AI agents: permissions and operational risk

AI agents do not only automate tasks: they also introduce new identities, permissions and dependencies within infrastructure.

ComputerWeekly recently analysed how the adoption of AI agents is growing faster than many organisations’ ability to secure this new operating model. The discussion is no longer limited to generative AI as a support tool, but to systems capable of acting on applications, repositories, APIs, tickets, cloud platforms and internal workflows.

Source: ComputerWeekly – AI agents are here. Are we ready for the security implications?

When an agent stops responding and starts acting

An assistant responds to a request. An agent can execute actions.

That difference changes the risk. When an AI system can connect to internal services, query information, modify data, launch processes or interact with operational tools, it stops being a productivity layer and becomes part of the infrastructure.

At that point, the relevant questions are no longer only functional:

Which systems can it access?
What permissions does it have?
Which credentials does it use?
What actions can it execute without human validation?
How are its actions audited?
How can access be revoked if it behaves unexpectedly?

The risk is not only that an AI agent gives the wrong answer, but that it has permissions to act on real systems without enough control, traceability or containment capability.

New identities inside the operational environment

Cloud and DevOps infrastructures already involve complex identity management: users, services, technical accounts, tokens, runners, integrations, pipelines and automations. AI agents add a new layer to that model.

They are not human users, but they can act on behalf of people or systems. They are not traditional scripts, because their behaviour may vary depending on context. And they do not always fit neatly into conventional models for permissions, auditing and segregation of duties.

In real environments, this can lead to very concrete issues:

Agents with broader permissions than necessary.
Access to repositories or secrets without sufficient control.
Automated actions that are difficult to reconstruct.
Undocumented dependencies between agents and services.
Use of external tools without proper risk assessment.

The question is not whether AI agents are useful. They are. The question is whether they are being introduced into the operational environment with the same security, control and observability criteria applied to any other critical infrastructure component.

Automation has always required control. With AI agents, that need increases because behaviour may be less deterministic than in traditional automation.

A pipeline, scheduled task or script usually follows known paths. An agent can adapt its behaviour depending on the instruction received, the available tools, the accessible data and the operational context.

That can bring significant value, but it also makes supervision harder if clear boundaries have not been defined.

Before integrating agents into support, development, operations or security processes, several aspects should be addressed:

Complete action logging.
Separation between read and execution capabilities.
Access limits by environment.
Human validation for sensitive actions.
Periodic permission reviews.
Rapid blocking or revocation capability.

This is not about slowing down AI adoption. It is about preventing automation from advancing faster than the ability to operate it safely.

From experimental tool to infrastructure component

Many organisations start using AI agents for low-risk tasks: documentation generation, information analysis, development support or incident classification.

The real shift happens when those agents access production systems, cloud platforms, credentials, ticketing tools, repositories or deployment pipelines. At that point, they stop being an experiment and become another component of the operational architecture.

From an infrastructure perspective, this means treating them like any other element with potential impact:

Inventory them.
Limit their permissions.
Monitor their activity.
Audit their changes.
Segment their access.
Prepare containment scenarios.

At TeraLevel, we often see this transition with emerging technologies: they are first adopted for their usefulness, then integrated into critical processes, and finally need to be governed as a real part of operations.

Conclusion

AI agents can improve productivity, accelerate analysis and reduce repetitive tasks. But when they connect to real systems, they also introduce new risk surfaces.

Their security does not depend only on the model, but on the infrastructure where they operate: permissions, credentials, integrations, traceability, monitoring and containment capability.

The key is not to avoid AI agents, but to adopt them with the right control architecture from the beginning.

AI agents in infrastructure: new permissions, new dependencies and new operational risk

When AI agents connect to real systems, they stop being simple assistants and become part of the operational infrastructure.

Analysis of the operational risks introduced by AI agents when they access systems, APIs, repositories, credentials and cloud environments.

AI agents do not only automate tasks: they also introduce new identities, permissions and dependencies within infrastructure.

When an agent stops responding and starts acting

New identities inside the operational environment

Automation without traceability: a new blind spot

From experimental tool to infrastructure component

Conclusion

World-class Infrastructure Support

We combine industry experience, expert support, reliable infrastructure, and a comprehensive set of tools to help your team deliver software faster and more reliably.