OpenAI, Microsoft and Google’s enterprise agent push is outpacing security defenses, Computerworld warns
- OpenAI, Microsoft and Google all widened their enterprise AI agent pushes this week, with ChatGPT workspace agents, hosted agents in Microsoft Foundry, and Google’s new Gemini Enterprise Agent Platform. - IBM said agentic systems are creating vulnerabilities faster than traditional tracking can handle, highlighting an “authority gap” where agents can gain broad access without human-style identity and approval controls. - The rush is shifting security work from chatbot policies to agent identity, permissions and observability across workplace software. (computerworld.com) (ibm.com)
AI agents are moving from demos into everyday office software faster than security teams are rebuilding controls around them. (computerworld.com) (ibm.com) Computerworld reported this week that OpenAI launched workspace agents in ChatGPT, Microsoft added hosted agents to Foundry Agent Service, and Google updated Gemini Enterprise while introducing Gemini Enterprise Agent Platform. (computerworld.com) (cloud.google.com) An AI agent is software that does multi-step work on its own, like reading files, calling tools, clicking through interfaces, and handing tasks to other systems instead of only answering a prompt. OpenAI’s Responses API and Agents SDK, and Microsoft’s Copilot Studio computer-use features, are built around that model. (openai.com) (developers.openai.com) (learn.microsoft.com) That changes the security problem. A chatbot that drafts text is one thing; an agent that can search the web, open internal files, use a desktop interface, or trigger back-end actions carries the permissions of a worker or service account. (openai.com) (learn.microsoft.com) IBM X-Force said agentic AI expands the attack surface because autonomy creates more places for misuse, and the old Common Vulnerabilities and Exposures system is too slow and too narrow to describe many agent failures. IBM used the term “authority gap” for cases where agents act with broad delegated power but without mature identity boundaries. (ibm.com) IBM’s broader 2026 X-Force Threat Intelligence Index adds pressure to that warning: the company said attacks that began with exploitation of public-facing applications rose 44%, driven largely by missing authentication controls. (prnewswire.com) Google’s answer is to fold governance into the product pitch. The company said Gemini Enterprise Agent Platform combines model building with orchestration, DevOps, integration and security, and Computerworld said Google also updated the Gemini Enterprise app so office workers can build, manage and interact with agents. (cloud.google.com) (computerworld.com) Microsoft has been making a similar move in Copilot Studio, where “computer use” lets agents operate websites and desktop applications through graphical interfaces, including when layouts change. That makes automation more flexible, but it also means the agent can touch systems that were never designed as clean application programming interface targets. (microsoft.com) (learn.microsoft.com) OpenAI has also kept adding agent infrastructure. Its Responses API is positioned as the default foundation for new agent-like applications, and last week the company said it was adding native sandbox execution to the Agents SDK for safer long-running work across files and tools. (developers.openai.com) (openai.com) The practical result for security teams is less about blocking one model and more about redesigning identity, approval and logging around nonhuman workers that can take actions across email, files, browsers and internal apps. That is the gap Computerworld and IBM are both pointing to as the enterprise agent rollout speeds up. (computerworld.com) (ibm.com)
