The Real AI Security Risk Isn't Data Leakage. It's What Your Agents Can Do

BusinessEnergyThe Real AI Security Risk Isn't Data Leakage. It's What Your Agents Can DoByGüney Yıldız,Contributor.Forbes contributors publish independent expert analyses and insights. I focus on the nexus of AI adoption, energy, and geopolitics.Follow AuthorMay 11, 2026, 06:13am EDT--:-- / --:--This voice experience is generated by AI. Learn more.This voice experience is generated by AI. Learn more.Agentic AI has moved the threat boundary inside the enterprise. Mindgard's Aaron Portnoy explains why authority, not access, is now the primary vulnerability.gettyFor most of the history of corporate cybersecurity, the central problem was access. Could the attacker get in? The defensive model followed: harden the perimeter, segment the network, control the gates, train the staff to recognize phishing. That logic still applies. It is no longer sufficient.The more consequential new question is authority. What can the AI agent actually do once it is already inside?Granting Code AgencyAaron Portnoy, Chief Product Officer at AI security firm Mindgard, has been making this argument before it reached board agendas. In an earlier interview, he described the structural problem with a directness that most vendor materials avoid: "You are granting code agency."That phrase is worth sitting with. An AI agent with enterprise permissions is not a chatbot. It can retrieve documents, query databases, write and execute code, open tickets, draft and send emails, move files, and trigger downstream workflows. It reads business context in natural language and acts on it. That capability is what makes it useful. It is also what makes it exploitable."I can coerce an internal asset to produce malicious content from the inside," Portnoy explained. "I'm not going to try to send that over the network. I'm just going to instruct in natural language to this agent, and it will build it and run it for me."MORE FOR YOUThe attacker, in this model, do...