Agent Security as Architecture

An artificial intelligence agent can turn into an insider threat if a company gives it broad access to cloud data, identities, and business tools. (securityweek.com) Google’s Vertex AI lets companies deploy software agents that can call models, use service accounts, and connect to other Google Cloud resources through Identity and Access Management, or IAM. Google’s own documentation says deployed agents can run with an “agent identity” and inherit permissions tied to service accounts and predefined roles. (cloud.google.com 1) (cloud.google.com 2) That setup drew scrutiny in late March and early April 2026, when Palo Alto Networks Unit 42 researchers said they weaponized Vertex AI agents and found a permission model issue that could expose cloud data, credentials, and code through indirect prompt injection and overly broad defaults. Google said it addressed the reported issues after the research was disclosed. (thehackernews.com) (securityweek.com) The security problem is not that agents exist. It is that an agent can act with the same reach as the account behind it, so a bad prompt, poisoned document, or misconfigured connector can move from answering questions to touching storage buckets, code repositories, or internal workflows. (cloud.google.com 1) (cloud.google.com 2) Chief information officers are now ranking that risk next to older attack types. In Logicalis’ annual report published April 13, 2026, more than 1,000 chief information officers were surveyed globally, and 28 percent said artificial intelligence is a significant cyber risk, close behind malware at 33 percent, ransomware at 33 percent, and phishing at 30 percent. (prnewswire.com) (logicalis.com) The same survey found 77 percent of organizations experienced cybersecurity incidents in the past year, 57 percent said employees jeopardize data security through artificial intelligence use, and 34 percent said artificial intelligence created new security blind spots. Logicalis said “shadow AI” is a growing concern, meaning employees use unsanctioned tools outside approved security controls. (prnewswire.com) (logicalis.com) Security guidance is shifting toward least privilege, which means giving an agent only the minimum access needed for one task, not broad project-wide rights. Google’s Vertex AI documentation says access is controlled through project roles, service accounts, and custom permissions, and the National Institute of Standards and Technology’s Generative Artificial Intelligence Profile calls for governance, monitoring, and risk controls around deployment and operation. (cloud.google.com) (nist.gov) The Open Worldwide Application Security Project’s Generative Artificial Intelligence Security Project has also been building guidance for application teams that now have to treat models, prompts, tools, and connectors as part of the attack surface. That means agent security is moving out of experimental labs and into identity design, logging, approval flows, and architecture reviews. (genai.owasp.org) (nist.gov) The immediate question for companies is no longer whether to use agents. It is whether the agent’s permissions, data paths, and audit trails are tight enough that a helpful automation cannot become a trusted intruder. (cloud.google.com) (logicalis.com)