{"id":59247,"date":"2025-08-26T16:00:00","date_gmt":"2025-08-26T16:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=141922"},"modified":"2025-08-26T16:00:00","modified_gmt":"2025-08-26T16:00:00","slug":"securing-and-governing-the-rise-of-autonomous-agents","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/","title":{"rendered":"Securing and governing the rise of autonomous agents\u200b\u200b"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2025\/08\/Security_CISO2_Blog_250821-1024x576.png\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"wp-block-paragraph\"><em>In this blog, you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice, forward-looking commentary on where the industry is going, things you should stop doing, and more.<\/em><\/p>\n<h2 class=\"wp-block-heading\" id=\"by-2026-enterprises-may-have-more-autonomous-agents-than-human-users-are-we-ready-to-secure-and-govern-them\">By 2026, enterprises may have more autonomous agents than human users. Are we ready to secure and govern them?<\/h2>\n<p class=\"wp-block-paragraph\">2024 was a year defined by learning about generative AI. Organizations were experimenting with it: testing its boundaries and exploring its potential. In 2025, organizations moved into execution. Autonomous agents are no longer theoretical. They\u2019re now being deployed across development, operations, and business workflows.<\/p>\n<p class=\"wp-block-paragraph\">This shift is being driven by platforms like\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/product-style-guide-msft-internal\/copilot-guidance\/copilot\/microsoft-copilot-studio\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Copilot Studio<\/a> and\u202f<a href=\"https:\/\/ai.azure.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure AI Foundry<\/a> and accelerated by patterns like\u202f<a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-copilot\/blog\/copilot-studio\/introducing-model-context-protocol-mcp-in-copilot-studio-simplified-integration-with-ai-apps-and-agents\/?msockid=3c654f21eb946e9411275cf6eab96f8e\" target=\"_blank\" rel=\"noreferrer noopener\">Model Context Protocol<\/a> (MCP) and\u202f<a href=\"https:\/\/techcommunity.microsoft.com\/blog\/appsonazureblog\/building-agent-to-agent-a2a-applications-on-azure-app-service\/4433114\" target=\"_blank\" rel=\"noreferrer noopener\">Agent-to-Agent<\/a> (A2A) interactions. These agents are evolving from tools into digital actors\u2014ones capable of reasoning, acting, and collaborating.<\/p>\n<p class=\"wp-block-paragraph\">That evolution brings real value. But it also introduces a new class of risk\u2014and with it, a new set of responsibilities.<\/p>\n<h2 class=\"wp-block-heading\" id=\"the-rise-of-the-agent-what-s-here-and-what-s-next\">The rise of the agent: What\u2019s here and what\u2019s next<\/h2>\n<p class=\"wp-block-paragraph\">To understand the rise of autonomous agents, it\u2019s worth starting at the beginning. Generative AI first captured the spotlight with models that could produce human-like text, code, and imagery. Meanwhile, researchers were also advancing autonomous systems designed to perceive, decide, and act independently. As these two domains converged, a new class of AI emerged\u2014agents capable not just of generating output, but of taking action towards goals with limited human input. Today, these agents are beginning to surface across each layer of the cloud stack, each designed to tackle different layers of complexity:<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Software as a service (SaaS)-based agents<\/strong>, often built using low-code or no-code platforms like Copilot Studio, are enabling business users to automate tasks with minimal technical support.<\/li>\n<li class=\"wp-block-list-item\"><strong>Platform as a service (PaaS)-based agents<\/strong>\u202fsupport both low-code and pro-code development, offering flexibility for teams building more sophisticated solutions. Azure AI Foundry is a good example.<\/li>\n<li class=\"wp-block-list-item\"><strong>Infrastructure as a service (IaaS)-based agents<\/strong> are typically deployed in virtual networks (VNETs), virtual private clouds (VPCs), or on-premises environments, often as custom models or services integrated into enterprise infrastructure.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">Each of these categories includes both\u202fcustom-built first-party\u202fand\u202fthird-party individual software vendors (ISVs)\u202fagents, all of whom are\u202frapidly multiplying across the enterprise. As organizations embrace this diversity and scale, the number of agents will soon outpace human users\u2014making visibility, oversight, and robust governance not just important, but essential.<\/p>\n<h2 class=\"wp-block-heading\" id=\"the-new-risk-landscape-why-agents-are-different\">The new risk landscape: Why agents are different<\/h2>\n<p class=\"wp-block-paragraph\">While autonomous agents unlock new levels of efficiency, scalability, and continuous operation for organizations, they also introduce a fundamentally different risk profile:<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><strong>Self-initiating<\/strong>: Agents can act without direct human prompts, enabling automation and responsiveness at scale\u2014but this autonomy also means they may take unintended actions or operate outside established guardrails.<\/li>\n<li class=\"wp-block-list-item\"><strong>Persistent<\/strong>: Running continuously with long-lived access allows agents to deliver ongoing value and handle tasks around the clock. However, persistent presence increases the risk of over-permissioning, lifecycle drift, and undetected misuse.