in critical infrastructure, which shows the governance conversation is active even if agent-specific controls are not yet fully codified. (nist.gov) That leaves companies and agencies doing the practical work first. The controls showing up now are familiar ones: least-privilege access, separate credentials for each agent, logging of every action, approval gates for high-risk tasks, and security review before an agent gets connected to production systems. (nist.gov; infosecurity-magazine.com) The near-term use cases sound harmless because they start with predictive maintenance, analytics, and internal support. The risk appears when the same agent that summarizes a dashboard also gets permission to open tickets, order parts, change settings, or send data to another service without a human in the loop. (infosecurity-magazine.com; nist.gov) The simplest way to think about it is this: if a system can take action, it needs the same suspicion you would apply to a new supplier. In 2026, the debate is no longer whether agentic artificial intelligence belongs inside the security perimeter, but how many locks it should have once it gets in. (infosecurity-magazine.com; newsroom.cisco.com)