Forbes Council Warns Businesses To Secure AI Agents

Joel Burleson-Davis, CTO at Imprivata, writes in a Forbes Councils post that agentic AI is shifting from passive analysis to autonomous action and that enterprises must treat this as a security issue. The article cites McKinsey's 2025 State of AI survey finding that 62% of respondents are at least experimenting with AI agents and 23% are scaling them. The post highlights elevated risk in sectors such as healthcare and critical infrastructure where autonomous actions can have real-world consequences. For practitioners, this trend raises immediate needs around endpoint controls, least-privilege delegations, transaction auditing, and fail-safe human-in-the-loop designs because autonomous agents change the threat model from data exfiltration to action control.
What happened
Joel Burleson-Davis, CTO at Imprivata, writes in a Forbes Councils post that the industry is moving into an era of agentic AI, where models can initiate workflows and execute actions rather than only surfacing analysis. The article cites McKinsey's 2025 State of AI survey finding that 62% of respondents are at least experimenting with AI agents and 23% are scaling them in at least one function. The post calls out heightened operational risk in sectors such as healthcare and critical infrastructure, and frames the shift as a change in the basic question from what AI can do to what AI should be allowed to do.
Editorial analysis - technical context
Agentic AI expands the attack surface because agents execute state changes across services, not just return text. Industry-pattern observations: comparable autonomous systems introduce new control vectors, including credential delegation, unattended API access, and decision-automation pathways. These patterns increase the importance of robust identity and access management, fine-grained policy enforcement, and verifiable auditing trails. For teams that already run orchestration or CI/CD automation, the operational controls are similar in concept but must be adapted for AI-driven decision loops and probabilistic behavior.
Industry context
Companies adopting autonomous agents change risk priorities from model accuracy only to operational safety, traceability, and governance. Industry observers have repeatedly highlighted that deployments with action capabilities elevate regulatory and compliance exposure, especially where incorrect actions produce physical or clinical harm. Bessemer Venture Partners named securing AI agents the defining cybersecurity challenge of 2026, noting that the same autonomy that makes agents valuable makes them dangerous when compromised. For practitioners, this means security and ML/ops must coordinate earlier in the lifecycle to align threat models with control design.
What to watch
- •Adoption signals: broader movement from experimental pilots to scaled, production agent deployments.
- •Controls maturation: standardization of delegation patterns, credential brokering, and agent identity.
- •Auditability: emergence of tamper-evident logs and signed decision artifacts for regulatory evidence.
- •Incident taxonomy: classification of agent-caused incidents to inform mitigation playbooks.
For practitioners
Prioritize mapping where agents are permitted to act, instrumenting actions with immutable logs, and integrating human approval gates where the cost of error is high. The Forbes Councils post does not prescribe a single technical architecture, but frames securing agentic AI as an operational imperative businesses must confront as deployments scale.
Key Points
- 1Agentic AI moves systems from insight to action, raising control and accountability needs for production deployments.
- 2McKinsey's 2025 State of AI survey (cited in the Forbes piece) shows 62% experimenting and 23% scaling agents, indicating rapid adoption and rising exposure.
- 3For practitioners, the practical priorities are access delegation, immutable auditing, and human approval gates for high-risk actions.
Scoring Rationale
A Forbes Councils opinion piece by a vendor CTO (Imprivata) that cites real McKinsey adoption data and raises legitimate enterprise AI agent security concerns. Useful practitioner framing but is vendor-authored opinion, not independent research or news. Calibrated down from n8n estimate to reflect the opinion/promotional nature of Forbes Councils content.
Sources
Primary source and supporting public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

