{"id":225076,"date":"2026-06-03T07:01:00","date_gmt":"2026-06-03T11:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/ai-agents-put-cybersecurity-frameworks-to-the-test\/"},"modified":"2026-06-03T07:05:14","modified_gmt":"2026-06-03T11:05:14","slug":"ai-agents-put-cybersecurity-frameworks-to-the-test","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/ai-agents-put-cybersecurity-frameworks-to-the-test\/","title":{"rendered":"AI agents put cybersecurity frameworks to the test"},"content":{"rendered":"<p><a href=\"https:\/\/www.ciodive.com\/news\/agents-change-cybersecurity-frameworks\/821801\/\">AI agents put cybersecurity frameworks to the test<\/a><\/p>\n<p><a href=\"https:\/\/www.ciodive.com\/news\/agents-change-cybersecurity-frameworks\/821801\/\">https:\/\/www.ciodive.com\/news\/agents-change-cybersecurity-frameworks\/821801\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-03 07:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.ciodive.com\">www.ciodive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>        Listen to the article<\/p>\n<p>            7 min<\/p>\n<p>            This audio is auto-generated. Please let us know if you have feedback.<\/p>\n<p>AI agents are rapidly changing the way enterprises operate, reshaping the cybersecurity landscape for those that use them \u2014 and expanding risk across different parts of the business.\u00a0<br \/>\nThe appeal to deploy the technology is massive. Enterprises are set to more than double their spending on generative AI models and AI agents, with an additional $6 billion in spending on them in 2026, a recent Gartner report found. While some organizations report agentic systems and agents are used for very discrete tasks, others say they\u2019ve embedded AI into human decision-making with plans to use it mostly without human intervention.\u00a0<\/p>\n<p>But in the last month, newer, more powerful models such as Anthropic\u2019s Mythos and OpenAI\u2019s launch of the Daybreak initiative have highlighted just how much access agentic AI can get. Executives must steer their organizations toward a new model for risk management that responds to the shifting profile of cybersecurity in the agentic era.<br \/>\nMore than half of executives said their organization had an AI-related security incident or a close call last year, according to a recent Okta report. AI providers themselves have gotten in on enterprise AI security management as cyber risk becomes a greater concern.\u00a0<br \/>\nAlthough many enterprises quickly jumped on the hype of agentic AI, tech leaders are realizing they introduce a complicated mix of benefits and risks to organizations, Shiva Varma, senior director analyst at Gartner,\u00a0told CIO Dive. Agentic AI is changing the type and frequency of risk that enterprises face and is making security a cross-organization responsibility.<br \/>\n\u201cThey don&#8217;t solve every problem, they come with a lot of risk, and they are very expensive to run,\u201d Varma said.\u00a0<br \/>\nA new risk landscape<br \/>\nAgentic AI has developed beyond the ability to generate text, images or code, and has taken on decision-making and task execution, performing duties traditionally done by human employees, said Aunshul Rege, a cybersecurity professor at Temple University.\u00a0<br \/>\nAn average agent could be accessing the internet, querying a database or combing through sensitive information across an enterprise\u2019s entire knowledge base. Because AI agents are given this autonomy, their permissions must be carefully considered, Janet Worthington, a senior analyst at Forrester, said.\u00a0<\/p>\n<p>Worthington said she\u2019s seen a trend of clients giving too much agency to agents in the name of productivity. Although companies form AI guidelines or policies for their employees, agents are built to complete tasks, Worthington said, often at any cost. As companies embed them into systems, they can learn to overcome obstacles even when they run into security-focused roadblocks or guardrails.\u00a0<br \/>\n\u201cEvery time they create an action, they learn from that, and so when they encounter issues in the real world, when they&#8217;re being asked to do something, they will go back, learn and try a different way,\u201d Worthington said.\u00a0<br \/>\nHumans operate this way too, she said. But agents don\u2019t \u201cclock out,\u201d she added.\u00a0<br \/>\n\u201cIf we don&#8217;t start treating these agents as their own particular identities and constrain them, then we&#8217;re going to see a lot more issues,\u201d Worthington said.\u00a0<br \/>\nCliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, likened the rise of agentic AI to the cloud revolution a decade ago. Companies are moving from operating their own equipment and processes to automating them.