Part 3: The Future of Autonomy – Securing Agentic Workflows



If LLMs are the "brain," AI Agents are the "hands." As vendors move toward securing agentic workflows, the stakes shift from data leaks to unauthorized actions.

In Parts 1 and 2, we explored how data protection vendors are using DSPM and CSPM to govern how AI "reads" data. But we are quickly moving into a new era: The Agentic Era.

Unlike a chatbot that simply summarizes a document, an AI Agent—powered by platforms like Google's Gemini or Microsoft's Copilot—can act. It can trigger a refund in a CRM, update a record in a production database, or move files between cloud buckets. While this level of automation is a productivity goldmine, it creates a massive "Identity Crisis" for primary data security.

The Shift from "Read" to "Write" Risk

The moment an AI is given "Agency," the security model must change. In a traditional setup, humans are the primary actors. In an agentic workflow, a Non-Human Identity (NHI)—the service account belonging to the agent—is the one making changes. Recent research from Rubrik Zero Labs highlights that non-human identities now outnumber human users by a staggering 82:1, creating a massive, unmanaged attack surface (Source: CSO Online).

If that agent is compromised via Indirect Prompt Injection (where an agent reads a malicious email or file that contains hidden instructions), it could be tricked into using its "write" permissions to delete primary data or exfiltrate a database under the guise of a routine task.

How Data Protection Platforms are Evolving for Agents

To secure these autonomous workflows, data protection vendors are shifting from static backups to Active Governance:

  1. Identity-Aware Data Resilience: Vendors like Rubrik and Veeam are now focusing on "Identity Resilience." This means ensuring that if an AI agent is compromised, its blast radius is contained. Rubrik’s new Agent Cloud initiative focuses on bringing these non-human identities into a "least-privilege" managed model (Source: CRN Asia).

  2. AI-Specific Firewalls: Following its $1.725 billion acquisition of Securiti AI in late 2025, Veeam has integrated an "AI Firewall." This tool inspects the prompts and outputs of agents in real-time, preventing "Toxic Entitlements" where an agent might accidentally (or maliciously) be granted the power to modify sensitive primary data (Source: IT Vortex).

  3. Real-Time Audit Trails for AI: Cohesity, through its Gaia platform and expanded partnership with Google Cloud, is creating a "Black Box Recorder" for AI. It allows enterprises to audit exactly which historical data an agent accessed and what actions it took, ensuring that "digital insiders" are as accountable as human ones (Source: IT Brief Asia).

Conclusion: The New Guardian of the AI Frontier

The convergence is complete. Data protection vendors have moved from the "basement" of IT—handling tapes and backups—to the "front lines" of the AI revolution. By mastering DSPM, CSPM, and Identity Governance, these companies have become the essential guardrails for the modern enterprise.

In 2026 and beyond, the most successful companies won't just be the ones with the fastest AI; they’ll be the ones who can prove their AI is safe, because they’ve secured the data and identities that power it.

Comments

Post a Comment

Popular posts from this blog

I Took My Own Advice in an Interview. Pure Storage Didn't Flinch.

Image
I'm joining Pure Storage on March 2nd to be part of the technical marketing team, and I'm genuinely excited about it. During the interview process, I took my own advice from a blog post I wrote a few weeks ago and asked them the question that makes most candidates nervous: "What concerns do you have about me for this role?" They didn't flinch. They gave me real feedback. We had an actual conversation about fit, not just a polished interview performance. That's when I knew this was the right place. What Got Me Excited The conversations with Pure focused on enablement. Not campaigns. Not metrics. Enablement. How do we help the people in front of customers have better conversations? How do we give them what they actually need to succeed? Those questions resonated with me because I've done that work before. I know what it's like when you have the right materials at the right time. When customer stories are authentic and metrics are real. When enablem...
Read more

If I do the homework, you owe me a phone call. The death of decency in hiring.

Image
Honestly, I almost didn't post this. You know how it is. You don't want to look salty. You don't want to look difficult. It’s easier to just roll your eyes and move on to the next application. But I can’t be the only one dealing with this nonsense, so I’m saying it. Here’s the situation: I’m interviewing for a senior role. Things are going great. The hiring manager is cool, we’re clicking, the vision matches. Then comes the homework. And not a 30-minute writing sample. They asked for the full package: A 12-month strategic plan for Analyst Relations. How to position them for MQs, Waves, the works. I sat down and did the work. I audited their competitors. I built the roadmap. I gave them a strategy I would usually charge a consulting fee for. I sent it off, ready to talk shop. The result? Ghosted by the human, rejected by the robot. No feedback. No "hey, thanks for the effort." Just a generic, no-reply template email: “We have decided not to move forward.” Since w...
Read more

The One Question That Terrifies Candidates But Wins Offers - It's not "How's the Culture?"

Image
If I’ve been a little quiet on here lately, it’s not because I’m sipping coconuts on a beach. It’s because I’ve been in the trenches. I’ve been doing the rounds—interviewing with a bunch of different companies, shaking hands (or bumping elbows), and sitting in a lot of hot seats. And when you do that many interviews back-to-back, you start to see patterns. You see the same generic questions, the same awkward pauses, and the same moment where the power dynamic shifts. It happens when the interviewer closes their laptop, leans back, and asks: "So, do you have any questions for me?" Most people play it safe here. They ask about work-life balance or what a typical Tuesday looks like. Those are fine, but let’s be real: polite questions don't get you the job. If you really want to stand out—and more importantly, if you want to know if you actually got the gig, you need to stop being a passenger. You need to be bold. You need to ask the questions that make your palms sweat. Her...
Read more