AI is no longer just a tool for helping humans to get more done with greater efficiency. With autonomous agents, AI can now take on its own tasks and make its own decisions in enterprise environments. According to Gartner, by 2028, at least 15% of day-to-day work decisions will be made through agentic AI, up from virtually none in 2024.
With agent orchestration and deployment scaling fast, security teams are realizing that most of the risk doesn’t come from the agents themselves. It comes from the connections they maintain. Every API, database connection, SaaS integration, MCP server, and agent-to-agent workflow creates a new trust relationship that requires proper governance. Right now, most organizations don’t have agent-specific cyber governance strategies in place.
That’s why leaders in the AI security space such as Wiz are increasingly focused on helping organizations understand and secure these emerging agentic AI attack surfaces. Let’s take a closer look at the security challenges associated with agent-to-tool, agent-to-data, and agent-to-agent interactions, along with some practical approaches for reducing risk.
Why AI Agent Orchestration Creates New Security Challenges
AI agents present a unique security challenge. A single agentic workflow may interact with dozens of systems, whether those are internal databases, cloud resources, source code, or external APIs.
What’s more, agents often have full autonomy to decide what resources to use and when. Tool selection can change from one task to the next, making it unpredictable for any kind of static security control.
This dynamic behavior can quickly spin out of control. Every new agent connection introduces new permissions and data flows, presenting a potential entry point for abuse. The more agents an organization deploys, the faster the attack surface grows, and the harder visibility becomes.
The AI agent attack surface breaks down into three core trust relationships:
- Agent-to-tool trust is about what tools an agent can access and what it can do through them.
- Agent-to-data trust is about what an agent can see. Overbroad permissions here are one of the most common misconfigurations in agentic environments.
- Agent-to-agent trust is the most complex. When agents hand off tasks to each other, the output of one becomes the input of another, and a problem anywhere in that chain can escalate fast.
Common Risks in Agent-to-Tool Connections
A lot of risk in agent relationships comes down to excessive permissions. It’s easy to over-grant upfront and never come back to fine-tune, leaving agents to carry way more permissions than necessary.
Third-party connections amplify the dangers. In these cases, you often have no control over how a third-party tool handles authentication, manages credentials, or logs activity. These weaknesses immediately transfer over to your environment.
Then there’s shadow AI tooling. Companies usually have more AI activity in their environments than they realize, and governance is nearly impossible without a clear inventory of what’s connected.
That is why dedicated platforms like Wiz are so valuable. They provide all the visibility you need in one place, starting from asset discovery and relationship mapping through identifying live exposures across the AI environment.
The Data Access Problem
Agents need data to function. The problem isn’t data access unto itself, but when it takes place in an uncontrolled way.
The path of least resistance is to give agents broad access. But that approach leaves customer data, financial records, source code, or credentials exposed in workflows where they have no business being.
So how do we balance giving agents the data they need without overexposing? The answer is least privilege. Figure out the least access every agent needs and restrict everything else.
Wiz helps put this into practice by finding sensitive data exposure pathways and telling you exactly where AI systems interact with critical assets.
Securing Agent-to-Agent Workflows
Complex workflows chain multiple agents together. One may gather information, another analyzes it, while a third triggers an action. But when agents hand off tasks to each other, the chain of responsibility blurs.
Permissions can carry over without real approval, and one misconfigured agent can affect everything downstream.
The fix is treating each agent as a distinct identity with verified credentials and permissions that link strictly to its role in the workflow. Every handoff needs monitoring, with audit trails that cover the full chain rather than just entry and exit points.
Why Agentic Identity Governance Matters
Treating agents as identities isn’t just good practice for multi-agent workflows. It’s the foundation of agentic security. Every agent should have a defined owner and permissions, just like any human user or service account.
If anything, this matters even more for agents than it does for humans. The former can be spun up and granted broad access without security teams ever knowing.
Agentic identity governance comes down to a few basic questions: what can this agent access, what can it do, who approved those permissions, and how are changes tracked? Wiz’s AI-SPM capability helps answer these questions by automatically discovering all AI usage across the environment and generating a complete AI bill of materials.
The Growing Importance of AI Telemetry
Knowing your agents exist is not enough. You also need visibility into what they’re actually doing at runtime. AI telemetry tracks tool calls, data retrieval events, and agent-to-agent communications as they happen.
That’s the kind of insight you need to truly stay ahead of threats rather than diagnose them after something goes wrong.
Wiz provides AI telemetry with real-time correlation across signals, identity context, and cloud It maps the full path of any suspicious activity, allowing teams to work directly within Wiz or pipe it into their existing SIEM.
MCP Security and Emerging Agent Ecosystems
Model Context Protocol (MCP) is the standard for how AI agents connect with external tools. It went from 100,000 SDK downloads in its first month to 97 million monthly by March 2026. But fast adoption rarely comes with equally rapid security maturity.
The same issues that affect agent connections broadly show up in MCP environments too. What’s more, many organizations don’t even know how many MCP servers they are running.
Getting it right starts with inventory. Everything else follows from there, and then the same governance principles apply.
Conclusion
Securing agentic workflows is quickly becoming a priority. Slowing down adoption is not the answer. Instead, organizations should focus on implementing the right controls from the start.
Dedicated AI security solutions such as Wiz make the process a lot easier by serving as a central hub for all things agent orchestration security, starting from discovery and identity governance to runtime monitoring.
FAQ
What are agent-to-tool connections in AI systems?
They’re how AI agents interact with the outside world. It includes any API call, database query, cloud resource access, and any external service an agent needs to get a task done.
Why are AI agent connections considered a security risk?
Each connection is a new trust relationship. Without tight permission control, any single compromised or misconfigured connection can compromise the entire workflow.
What is agentic identity governance?
It’s the practice of treating AI agents like any other identity in your environment. Every agent should have a defined owner, explicit permissions, and someone actively responsible for keeping those things current.
What is AI telemetry?
It’s runtime visibility into what your agents are actually doing. Which tools are they calling? What data are they pulling? How are they talking to other agents?
What is MCP security?
MCP (Model Context Protocol) security is about restricting the way AI agents access external tools and resources. It requires solid authentication, authorisation and monitoring practices.
How can organizations secure multi-agent systems?
Start with identity-based controls and least-privilege access, and then add runtime monitoring and AI telemetry. The goal is full visibility into your highest-risk workflows.
How does Wiz help secure AI agents?
Wiz offers teams a single-dashboard view of their AI ecosystem. It begins with agent discovery, then examines how those agents work and what sensitive data they might be accessing. This visibility enables teams to make informed decisions around the security of their workflows.
Photo by Mohamed Nohassi: Unsplash
Noah Nguyen is a multi-talented developer who brings a unique perspective to his craft. Initially a creative writing professor, he turned to Dev work for the ability to work remotely. He now lives in Seattle, spending time hiking and drinking craft beer with his fiancee.