<br \/>\n\u201cIt changes the amount of risk when we take on new tools,\u201d Steinhauer said. \u201cIt\u2019s a new skill set, and much more to manage than we\u2019ve seen before.\u201d<br \/>\nAside from overreaching agents, the technology also makes companies more vulnerable to malicious outside attacks, Rege said, as human behavior and trust still play a large role. Employees could begin trusting automated systems the same way they trust their human colleagues.\u00a0<br \/>\n\u201cMany attacks succeed because they exploit people, workflows and organizational protocols,\u201d Rege said.<br \/>\nWho is responsible for secure AI?<br \/>\nHistorically, cybersecurity has been the responsibility of the CISO or IT teams. But AI systems used across an organization are disrupting this structure, Rege said. Tech executives\u2019 biggest challenge is no longer control, but rather coordination of an organization\u2019s tech strategy, Deloitte recently found.\u00a0<br \/>\nHR might use AI for hiring, finance may use agents for procurement or analysis, and legal teams may use AI for contracts. Security teams can\u2019t govern all of these decisions in isolation.<br \/>\n\u201cI think what we are seeing is a shift toward shared responsibility,\u201d Rege said.\u00a0<br \/>\nA technology leader such as a CIO might own the decision-making around which AI models to use, while the cybersecurity team puts controls in place, Steinhauer said. Human resources and other people-focused teams might take on the enforcement of policy violations.\u00a0<br \/>\n\u201cIt\u2019s important to get these groups aligned,\u201d Steinhauer said.\u00a0<br \/>\nThe role of the CISO is also changing, Worthington said. The role is morphing into the trust and assurance authority within an organization who has to think about AI outcomes, if they can be audited and how to explain outcomes to the board.<br \/>\nSteinhauer said he\u2019s seen AI management roles get added to the C-suite in titles such as chief AI officer.\u00a0<br \/>\n\u201cThe thing with AI is it can do a lot, but it doesn&#8217;t have a lot of context, so you need somebody who&#8217;s been in the business and can understand [the] context of your business,\u201d Steinhauer said. \u201cThey can answer, \u2018Is this a desired output from what we&#8217;re doing with AI?\u2019\u201d<\/p>\n<p>Security vs. governance<br \/>\nThe rollout of AI has come hand-in-hand with the desire for governance, though many organizations struggle to determine which guiding principles to apply to their systems. But just because an organization has a governance policy does not mean it\u2019s absolved of security risks, Rege said.\u00a0<br \/>\nExecutives should think of governance as a set of rules for how human employees are expected to use AI, Steinhauer said. This is where organizations should aim to be collaborative so expectations are understood across each department.\u00a0<br \/>\n\u201cGovernance asks questions such as: Should we be using this system? What decisions is it allowed to make? Who is accountable if something goes wrong?\u201d Rege said. \u201cWhat level of human oversight is necessary?\u201d<br \/>\nMeanwhile, a security strategy is focused on protecting the systems, data and infrastructure from compromises. It more closely aligns with the traditional goals of cybersecurity teams.<br \/>\nSecurity, governance and risk management should be reviewed cyclically, and policies will likely ebb and flow as the technology develops and organizations figure out which tools are essential.<br \/>\n\u201cOrganizations should resist the temptation to treat AI as either magic or catastrophe,\u201d Rege said. \u201cThe better approach is to be structured and risk-based.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI agents put cybersecurity frameworks to the test https:\/\/www.ciodive.com\/news\/agents-change-cybersecurity-frameworks\/821801\/ Publish Date: 2026-06-03 07:01:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":225077,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/ihGlUwKGDoRqs-S2uo8IOXwKKW_tBI25jtc_8wjOk4k\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMTg3ODQxMjQ4LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31],"class_list":["post-225076","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225076"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225076"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225076\/revisions"}],"predecessor-version":[{"id":225078,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225076\/revisions\/225078"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225077"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}