Dive Brief:
- IBM is beefing up AI agent security and governance capabilities for customers wanting to scale the technology responsibly, the infrastructure provider said Wednesday.
- The vendor is bolstering the integration of its end-to-end watsonx.governance tool and its Guardium AI Security tool, which is used to secure AI models, data and usage. Customers will be able to validate compliance with a dozen frameworks, including the Europe Union’s AI Act. The two tools also have expanded capabilities, such as detecting new AI use cases to provide visibility in decentralized ecosystems and automated red teaming.
- “AI agents are set to revolutionize enterprise productivity, but the very benefits of AI agents can also present a challenge,” Ritika Gunnar, IBM’s general manager of data and AI, said in the announcement. “When these autonomous systems aren’t properly governed or secured, they can carry steep consequences.”
Dive Insight:
AI agents can quickly become cybersecurity disasters.
“Agentic AI is particularly interesting in that it brings a set of challenges around ensuring that the software is taking actions within the context of the person who’s asking,” Amazon Chief Security Officer Steve Schmidt said during a conference last week. “Put that in the context of a government organization where there are classification decisions that have to be made, there’s access control limitations [and] there are reasons that you can access certain sets of data.”
Today, organizations are still figuring out how to ensure that these tools are doing “exactly the right thing every single time,” and how to demonstrate that to stakeholders or regulators, Schmidt added.
The stakes are high to get governance right.
In just a few years, Gartner expects enterprises will trace 1 in 4 breaches back to agentic use. While IT leaders are bullish on adoption, they, too, are concerned about the technology’s potential weaknesses, with many wanting stronger data privacy and security features within agentic tools and services.
Vendors are working to ease governance gaps for enterprises. As part of ServiceNow’s March Yokohama release, the agent provider touted “built-in governance and audit-ready data.” The company also released an AI agent control tower in May to bridge governance gaps.
IBM said it plans to make an agent onboarding risk assessment, agent audit trails and an agentic tool catalog available next week in addition to the updates introduced on Wednesday.
“The future of AI depends on how well we secure it today. Embedding security from the start is essential to protecting data, supporting compliance obligations and building lasting trust,” Suja Viswesan, VP, security and runtime products at IBM, said in the announcement.