<\/li>\n<li class=\"wp-block-list-item\"><strong>Opaque<\/strong>: Their ability to operate as \u201cblack boxes\u201d can simplify complex workflows and abstract away technical details, but it also makes them difficult to audit, explain, or troubleshoot\u2014especially when built on large language models (LLMs).<\/li>\n<li class=\"wp-block-list-item\"><strong>Prolific<\/strong>: The ease with which agents can be created, even by non-technical users, accelerates innovation and experimentation\u2014while simultaneously increasing the risk of shadow agents, sprawl, and inconsistent governance.<\/li>\n<li class=\"wp-block-list-item\"><strong>Interconnected<\/strong>: By calling other agents and services, they can orchestrate complex, multi-step processes\u2014but this interconnectedness creates complex dependencies and new attack surfaces that are challenging to secure and monitor.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">Given this new risk profile, these autonomous agents aren\u2019t a minor extension of existing identity or application governance\u2014they\u2019re a new workload. Treat them accordingly.<\/p>\n<p class=\"wp-block-paragraph\">What\u2019s more\u2014as they scale, <strong>they will soon outnumber human users in the enterprise<\/strong>.<\/p>\n<h2 class=\"wp-block-heading\" id=\"common-failure-points-in-autonomous-agents\">Common failure points in autonomous agents<\/h2>\n<p class=\"wp-block-paragraph\">Despite their impressive capabilities, AI agents can still make mistakes. These errors tend to arise during long-running tasks, where \u201ctask drift\u201d can occur, or when the agent encounters malicious input such as Cross Prompt Injection Attacks (XPIA). In these cases, the agent may veer off course or even be manipulated into acting against its intended purpose.<\/p>\n<p class=\"wp-block-paragraph\">That\u2019s&nbsp;why&nbsp;it\u2019s&nbsp;useful to approach agent security the same way you would&nbsp;approach working&nbsp;with&nbsp;a junior employee: by setting clear guardrails, monitoring&nbsp;behavior, and&nbsp;establishing&nbsp;strong protections.&nbsp;Microsoft is addressing XPIA with prompt shields and evolving best practices. Robust authentication can help counter deepfakes, and improved prompt engineering through orchestration or employee training can reduce hallucinations and strengthen overall response accuracy.<\/p>\n<h2 class=\"wp-block-heading\" id=\"understanding-model-context-protocol-for-agent-governance\">Understanding Model Context Protocol for agent governance<\/h2>\n<p class=\"wp-block-paragraph\">One of the most powerful enablers of the growth of autonomous agents is the Model Context Protocol (MCP). MCP is an open standard that allows AI agents to securely and effectively connect with external data sources, tools, and services\u2014providing flexibility to fetch real-time data, call external tools, and operate autonomously. This open standard essentially acts as a \u201cUSB-C port for AI.\u201d<\/p>\n<p class=\"wp-block-paragraph\">But with that flexibility comes risk. Poorly governed MCP implementations can expose agents to data exfiltration, prompt injection, or access to unvetted services. Because MCPs are easy to create, they can proliferate quickly, often without proper access controls or oversight. This is where <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/role-based-access-control\/custom-overview\" target=\"_blank\" rel=\"noreferrer noopener\">role-based access control<\/a> (RBAC) becomes critical: MCP\u2019s ability to connect agents to a wide range of resources means that robust, granular access controls are essential to prevent misuse. However, implementing effective role-based access control for MCP-enabled agents is complex: it requires dynamic, context-aware permissions that can adapt to rapidly changing agent behaviors and access needs. Without this rigor, organizations risk over-permissioning agents, losing visibility into who can access what, and ultimately exposing sensitive data or critical services to unauthorized use.<\/p>\n<p class=\"wp-block-paragraph\">In short, agents don\u2019t sleep, they don\u2019t forget, and they don\u2019t always follow the rules. That\u2019s why governance and thought-through authorization can\u2019t be optional, for both agents and MCP servers.<\/p>\n<h2 class=\"wp-block-heading\" id=\"securing-and-governing-agents-starts-with-visibility\">Securing and governing agents starts with visibility<\/h2>\n<p class=\"wp-block-paragraph\">The first challenge customers raise is simple: \u201cDo I even know which agents I have?\u201d Before any meaningful governance or security can take place, organizations must achieve observability. Without a clear inventory of agents\u2014across SaaS, PaaS, IaaS, and local environments\u2014governance is guesswork. Visibility provides the foundation for everything that follows: it helps organizations to audit agent activity, understand ownership, and assess access patterns. Only with this single, unified view can organizations move from reactive oversight to proactive control.<\/p>\n<p class=\"wp-block-paragraph\">Once visibility is in place, securing and governing agents requires a layered approach built on seven core capabilities:<\/p>\n<h3 class=\"wp-block-heading\" id=\"identity-management\"><strong>Identity management<\/strong><\/h3>\n<p class=\"wp-block-paragraph\">Agents must have unique, traceable identities. These identities might be identities derived, but distinguishable, from user identities or independent identities like those used by services\u2014but no matter what they are, these identities need to be governed throughout their lifecycle (from creation to deactivation) with clear sponsorship and accountability to prevent sprawl.<\/p>\n<h3 class=\"wp-block-heading\" id=\"access-control\"><strong>Access control<\/strong><\/h3>\n<p class=\"wp-block-paragraph\">Agents should operate with the minimum permissions required. Whether acting autonomously or on behalf of a user, access must be scoped, time-bound, and revocable in real time.