Agentic AI,
Artificial Intelligence & Machine Learning,
Governance & Risk Management
Shilpa Sawant Discusses the Internal Risks Posed by Autonomous AI Agents
Autonomous artificial intelligence agents are transforming the landscape of insider threats by functioning at machine speed while simulating human-level access and privileges. These advanced systems operate independently within organizational environments, executing actions that were historically reserved for human users. As a result, they introduce distinct security vulnerabilities.
Additional Resource: OnDemand | Transform API Security with Unmatched Discovery and Defense
Shilpa Sawant, Vice President at Sumitomo Mitsui Banking Corporation, emphasizes the proactive nature of these agents, stating, “These agents are not passive tools. They are autonomous actors. They have access to systems, data, and privileges akin to those of regular human staff, which can be exploited in undetectable ways.” The sophisticated capabilities of these AI agents necessitate a reevaluation of security protocols.
To counteract such risks, organizations are urged to adopt customized, role-based security practices instead of generic policies. Enhanced communication and hyper-personalized awareness initiatives will help foster a deeper comprehension of potential threats and weave security into everyday operational processes. Sawant advocates for consistent monitoring of both human employees and AI behavior, as well as the implementation of least-privilege access, zero trust principles, and data-centric controls prioritizing sensitive information over system access.
In her interview with the Information Security Media Group, Sawant addressed various pressing topics, including the evolving nature of insider threats amid hybrid work environments, the role of agentic AI in broadening internal risk through automated malicious actions, and metrics indicative of the maturity of insider threat programs.
With over 17 years of cybersecurity expertise in diverse sectors across Asia, including global banking and conglomerates, Sawant has developed robust, business-centric security frameworks. Her focus spans advanced ransomware defenses, software supply chain security, and risk mitigation for emerging technologies. She strives to enhance organizational cyber maturity and promote risk-aware cultures while implementing “Security by Design” principles.
