There was a simpler time when cybersecurity risk could be drawn as a castle diagram—an analogy I’ve made many times in my writing career. Important things inside. Bad things outside. Firewall in the middle. Very comforting. Also, increasingly fictional.
Today’s enterprise is not a castle. It is a cloud estate, a SaaS estate, a data estate, an API estate, and now an AI estate, all held together by identity. This means the most serious cybersecurity risk is no longer one thing. It’s the convergence of three things: exposed data, AI systems that can act with invisible trust chains, and identities with swathes more access than they actually need.
That’s the big three: data, AI, and identity.
Data is the target of compromise
Attackers still want data because data is money, leverage, intelligence, and operational power. We now live in a world where AI adoption is outpacing governance, with many breached organizations lacking formal AI governance controls.
The problem isn’t just where data lives. It’s where data moves. Sensitive information now passes through collaboration platforms, cloud storage, analytics tools, SaaS applications, support systems, developer environments, AI prompts, logs, and automation workflows. A customer record can start in a CRM, appear in a spreadsheet, get copied into a ticket, be summarised by an AI assistant, and end up in a Slack thread with the cheerful confidence of a toddler holding scissors.
This creates some plate-juggling that data protection cannot stop at encryption, classification, or DLP. They matter, sure, but they don’t answer the operational question when our assessor says, “Can you prove least privilege?": Who, or what, can reach this data right now?
That’s where data risk becomes identity risk.
AI turns identity risk into action
The second risk is AI, especially agentic AI. Traditional software waits for instructions. AI agents can interpret tasks, call tools, trigger workflows, access files, write code, query systems, send emails, and make decisions. That doesn’t make them inherently bad. It makes them useful. Which, in security terms, is often where the trouble starts as everyone clamors to adopt the latest shiny assistant, without the slightest thought for agentic AI security compliance.
Back in 2025, Gartner warned that AI agents could reduce the time needed to exploit account exposures by 50% by 2027, because automation helps attackers move faster through weak authentication and exposed access paths. In separate findings, Gartner also noted that custom AI agents, the likes of workflows in OpenClaw, create new attack surfaces that need secure development and runtime controls.
OWASP’s 2025 guidance names excessive agency as a key LLM risk: AI systems being able to perform damaging actions because they have too much autonomy, too much permission, little visibility into their connections, and not enough control over how tools are invoked. OWASP further highlights sensitive information disclosure as a major LLM risk, exposing data they should never reveal, either accidentally, indirectly, or because the surrounding controls are weak.
An AI agent doesn’t need to “go rogue” in an epic Skynet kinda way to become a risk. It only needs access to the wrong data, the wrong workflow, or the wrong API at the wrong moment. Agent-to-agent (A2A) protocols connect within a single language framework, but lack explicit A2A security. Imagine an internal AI assistant revealing confidential HR records because it was connected to SharePoint or Google Drive with overly broad permissions.
Prompt injection, bad tool design, inherited permissions, shared credentials, and unclear ownership can turn a helpful assistant into a very efficient mistake with the permissions of whoever clicked “Y” when it asked for access to pretty much everything that uses their password.
The question’s no longer, “Are employees using AI?” Darn right they are. The right question has to be: which AI systems can act inside our environment, under whose authority, and with what limits?
Identity is the control plane
The third risk is identity, and it is the one that joins everything together. Data is the thing attackers want. AI can accelerate action. Identity is the permission layer that decides what’s possible.
Last year, Microsoft reported 97% of identity attacks were password spray attacks, proving that attackers are still quite happy using boring methods if boring methods work. Verizon analyzed 22,052 incidents and 12,195 confirmed breaches, with stolen credentials remaining a leading breach factor.
Identity risk isn’t just about employees. Modern estates include contractors, administrators, developers, service accounts, workload identities, API keys, bots, automation scripts, CI/CD pipelines, and AI agents. Some are human. Many are not. Some have owners. Many have owners in the same way the office mystery cable has an owner.
This is where least privilege becomes more than a best practice slide. AWS recommends temporary privileges for human users and workloads, and least-privilege permissions remain foundational to secure cloud access. NIST’s AI Risk Management Framework and ETSI EN 304 223 (Europe’s agentic AI security compliance baseline) also pushes organizations to govern, map, measure, and manage AI risk. And an AI audit of security practices will be a sobering part of any compliance audit in 2026 and beyond.
There is a practical lesson here:
- Standing privilege is dangerous because it turns compromise into opportunity.
- Just-in-time access reduces that window.
- Just-enough access reduces the blast radius.
- Continuous review helps remove access that nobody uses, nobody owns, and nobody wants to explain to the auditor.
The big three are really one cybersecurity risk
The mistake would be to write separate strategies for data, AI, and identity risk. That creates three committees, four dashboards, and one large headache in a zip file.
The better model is joined-up:
- Map sensitive data.
- Identify all the human and non-human identities that can reach it.
- Understand what actions those identities can take.
- Remove standing privilege where it is not needed.
- Use just-in-time access for elevated tasks.
- Treat AI agents as identities with scoped permissions, named owners, logs, and revocation paths.
- Prove it all with evidence.
CISOs need control. Cloud architects need workable patterns. SOC teams need signals they can act on. Auditors need proof. Nobody needs another dashboard that says, “Hmm, concerning,” and then wanders off.
The future of cybersecurity isn’t just about stopping attacks at the edge. The edge has dissolved. Castles have become kingdoms in the clouds. Attackers don’t need to break in if they can log in, and AI doesn’t need to be malicious to be accidentally catastrophic if it has sufficient access.
The work now is to control access at the point where data, AI, and identity meet.
We can get control over who or what can access what, when, and for how long. Start our free trial and, in as little as 30 minutes, organizations can get visibility into every entitlement, every identity, and every spurious access path. Then enable JIT access and remove standing privilege with clear, plain-English advice and actions.




