Agentic AI is moving from pilot to production inside enterprise IT, but security operations teams are still catching up to the risks introduced by autonomous, tool-using systems.
Agentic AI demand grows as security and IT teams grapple with complexity
According to McKinsey’s State of AI 2025 report, 23% of organizations say they are already scaling an agentic AI system in at least one function, while another 39% are experimenting with the technology.
However, scaling remains limited in scope, typically confined to one or two business functions rather than broad enterprise deployment.
“IT teams and their network infrastructure are under intense pressure to meet the demands of modern business in every industry, from real-time global collaboration to business-critical processes and experiences, to all new applications powered by AI,” DJ Sampath, SVP and GM of AI software and platform at Cisco, told Channel Insider recently.
“The only way to meet these challenges and opportunities is to reinvent network operations with AI—AgenticOps is key to radically simplifying IT operations, management, and security for the AI era,” he continued.
Why human-led control is still critical
Even with this adoption in mind, Sampath and most industry leaders warn that fully turning over all authority to agentic systems is far from a sure bet right now.
“While agents handle speed and scale, humans remain in control. Agentic AI empowers agents to reason, plan, and execute autonomously, but final decisions, ethical oversight, and strategic direction still rest with humans,” said Sampath.
Capgemini found last year in its research that only 23% of leaders surveyed reported relatively high trust in AI agents, with 60% saying that they do not fully trust agents to manage tasks and processes autonomously.
For security and IT leaders, an architectural trust gap remains even as others in the business seek value from agentic workflows. Agentic AI expands the attack surface from model misuse to workflow compromise.
“Security must be embedded at every layer. As autonomy scales, trust must keep pace. In enterprise environments where actions must be explainable, approved, and accountable, it’s crucial that we govern the autonomy of agents.” Sampath said. “AgenticOps enables autonomous action with built-in governance and security that scales as your teams do.”
The new SecOps challenge: agents as autonomous operators
Unlike chat-based AI tools, agentic systems can plan multi-step workflows and invoke external tools, APIs, and data sources. That autonomy changes the risk profile.
Prompt injection becomes an operational compromise
The OWASP Top 10 for Large Language Model Applications identifies prompt injection as a leading risk category, particularly when models are connected to external tools or privileged systems. In agentic environments, injection can result in:
- Unauthorized tool invocation
- Data exfiltration
- Execution of unintended commands
For SecOps teams, this means traditional content scanning is insufficient; agents must be treated as high-privilege identities operating inside the enterprise.
Excessive agency is the new over-privileged account
OWASP also flags “excessive agency,” in which agents are granted excessive permissions, autonomy, or functional scope.
In practice, this resembles classic IAM failures:
- Over-scoped API tokens
- Unrestricted connector access
- No separation of duties between agent builders and approvers
Those traditional risks have now elevated to full-blown operational compromise because of the nature of agentic AI.
MITRE’s ATLAS OpenClaw investigation highlights how attackers can chain agent behaviors, tool access, and configuration weaknesses into full compromise paths.
As we’ve previously reported, AI agents should be monitored and governed like other privileged service accounts: with telemetry, containment controls, and incident response playbooks.
How MSPs and MSSPs can enable agentic SecOps
For service providers, agentic AI represents both a new risk domain and a managed services opportunity. The following are just a few of the key areas in which MSPs, MSSPs, and others can expand their offerings to protect customers and drive new revenue streams.
1. Agent identity and access management
MSSPs can extend IAM and PAM practices to AI agents by offering:
- Agent inventory and ownership mapping
- Scoped, time-bound API credentials
- Least-privilege connector access
- Segregation between agent development and approval
2. Guardrails for tool invocation
Providers can implement:
- Human-in-the-loop approval for high-risk actions, such as configuration changes, access revocation, and financial transactions
- Deterministic allowlists for tool use
- Policy enforcement at API gateways
These controls reduce the blast radius of prompt injection attacks.
3. Agent telemetry integrated into SOC workflows
Agents should generate:
- Logs of tool calls
- Data access trails
- Action execution histories
- Prompt lineage records
These telemetry streams can feed existing SIEM/XDR pipelines for anomaly detection and threat hunting, aligning with CISA’s secure deployment guidance. Partners who can guide customers through this work will secure those organizations while building stickier relationships over time.
4. Agent security testing as a managed service
Recurring services may include:
- Prompt injection red teaming
- Indirect injection testing
- Regression testing after workflow changes
- MITRE ATLAS–mapped adversary simulations
This shifts AI security from reactive incident response to proactive resilience engineering.
The bottom line: agentic AI is scaling, and security operations need to follow
Agentic AI is scaling across the enterprise, backed by rising budgets and measurable deployment, but security maturity is not keeping pace.
Research shows organizations are adopting autonomous agents even as trust and governance frameworks lag, while industry guidance warns that prompt injection, excessive agency, and tool misuse expand the attack surface.
For channel partners, this creates a clear opportunity: deliver agent-focused identity controls, monitoring, guardrails, and testing that enable enterprises to scale autonomy without increasing operational risk.
Interested in learning more about AI market trends? Check out our interview with Corey Noles and Grant Harvey, co-hosts of The Neuron, for Channel Insider: Partner POV!