<\/p>\n<h3 class=\"wp-block-heading\" id=\"data-security\"><strong>Data security<\/strong><\/h3>\n<p class=\"wp-block-paragraph\">Sensitive data must be protected at every step. This requires implementing inline data loss prevention (DLP), sensitivity-aware controls, and adaptive policies to prevent oversharing. These safeguards are especially critical in low-code environments where agents are created quickly and often without sufficient oversight.<\/p>\n<h3 class=\"wp-block-heading\" id=\"posture-management\"><strong>Posture management<\/strong><\/h3>\n<p class=\"wp-block-paragraph\">Security posture must be continuously assessed. Organizations need to continually identify misconfigurations, excessive permissions, and vulnerable components across the agent stack to maintain a strong baseline.<\/p>\n<h3 class=\"wp-block-heading\" id=\"threat-protection\">Threat protection<\/h3>\n<p class=\"wp-block-paragraph\">Agents introduce new attack surfaces; therefore, prompt injection, misuse, and anomalous behavior must be detected early. To mitigate this increased surface area for attacks, signals from across the compute, data, and AI layers should feed into existing extended detection and response (XDR) platforms for proactive defense.<\/p>\n<h3 class=\"wp-block-heading\" id=\"network-security\">Network security<\/h3>\n<p class=\"wp-block-paragraph\">Just like users and devices, agents need secure network access. That includes controlling which agents can access which resources, inspecting traffic, and blocking access to malicious or non-compliant destinations.<\/p>\n<h3 class=\"wp-block-heading\" id=\"compliance\">Compliance<\/h3>\n<p class=\"wp-block-paragraph\">Agent activities must align with internal policies and external regulations. Organizations should audit interactions, enforce retention policies, and demonstrate compliance across the agent lifecycle.<\/p>\n<p class=\"wp-block-paragraph\">These are not theoretical requirements; they are essential for building trust in agentic systems at scale.<\/p>\n<h2 class=\"wp-block-heading\" id=\"building-the-foundation-agent-identity\">Building the foundation: Agent identity<\/h2>\n<p class=\"wp-block-paragraph\">To address the need for augmented governance, Microsoft is introducing <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-entra-blog\/announcing-microsoft-entra-agent-id-secure-and-manage-your-ai-agents\/3827392\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Entra Agent ID<\/strong><\/a>\u2014a new identity designed specifically for AI agents. You can think of them the same way as managed identities (MSIs) with no default permissions. They can act on behalf of users, other agents, or independently, with just-in-time access that\u2019s automatically revoked when no longer needed. They\u2019re secure by default, auditable, and easy for developers to use. As organizations move beyond managing just users and applications, the need to extend these foundational identity principles to AI agents becomes increasingly important.<\/p>\n<p class=\"wp-block-paragraph\">An emerging strategy to manage AI agents at scale and improve risk management is the concept of an agent registry. While the directory of <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/identity-access\/microsoft-entra-id\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Entra ID<\/a> is an authoritative source for both human users and application artifacts, there is a need to provide a similar authoritative store for all agent-specific metadata. This is where the concept of an agent registry comes in\u2014serving as a natural extension to the directory, tailored to capture the unique attributes, relationships, and operational context of AI agents as they proliferate across the enterprise. As these registries evolve, they are likely to integrate with core components like MCP servers, reflecting the expanding role of agents within the ecosystem. Together, these tools will allow organizations to achieve observability, manage risk, and scale governance.<\/p>\n<h2 class=\"wp-block-heading\" id=\"extending-microsoft-security-to-meet-the-moment\">Extending Microsoft Security to meet the moment<\/h2>\n<p class=\"wp-block-paragraph\">To meet organizational needs that come with autonomous agents, Microsoft is building on a strong foundation and extending our existing <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/topic\/office-of-the-ciso\/\" target=\"_blank\" rel=\"noreferrer noopener\">security products<\/a> to meet the unique demands of the agentic era, grounded in a Zero Trust approach that protects both people and AI agents.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft\u2019s security stack\u2014including Entra, Purview, Defender, and more\u2014adapts identity management, access control, data protection, secure network access, threat detection, posture management, and compliance to support AI agents across both first-party and third-party ecosystems. We are innovating from this baseline to deliver agent-specific capabilities:<\/p>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-entra?msockid=27b7b3bc5be566bc06c9a5a05a7a679d\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft Entra<\/strong><\/a> extends identity management and access control to AI agents, ensuring each agent has a unique, governed identity and operates with just-in-time, least-privilege access.<\/li>\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-purview?msockid=27b7b3bc5be566bc06c9a5a05a7a679d\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft Purview<\/strong><\/a> brings robust data security and compliance controls to AI agents, helping organizations prevent data oversharing, manage regulatory requirements, and gain visibility into AI-specific risks.