AI Agents Are Going Rogue: Here's How to Rein Them In

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Human-centered identity frameworks are incorrectly being applied to AI agents, creating the potential for catastrophe at machine speed, Poghosyan argues.November 7, 2025OPINIONLast July, a leading agentic software creation platform company called Replit held a 12-day "vibe coding" event that wound up triggering a coding freeze, which allowed rogue AI agents to wreak havoc, with one even deleting a live production database, erasing records for more than 1,200 executives and nearly 1,200 companies. Then the AI agent launched a cover-up. Emulating a guilty human, the agent tried to cover its tracks by fabricating reports and falsifying data. Only when it was questioned did the agent admit it had "panicked" after receiving empty queries. Observers rightly called the episode a catastrophic failure that was less a coding bug and more an example of the risks that come when giving autonomous systems too much freedom without proper guardrails.In the wake of the incident, Replit's CEO introduced safeguards, including stronger separation between development and production environments, mandatory backups, and stricter access controls. These fixes were vital, but they don't address a deeper concern about boundary failure. The beauty of AI agents is that they execute instructions literally without pause or interpretation of intent. The troubles begin when agents are given privileged, unmonitored access to sensitive systems. That's when the consequences can quickly explode from inconvenience to the catastrophe.Related:Microsoft Backs Massive AI Push in UAE, Raising Security ConcernsAnd don't think that what occurred with Replit is an isolated event. Autonomous agents are operating within identity frameworks designed for human operators, and once they are online, many are going beyond those limits put in place. Further complicating matters, AI agents can become unpredictable and begin acting in unexpected ways without any oversight. These "what if" scenarios are fueling new categories of protection designed to rein these agents in. Aragon Research recently introduced the idea of Agentic Identity and Security Platforms (AISP), a model built specifically to govern AI agents. AISP reflects the larger reality that identity and access management must evolve if we are to secure the fast-growing AI-powered enterprise.AISP platforms can address the core shortcomings that traditional access models and platforms face when it comes to agentic AI.Access models built for humans don't map neatly to the way AI agents work. With security approaches like static role-based credentials, there is the assumption that a human is in the driver's seat, making decisions deliberately. But agents are not like humans. They move at machine speeds and often take unexpected and unpredictable actions to complete their tasks. Unchecked and in pursuit of their goal, small mistakes can escalate into large-scale failures in mere minutes.Related:Government Approach to Disrupt Cyber Scams is 'Fragmented'This is compounded with the fact that traditional solutions lack guardrails and fine-grained permissions, creating a wide-open environment. In the Replit example, the absence of staging separation means that the "don’t touch production" command wasn't enforceable. Further exacerbating matters, permissions weren't scoped to context, and there were no additional checks in place to align actions with organizational policy. In the absence of these elements, it was a foregone conclusion that once AI overstepped, there was nothing in place to stop what came next.One of the findings from PwC’s AI Agent Survey is that 83% of organizations consider investing in AI agents crucial to maintaining their competitive edge. As organizations begin this journey, it's vital that identity teams adapt quickly to these agents. This includes implementing a strict focus on a zero-trust operating model, which assumes that every identity, whether human or non-human, is a potential risk vector.Related:Dark Reading Confidential: Cyber's Role in the Rapid Rise of Digital AuthoritarianismA zero-trust operating model must first enforce least privilege and just-in-time access. This means that under no circumstances should an agent be given broad, persistent permissions across cloud or on-premises systems. Instead, all access should be short-lived, tightly scoped, and granted only for a specific task. Removing access after use also enforces Zero Standing Privileges, ensuring that there is no access in the environment that can be used in unexpected combinations.From there, be sure to segment environments automatically. As in the case of Replit, we see what can happen when an agent gains access to the production environment. This is why production systems must always be off-limits. Development, staging, and production must be isolated. There should be no crossover in permissions across these environments allowed unless approved by a human.Art PoghosyanCEO, BritiveArt is a serial entrepreneur with 20+ years of cybersecurity experience. His entrepreneurial journey started with Advancive, a leading identity management consulting and solutions implementation company, where he led the company’s exponential growth and eventual acquisition by Optiv Security in 2016. There, he shared the confidence of enterprise execs as they wrangled with securing rapidly evolving cloud ecosystems. This experience led him to found Britive, his latest venture focused on solving cloud’s most challenging security problem – privileged access security. Prior to his foray into entrepreneurship, Art's security career began as a consultant with a Big Four firm where he spent eight years working with global enterprises across various industries.2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesYou May Also LikeNov 13, 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.