IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

#
IAM
#
Risk & Compliance
#
GenAI

Exclusive: CyberArk highlights risks of unmanaged AI agents in agentic era

Thu, 4th Dec 2025
Author image
By Melania Watson, Interview Editor

CyberArk is urging enterprises to prioritise visibility and governance amid a rapid shift from generative AI to autonomous agentic systems, warning that a lack of oversight could put organisations at risk.

Omer Grossman, Chief Trust Officer and Head of CYBR Unit at CyberArk, said that face-to-face engagement remains critical to understanding how organisations are adapting to the accelerated pace of AI-driven change.

"Travel taught me that 2D is nothing like 3D - it's always best to meet in person," Grossman noted. "Maybe one day AI agents will replace all of us. But until they do, human interaction is very important."

Grossman emphasised that while organisations globally are exploring different approaches to AI, regions like Australia are in a unique position for strong growth, especially in cybersecurity.

Agentic AI shift introduces new operational risks

CyberArk reports that businesses are advancing from machine learning through generative AI to the emerging "agentic" era, where autonomous agents can complete tasks and make decisions on behalf of their organisations.

"We are in the middle of the generative AI wave, which gained traction with the ChatGPT moment," said Grossman. "Now, we're shifting toward the agentic AI era - moving from simply prompting for answers to delegating actual tasks."

He cautioned that agentic AI is fundamentally different from conversational models, and that they are, in fact, high-permission identities within the organisation. While there is significant industry "hype," few organisations have deployed AI agents at scale.

"Everywhere you look, it's the biggest hype," he said. "However, when you look under the hood, not many have fully transitioned to an actual agent strategic capacity."

Lifecycle control and auditability essential

CyberArk warns that deploying autonomous agents without establishing a framework for responsible operation can quickly create risk. Grossman emphasised the need for robust identity lifecycle management and audit capabilities for all machine identities.

"There are more than 80 machine identities per human identity in the average enterprise," Grossman said. "With agentic AI, you can easily end up with thousands, tens of thousands, or even hundreds of thousands of agents. If it's not managed right, it will break the business."

He noted that strict audit capabilities are essential to allow organisations to quickly determine whether incidents originate from a human or an agent, helping teams trace problems and restore service.

Building governance for long-term value

According to Grossman, a solid governance foundation is critical for sustainable AI adoption.

"Imagine a skyscraper. If the foundation isn't stable, renovating the penthouse is cool but it doesn't really matter if you end up with the building leaning on the side," he said.

Most enterprises, Grossman explained, need to think long-term. Investing in governance, training, and the right committees at the start may slow initial deployment but enables faster, safer growth later.

"Governance is a force multiplier if you take the long-term scenario," he added.

Organisational structures set to evolve

Grossman predicts that agentic AI will reshape team structures and workflows. Some roles could become obsolete, leaving the machine to do the more mundane tasks, but he believes AI will also unlock more creative and strategic opportunities for humans.

"AI as a whole, and agentic AI specifically, necessitates a mind shift and an update to organisational operations," Grossman said. "People shouldn't be afraid of owning and being accountable for machine-generated work."

He expects automation to flatten organisational hierarchies and sees a future where engineering teams collaborate with large numbers of automated "coworkers," handling routine tasks while humans focus on oversight and approval.

"The next phase will be a joint human and machine developer team where you have humans and hundreds of agents working for them, mostly doing code review and approving it," added Grossman.

Visibility the top priority

As the adoption of agentic AI accelerates, Grossman urges CIOs and IT leaders to maintain visibility. An inventory of agents is, he says, the foundation for any secure setup.

"Every CIO needs an inventory for all the agents," Grossman concluded. "If you don't have an inventory, you can't add the necessary security, guardrails, or lifecycle management layers."

CyberArk continues to advise organisations on how to safely navigate the emerging agentic AI landscape, emphasising the need for careful planning and strong governance at every step.

Related stories
Anthropic expands Claude AI tools for health & trials
Top 10 data governance best practices to implement today
Coding jobs squeezed as AI reshapes developer roles
Dropzone AI hires leaders to drive EMEA & APAC push
Elyos AI raises USD $13m to scale trade service agents

Top stories

Flora & Fauna customers fund greener parcel deliveries
Rubrik launches CXO Visionaries for cyber & AI leaders
AI value proving elusive for many Australian firms
Google debuts Disco to test AI-powered GenTabs apps
Lancom gains AoG status for New Zealand government IT