<\/li>\n<li class=\"wp-block-list-item\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/microsoft-defender?msockid=27b7b3bc5be566bc06c9a5a05a7a679d\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft Defender<\/strong><\/a> integrates AI security posture management and runtime threat protection, empowering developers and security teams to proactively mitigate risks and respond to emerging threats in agentic environments.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">This isn\u2019t a separate security silo for AI. It\u2019s agent governance becoming a natural extension of the security investments customers already trust\u2014ones that are integrated, consistent, and ready to scale with them.<\/p>\n<h2 class=\"wp-block-heading\" id=\"a-call-to-action\"><strong>A call to action<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The agentic era is here, and the opportunities are real\u2014but so are the risks.<\/p>\n<p class=\"wp-block-paragraph\">To move quickly without compromising trust, we need to integrate governance into the core of agent design. This begins with visibility, scales with identity, access, and data controls, and matures with posture, threat, and compliance capabilities that treat agents as first-class workloads.<\/p>\n<p class=\"wp-block-paragraph\">Let\u2019s build a future where agents are not just powerful\u2014but trustworthy by design.<\/p>\n<h2 class=\"wp-block-heading\" id=\"learn-more-with-microsoft-security\">Learn more with Microsoft Security<\/h2>\n<p class=\"wp-block-paragraph\">To learn more about Microsoft Security solutions, visit our <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\">website<\/a>. Bookmark the\u202f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (<a href=\"https:\/\/www.linkedin.com\/showcase\/microsoft-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Security<\/a>) and X (<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>) for the latest news and updates on cybersecurity.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/08\/26\/securing-and-governing-the-rise-of-autonomous-agents\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for Identity, Igor Sakhnov, about how to secure and govern autonomous agents. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most important in their respective domains. In this series you will get practical advice, forward-looking commentary on where the industry is going, things you should stop doing, and more. \u200b<br \/>\nThe post Securing and governing the rise of autonomous agents\u200b\u200b appeared first on Microsoft Security Blog. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":59248,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[],"class_list":["post-59247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-26T16:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2025\/08\/Security_CISO2_Blog_250821-1024x576.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Securing and governing the rise of autonomous agents\u200b\u200b\",\"datePublished\":\"2025-08-26T16:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/\"},\"wordCount\":1994,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/securing-and-governing-the-rise-of-autonomous-agents.png\",\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/\",\"name\":\"Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/securing-and-governing-the-rise-of-autonomous-agents.png\",\"datePublished\":\"2025-08-26T16:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/securing-and-governing-the-rise-of-autonomous-agents.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/08\\\/securing-and-governing-the-rise-of-autonomous-agents.png\",\"width\":1024,\"height\":576},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/securing-and-governing-the-rise-of-autonomous-agents\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing and governing the rise of autonomous agents\u200b\u200b\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/","og_locale":"en_US","og_type":"article","og_title":"Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-08-26T16:00:00+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2025\/08\/Security_CISO2_Blog_250821-1024x576.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Securing and governing the rise of autonomous agents\u200b\u200b","datePublished":"2025-08-26T16:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/"},"wordCount":1994,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/08\/securing-and-governing-the-rise-of-autonomous-agents.png","articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/","url":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/","name":"Securing and governing the rise of autonomous agents\u200b\u200b 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/08\/securing-and-governing-the-rise-of-autonomous-agents.png","datePublished":"2025-08-26T16:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/08\/securing-and-governing-the-rise-of-autonomous-agents.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/08\/securing-and-governing-the-rise-of-autonomous-agents.png","width":1024,"height":576},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/securing-and-governing-the-rise-of-autonomous-agents\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing and governing the rise of autonomous agents\u200b\u200b"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=59247"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59247\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/59248"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=59247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=59247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=59247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}