Conference Description
Key Takeaways
- Panel discussion featuring security and product leaders from OpenAI, Cursor, Perplexity, and 1Password
- Focuses on the security implications of deploying AI agents with access to enterprise systems and data
- Addresses identity management, access control, and permission frameworks for autonomous AI systems
- Intended for security leaders navigating the operational risks of agentic AI adoption
Securing the Agentic Enterprise
As AI agents move beyond experimental demonstrations into production environments, security teams face a fundamentally new challenge: how to grant autonomous systems meaningful access to corporate infrastructure without introducing unacceptable risk. This panel convenes leaders from four organisations at the centre of this transition—OpenAI, Cursor, Perplexity, and 1Password—to examine the practical security considerations that emerge when AI agents become active participants in enterprise workflows.
The discussion arrives at a pivotal moment for enterprise technology adoption. AI agents now possess capabilities that extend well beyond conversational interfaces. They can execute searches across internal knowledge bases, generate and modify code, draft communications, make operational decisions, and initiate actions across the software tools that organisations depend upon daily. This expanded capability set represents both significant productivity potential and a substantial expansion of the attack surface that security professionals must defend.
The Shift from Demonstration to Deployment
The trajectory of AI agent development has accelerated considerably over the past eighteen months. What began as impressive but largely contained demonstrations has evolved into systems capable of sustained, semi-autonomous operation within enterprise environments. This transition fundamentally alters the security calculus. A chatbot that answers questions poses different risks than an agent that can authenticate to systems, retrieve sensitive data, and execute transactions on behalf of users.
Security teams find themselves in a familiar but intensified position: balancing the imperative to enable business innovation against the responsibility to protect organisational assets. The difference with agentic AI lies in the speed and scale at which these systems can operate. An agent with excessive permissions can traverse systems, access data, and take actions far more rapidly than a human user, compressing the window for detection and response when something goes wrong.
Identity and Access in an Agentic Context
Traditional identity and access management frameworks were designed around human users and, to a lesser extent, service accounts with predictable, narrowly scoped behaviours. AI agents challenge these assumptions. They may need to act on behalf of multiple users, access diverse systems depending on the task at hand, and make contextual decisions about what information to retrieve or what actions to take. The question of how to represent an agent’s identity within existing security architectures—and how to scope its permissions appropriately—remains an area of active development across the industry.
The principle of least privilege, long a cornerstone of access management, becomes both more important and more difficult to implement when the entity requesting access is an autonomous system whose behaviour may vary based on user prompts, model updates, or environmental factors. Determining the minimum necessary permissions for an agent that might be asked to perform a wide range of tasks requires new approaches to permission modelling and runtime access control.
Emerging Attack Surfaces and Threat Models
The introduction of AI agents into enterprise environments creates attack surfaces that security teams are still working to fully characterise. Prompt injection attacks, where malicious instructions are embedded in data that an agent processes, can potentially cause agents to take unintended actions or disclose sensitive information. The boundaries between trusted instructions and untrusted data become blurred when agents consume and act upon information from diverse sources.
Supply chain considerations also take on new dimensions. Agents may rely on external tools, plugins, or data sources that introduce dependencies outside the organisation’s direct control. The security posture of these external components directly affects the risk profile of the agent itself. Additionally, the models underlying these agents are periodically updated, potentially altering their behaviour in ways that affect security properties.
Building Toward Trustworthy AI Systems
The panel aims to move beyond theoretical concerns to address what security leaders can do now to prepare their organisations for broader AI agent deployment. This includes establishing governance frameworks that define acceptable use cases and risk thresholds, implementing monitoring and logging capabilities that provide visibility into agent behaviour, and developing incident response procedures that account for the unique characteristics of autonomous systems.
The participation of 1Password alongside the AI-native companies on the panel reflects the recognition that credential and secret management will play a central role in securing agentic systems. How agents authenticate to downstream services, how credentials are provisioned and rotated, and how access can be revoked when necessary are all questions that intersect traditional identity security with the novel requirements of autonomous AI.
Who Should Attend
This discussion is designed for security leaders, identity and access management professionals, and technology executives responsible for evaluating and governing AI adoption within their organisations. Those working in regulated industries where data protection and access control requirements are particularly stringent will find the conversation directly relevant to their compliance and risk management responsibilities. Engineering leaders building products that incorporate AI agents will also benefit from understanding the security expectations that enterprise customers are likely to bring to procurement discussions.
Practical Guidance for an Evolving Landscape
The conversation promises to address both immediate tactical concerns and longer-term strategic considerations. Understanding what risks are present today, what additional challenges are likely to emerge as agent capabilities expand, and how the industry can collectively develop AI systems that merit user and organisational trust represents essential knowledge for anyone responsible for enterprise security in an increasingly automated environment.

