The Risky Business of Deploying AI Agents

Mesmerized by the hype around AI agents, many companies may not be paying enough attention to the potential hazards that come with them. 

Not only do AI agents bear the same challenges as ordinary language models, their  autonomous nature has the potential to multiply the risks, said Satish Shenoy, regional vice president of global technology alliances and AI strategy at SS&C Blue Prism. The frenzied speed at which enterprises are adopting the tech only exacerbates the dangers. 

“When you’re making these autonomous, there’s a lack of human oversight, and you are hoping and praying that what comes out of the agent is in line with what you expect,” said Shenoy. 

AI agents are built to interact on their own with several different parts of businesses. Because of that, risks such as data security slip-ups, compliance and governance problems, and quality issues with an AI agent could have “cascading effects,” said Shenoy, with the agent’s access creating an expanded attack surface. 

That doesn’t mean that AI agents should be avoided entirely, Shenoy said. Enterprises simply need to understand what they’re getting into and employ guardrails before diving in. 

There are several different types of precautions that can help rein in agents, said Shenoy, all of which should be considered by enterprises: 

• One is governance and risk-management guardrails, in which enterprise leaders assess the risk and reward of implementing an agent in any given situation. That includes taking into account regulatory considerations, Shenoy added. 
• Another is technical safeguards. Though these can be a “moving target” when considering the speed of change with AI, observability and oversight can help enterprises understand an agent’s outputs and behavior under different conditions, he said. 
• Finally, there are ethical guardrails such as transparency and explanations about both how and why AI agents are being used, he said. “Any decision you have the AI agent make can be audited and should be audited.” 

Despite the tech industry’s current excitement about agentic AI, it’s important not to let the hype overpower common sense: Think through why you need the tech before jumping in head first. “The first thing is to know your objective,” Shenoy said. “Don’t use a hammer to kill an ant.”

Starting small with deployments for specific use cases and thoroughly analyzing the results could keep your enterprise from the financial, reputational and regulatory damages of an agent going haywire, said Shenoy. 

“The speed of adoption is really outpacing the speed of governance frameworks being deployed” he added.