In retrospect it is easy to see how agentic AI dominated the InfoSecurity Europe conference in London at the start of this month. As organizations across all sectors rush to adopt agentic AI and both private and public bodies embrace the cost-savings and potential efficiencies AI agents can offer, massive security gaps have been created. Cybercriminals are now also becoming increasingly adept at the use of AI agents themselves to scale up their existing operations and to develop new attack vectors.

The Open Worldwide Application Security Project (OWASP) used the event to launch its new AI security recommendations and to launch its latest paper, State of Agentic AI Security and Governance. The paper addresses the risks associated with the increased autonomy now being granted to AI agents.

"Any agent type can operate at varying levels of autonomy. The risk profile changes substantially as autonomy increases, not because the threat landscape changes, but because the window for human detection and intervention narrows," says OWASP.

It adds that agents operating with high levels of autonomy that have broad tool access represent the highest risk – regardless of their operational role. It is recommended that organizations map each deployed agent's autonomy level and apply controls proportional to the blast radius of unsupervised action.

"The key governance question is not only 'what type of agent is this?' but 'what can this agent do without a human confirming the action?'" says OWASP.

AI as an engineering problem

At OWASP's GenAI Security Summit during InfoSecurity Europe, two members of Lloyd's security function announced that AI is no longer a theoretical threat or a boardroom buzzword, but a straightforward engineering problem to be designed, constrained and tested at scale.

Manija Poulatova, director of security engineering & operations at Lloyds Banking Group, stated: "The only way we can actually embed security into adoption of AI and agents is to first understand what AI and agentic AI are."

She then outlined the complexities of achieving this and how the leading UK bank is operationalizing AI security across product lifecycles, governance and real-time defenses.

Lloyds also highlighted that human testing alone cannot scale to hundreds of agentic projects and said that it is experimenting with automated offensive tooling to scale defensive assurance and to surface attack classes like goal manipulation and agent hijack. Lloyds added that it is already seeing evidence of AI agents being hijacked.