Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted AI & Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted AI & Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted AI & Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted AI & Cloud Consultant
CSAIChaptersEventsBlog
Discover why hybrid cloud is now the standard. Register for the June 4 webinar to explore unified security strategies →

Shadow AI Agents: The Insider Threat You're Not Monitoring Yet

Published 05/26/2026

Home
Industry Insights
Shadow AI Agents: The Insider Threat You're Not Monitoring Yet
Originally published by Akto.
Written by Krishanu Borah.

The shadow AI conversation that started two years ago was about data leakage. An employee pasted a customer list into ChatGPT. A developer dropped proprietary code into a chat window. The risk was real, but the shape of it was familiar.

Security teams responded with the controls they already had: Data loss prevention guardrails for the prompt, CASB for the SaaS session, and training for the employee.

That shape changed in the past twelve months. The same employees who used to paste data into a chat window now point autonomous agents at folders, repositories, and internal systems and ask them to do something. Shadow AI agents read files, run commands, call APIs, query databases, and trigger other agents. They inherit whatever permissions the employee who deployed them had. They act on those permissions at machine speed, often without a second approval after the initial prompt.

The earlier risk was that shadow AI exposed your data. The risk now is that it operates on it. The controls built for the first problem were not designed to see, let alone govern, the second.

State of AI Visibility iceberg

 

Where shadow agents actually show up

That shape changed in the past twelve months. The same employees who used to paste data into a chat window now point autonomous agents at folders, repositories, and internal systems and ask them to do something. Shadow AI agents read files, run commands, call APIs, query databases, and trigger other agents. They inherit whatever permissions the employee who deployed them had. They act on those permissions at machine speed, often without a second approval after the initial prompt.

 

Personal accounts make the picture worse

Forty-seven percent of AI use inside enterprises happens through personal accounts.

Personal accounts sit outside SSO, outside identity governance, outside any audit log. They cannot read corporate systems directly, but they do not need to. Anything the employee has already pulled onto the local machine is fair game, and the agent can act on it at with no record of what it touched. Consumer AI products were not built with enterprise identity controls because they did not need to be.

 

What this means for CISOs

The challenge is not that employees are using unauthorized AI tools. It is that employees are now deploying autonomous systems that inherit enterprise access, make decisions, call tools, and persist beyond the original user action. The organization often has no inventory of those agents, no visibility into their permissions, no understanding of what external systems they connect to, and no ability to inspect the instructions or skills driving their behavior.

Recent enterprise research found that 79% of organizations still lack visibility into AI agents and MCP-connected systems operating inside their environments.

That creates three immediate gaps.

First, organizations do not know where agents exist. Traditional discovery methods were built for applications, endpoints, and SaaS tenants. They were not built to identify ephemeral agent runtimes inside IDEs, local desktops, browser sessions, MCP servers, or personal AI accounts.

Second, organizations cannot reliably see what agents are allowed to do. An agent may inherit GitHub access, cloud credentials, internal API tokens, local filesystem access, browser sessions, or SaaS permissions from the employee running it. In many cases, the effective permission set of the agent exceeds what the employee consciously realizes they granted.

Third, organizations rarely inspect the agent logic itself. Security teams review code, infrastructure, and access policies. They do not yet routinely inspect prompts, skills, MCP tool definitions, memory stores, agent instructions, or chained automations for malicious behavior, prompt injection exposure, data exfiltration paths, or unsafe execution patterns.

The result is a growing blind spot where autonomous systems can access sensitive data, execute actions, and communicate externally without appearing in existing security workflows.

The response cannot be another awareness training deck telling employees not to use AI. The adoption curve is already past that point. Agents are becoming part of how work gets done across engineering, operations, support, sales, and finance. The realistic path forward is governance that assumes agents already exist and focuses on visibility, control, and runtime enforcement.

That means:

  • Discovering agents, MCP servers, skills, and AI-connected workflows across endpoints and SaaS environments
  • Mapping the identities, tokens, APIs, and data sources each agent can access
  • Inspecting prompts, instructions, skills, and tool definitions for malicious or unsafe behavior
  • Monitoring agent execution paths, not just user logins
  • Applying least privilege to non-human identities created for agents
  • Extending governance to personal-account usage, where enterprise data reaches unmanaged runtimes
  • Treating agent inventory as a continuously changing attack surface rather than a quarterly review exercise

Shadow AI agents are not a future problem. They are already operating inside enterprise environments, often created by trusted employees trying to move faster and automate repetitive work. The insider threat is no longer just the human user. Increasingly, it is the autonomous system acting on that user's behalf, at machine speed, with enterprise access, and without oversight.

About the Author

Krishanu Borah is at Akto, leading Agentic AI Security and MCP Security platform. Partners with Fortune 1000 security teams across financial services, technology, and manufacturing to govern the new era of Agentic AI at scale. Shapes Akto's product strategy across continuous discovery, guardrails, and automated AI red teaming.

Zero TrustIdentity and Access ManagementSaaS GovernanceArtificial Intelligence

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
Cloud Security Insights From CSA Experts
Free Virtual Summit Registration + 50% Off TAISE for Attendees
AI Security Maturity Model (AISMM)
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Secure your cloud data with Zero Trust Training
Related Articles:
The Attribution Gap: Why Every AI Regulation Leads Back to Identity and Authorization

Published: 05/26/2026

How a Penetration Test Builds Customer Trust & Strengthens ISO 42001 Certification

Published: 05/21/2026

What Recent Medical Device Breaches Reveal About Security Gaps in the Cloud

Published: 05/21/2026

Introducing the AI Security Maturity Model (AISMM)

Published: 05/20/2026