New Report Warns: Unchecked Agentic AI Poses Critical Security Risk

JumpCloud Inc. has released a new e-book, “Who Let the Bot In? Control Agentic AI Before It Goes Too Far.” It addresses the urgent safety, security, and governance challenges presented by the rapid adoption of agentic AI.  It also includes a Risk Readiness Checklist to help organizations assess their preparedness. 

While traditional software follows commands, agentic AI operates like a digital coworker. This powerful autonomy introduces significant new risks that most organizations are not prepared to handle.

The e-book highlights a critical disconnect. While 82% of organizations are already using AI agents, only 44% have formal policies in place to manage them. This gap between adoption and governance leaves companies vulnerable to a new class of threats.

“Agentic AI’s ability to act independently is its biggest risk,” said Joel Rennich, Senior Vice President of Product Management, JumpCloud. “Without the right guardrails, it can cause unintended data loss, financial mistakes, or even compliance violations before anyone realizes what’s happening.” 

The report advocates for an “identity-first” governance model. It argues that AI agents must be treated as digital identities—just like human employees and non-human identities (NHIs)—with the same level of oversight and controls. This includes assigning a unique identity to each agent and continuously monitoring their actions in real time.

“Who Let the Bot In?” is a guide for IT and security leaders who need to understand the unique risks of agentic AI and establish proactive governance.  The e-book is now available for download here.