Treat AI like a user: The missing piece in your agentic strategy

ARTIFICIAL intelligence has accelerated at warp speed over the past two years, with the spotlight shifting from chatbots to autonomous agents that can reason and carry out multi-step tasks.

Unlike cloud adoption, which took many firms a decade or more to mature, this wave is already at the doorsteps of organisations – and knocking. There is also growing pressure from shareholders and board members for the fast adoption of AI across industries.

But as the pace quickens, a harder question follows: How do you secure the way AI agents operate – what they can access and do – as they connect to data, apps and application programming interfaces?

Without controls, they can become a new kind of insider risk – powerful, fast and difficult to monitor at scale – whether misused intentionally or manipulated by external attackers.

The risks are already showing up: About 99 per cent of organisations have encountered an attack on an AI system in 2024.

The figure comes from global cybersecurity leader Palo Alto Networks’ State of Cloud Security report, based on a survey of executive leaders and cloud security practitioners across 10 countries, including Singapore.

As more AI is plugged into enterprise systems, the attack surface expands – and agents can become a new pathway for attackers to infiltrate the organisation.

Adoption has clearly outpaced the security work needed to keep up, says Haji Munshi, Palo Alto Networks’ vice-president and managing director of ASEAN.

Other studies have also found that while 78 per cent of organisations globally are transforming their businesses with AI, only 6 per cent have the guardrails to do so securely.

In a simulation by Unit 42 – the Palo Alto Networks threat research and incident response team – researchers used AI to simulate a cyberattack (from compromise to exfiltration) in 25 minutes and steal data without being detected.

This was 100 times faster compared with traditional attack methods.

“By the time we are done with a conversation, the bad guys would have built some code, exfiltrated your data and left,” says Munshi.

“We expect the adoption of agents to be exponential in the coming years, and they will be interacting with systems like humans.”

Managing such agents will become more complex as they become part of workflow and operations, he notes, so it is important that businesses start getting a handle on what AI agents can be allowed to do from now.

The priority, Munshi highlights, is to treat them like any powerful user in the enterprise.

“That’s the only reasonable way to scale within an enterprise – to clearly map out what privileges an agent has, and what guardrails determine how it can be used,” he says.

How to keep your AI agents secure

In Singapore, machine identities outnumber those of humans by 107:1, according to Palo Alto Networks’ 2026 Identity Security Landscape report.

The challenge for organisations now is, therefore, speed on two fronts – adopting AI quickly, while defending it against threats that are evolving just as fast.

That, Munshi says, has to start with using AI to counter AI: automating parts of the security workload that human teams cannot keep up with at scale, from triaging alerts to helping teams respond and recover.

He adds that the advantage of an AI-led approach is that it can be proactive, not just reactive – spotting suspicious behaviour early and testing defences continuously.

That capability depends on breadth of visibility, he adds, which is why Palo Alto Networks leans on the threat intelligence it gathers across its customer base of over 70,000 firms, including banks and government agencies.

“One of the most successful ways by which we convince customers on this is to also talk about our own story,” Munshi says.

“We are one of the most attacked organisations in the world. Our integrated security operations centre successfully blocks 30.9 billion inline attacks each day.”

One tool it has developed is Prisma AIRS, which helps secure an organisation’s entire AI ecosystem, from the AI models themselves to autonomous AI agents.

It can continuously test AI apps and models by looking for vulnerabilities like a real attacker. It also secures AI agents from impersonation and other threats such as memory manipulation and tool misuse.

For AI companies, that kind of protection is increasingly central to product trust.

Work AI platform Glean in the US, for example, has described using Prisma AIRS to stay ahead of evolving attacker techniques, and confidently deliver a secure and continuously defended AI environment to its customers.

As more organisations deploy AI across their digital infrastructure, the need for robust checks grows. Some firms are also rolling out small and medium language models built on internal data, which may not come with the minimal safeguards that large public models do.

With Prisma AIRS, these models can be assessed repeatedly and continuously, helping organisations tighten security as their AI footprint expands.

What Prisma AIRS can do for you

Prisma AIRS delivers comprehensive end-to-end AI security, securing all interactions between AI models, agents, data and users.

Continuously validated through autonomous AI red teaming, the platform helps enterprises cut through noisy signals by bringing discovery, testing and protection across their AI ecosystem into one connected layer – so teams can see what matters and respond faster.

With this approach, organisations can innovate securely and confidently. Now available on a Singapore-based cloud, Prisma AIRS helps local and regional firms scale up while keeping sensitive data within the country.

In a nutshell, Prisma AIRS offers:

• AI Model Security: Enables the safe adoption of third-party AI models by scanning them for vulnerabilities, and securing your AI ecosystem against risks such as model tampering, malicious scripts and deserialisation attacks.
• AI Red Teaming: Uncovers potential exposure and lurking risks before bad actors do. Performs automated penetration tests on AI apps and models using a red teaming agent that stress-tests your AI deployments, learning and adapting like a real attacker.
• AI Runtime Security: Protects your LLM-powered AI apps, models and data against runtime threats such as prompt injection, malicious code, toxic content, sensitive data leaks, resource overload, hallucinations and more.
• AI Agent SSPM (SaaS Security Posture Management): Secures AI agents – including those built on no-code/low-code platforms – against new agentic threats such as identity impersonation, memory manipulation and tool misuse.

Learn more about how Prisma AIRS can help secure your AI transformation journey.

Expand

In March, Palo Alto Networks made the full Prisma AIRS platform available on a Singapore-based cloud.

It will integrate into the existing cloud infrastructure in the city-state, providing Singapore-based and regional customers with access to the platform, while meeting their data residency needs without compromising on security or performance.

As Singapore ramps up its AI efforts, it is crucial that cybersecurity is a big part of the adoption, says Munshi.

This localised landing, he notes, provides Singaporean organisations with domestic, high-performance access to critical AI security capabilities.

“We are proud to support Singapore’s National AI Strategy 2.0 by providing the operational resilience organisations need to innovate and scale AI securely,” he adds.

Keeping up with AI security

But securing AI is only part of the picture; the next bottleneck is operational complexity.

As AI becomes embedded in workflows, security teams face more connections, more alerts and less time to react.

In that environment, fragmented tooling can slow response instead of strengthening it. Organisations juggle an average of 83 security solutions from 29 vendors, says Munshi.

He adds: “They have so many alerts, and they get alert fatigue. They’re trying to find the signal in the noise, and that’s been the problem.”

The solution, they say, is to take the platform approach – fewer, more connected systems that share context, automate routine decisions and help teams prioritise the risks that matter.

Research from IBM and Palo Alto Networks shows that organisations adopting platformisation report significantly fewer incidents and data breaches, with detection times reduced by 72 days and containment times shortened by 84 days.

Notably, 80 per cent of these organisations also report full visibility into vulnerabilities and threats, compared to just 28 per cent of non-adopters.

As AI becomes part of everyday workflows, AI agents and models will become like any powerful user with clear privileges.

This means guardrails and continuous monitoring are crucial to keep operations safe.

“Only when security is built in from the start can AI speed things up on a firm foundation and become a true accelerator for business,” stresses Munshi.

“Even as they race to adopt AI to gain an early edge, organisations should be beefing up their security at the same time to ensure they are building up an advantage for the long term.”

Find out more about Prisma AIRS here.