As organizations rush to deploy AI agents, many are discovering that their biggest security vulnerabilities aren’t where they expected them to be. Microsoft’s Ryan Jones, General Manager, Power Platform ,has observed a troubling pattern: companies are focusing on data security concerns while missing fundamental governance gaps that create real risk.
“Many organizations are underinvested from a governance perspective,” Jones explains. “They’re worried about agent security, but when we ask what that means, it’s often ‘well, they may be able to access such and such data’ – and it’s like, well, can’t users access that data today?”
The most significant security vulnerability isn’t AI agents themselves, it’s the foundational access controls that organizations have neglected for years. Jones points to a common scenario: companies using company-wide sharing links that provide broad access to information across the organization.
“Agents generally operate as the calling user,” Jones notes. “It’s not like agents magically get more permissions than users already have.” The problem is that many organizations have been granting overly permissive access for years, and AI agents simply make these existing vulnerabilities more visible.
This revelation forces an uncomfortable reckoning: the security issues organizations attribute to AI agents often existed long before AI entered the picture. Agents are just the messengers highlighting poor access governance that was already creating risk.
Jones identifies two critical anti-patterns that lead to governance failures, which he characterizes as opposing extremes that both create significant security risks.
The first is what he calls the “Ostrich” approach. Organizations that see AI and low-code changes happening but “stick their head in the sand and don’t really do much of anything.” This laissez-faire approach seems low-risk initially, but it creates a dangerous trajectory.
“These technologies foster organic adoption,” Jones explains. “It’s easy to go from having no oversight to having tens or hundreds of thousands of users using these apps and agents. Once that happens, it’s difficult to get the genie back in the bottle.”
The second extreme is “Doctor No,” organizations that default to rejecting every AI proposal out of security concerns. While this might seem safer, Jones argues it actually creates greater security risks through shadow IT adoption.
“If you remember Jurassic Park, life will find a way,” Jones references. He shares a healthcare example where IT wouldn’t allow automation of supply chain management systems, so users exported core ERP data to Excel files nightly to build their automations around the governance boundary.
“While the intent behind that IT teams’ ‘no’ is better security or governance, this guy is now literally exporting the core ERP system on a nightly basis to work outside the governance boundary,” Jones explains. “That’s far worse than the original risk IT was trying to prevent.”
Perhaps the most compelling argument against the “Doctor No” approach is the economic reality of individual AI adoption. Jones points to OpenAI’s revenue growth around ChatGPT, noting that many purchases are made by individuals rather than organizations.
“We don’t think those individuals are using ChatGPT tools for their own personal benefit,” Jones observes. “They’re using tools they pay for, likely out of their own pocket, to be more effective in their job on a daily basis.”
This creates a critical blind spot for security teams. When organizations refuse to provide governed AI tools, employees don’t stop using AI; they use ungoverned external services with practically no control over data flow or appropriate usage.
“I can tell you that right now, there are companies whose employees have ChatGPT subscriptions on their own personal credit card. They’re using the unsanctioned AI tool because they find it makes them more productive at work,” Jones shares. “And it’s likely they’re still learning how to use their company’s internal tools.”
Jones predicts that AI proficiency will become a career necessity across industries, creating unstoppable adoption pressure. “We are headed to a place in the workforce where the ability to use AI to help increase one’s personal productivity is going to be critical to success in one’s career,” he explains.
This means every employee in a performance-oriented culture will feel pressure to become more efficient and effective through AI, whether through organizational tools or shadow IT solutions. The security implication is clear: organizations that don’t provide governed AI access are essentially forcing their employees into ungoverned alternatives.
For CISOs facing pressure to deploy agents quickly while managing security concerns, Jones offers a reframing of the challenge. “The question is going to be less about whether we deploy AI and agents in our organizations, but more focused on how we deploy AI and agents within our organizations.”
This shift in perspective acknowledges that AI adoption is inevitable while focusing energy on the controllable factors: governance frameworks, risk assessment, and managed deployment strategies.
Jones recommends CISOs approach AI security through multiple dimensions:
“When you look at agents across those different dimensions, that’s how you can plot them against an adaptive governance framework,” Jones explains.
When agents make decisions that create compliance issues, Jones suggests treating them like human decision-makers. “We have humans that approve expense reports incorrectly all the time,” he notes. “So we have to look at the risk and the compensating controls around that incorrect approval.”
This means implementing familiar security basics: audit trails for agent decisions, diagnostic capture explaining agent reasoning, and blast radius containment to limit the impact of incorrect decisions. “The most effective way is to start thinking about how we manage risk of agents the same way we manage risk around humans today.”
The fundamental message from Jones is that security teams need to move beyond fear-based rejection toward risk-based enablement. The current approach of avoiding AI to prevent security issues is actually creating greater security risks through ungoverned shadow IT adoption.
that recognize this reality and implement appropriate governance frameworks will not only improve their security posture but also enable the productivity gains that make AI adoption inevitable.
The security reality check isn’t about whether AI agents pose risks; it’s about whether organizations will manage those risks proactively through governance or reactively through crisis management after ungoverned adoption creates real damage.
For more information please visit https://www.microsoft.com/en-us/power-platform