BUILDING TRUST IN THE AGE OF AUTONOMOUS AI

Exclusive interview Bilal Baig, Vice President, Solutions Engineering, TrendAI™️

Your keynote focuses on the 2026 cybersecurity threat horizon. What are the biggest shifts enterprises should be preparing for over the next 12 to 18 months?

There are three shifts that enterprises need to prepare for urgently. The first is the governance of agentic AI. Agentic AI is moving into the mainstream, and every AI agent introduced into an enterprise environment effectively becomes a new identity. As organisations begin deploying hundreds or even thousands of agents, they will need clear controls around ownership, permissions, accountability, and response. In my view, this will very quickly move from a best practice to a compliance requirement.

The second is visibility. AI has expanded the enterprise attack surface almost overnight. We used to talk about shadow IT; today, we are dealing with shadow AI. Many organisations do not have a clear visibility of who is using AI, which tools are being used, what data is being shared, or whether AI projects are being built with the right governance in place. Establishing visibility of that attack surface thus becomes essential.

The third is vulnerability prioritization and virtual patching. With AI accelerating vulnerability discovery, organisations will face a growing volume of exposures that cannot all be patched immediately. The challenge will be knowing what to prioritise and how to protect critical systems while remediation is underway. This is why virtual patching is becoming relevant again.

Finally, we will see agentic capabilities become more central to defense. If attackers are using agentic AI, defenders will also need AI-powered, agentic security operations across areas such as SIEM, SOAR, detection, and response.

Across our industry these are the shifts that become extremely important over the next 12 to 18 months

A big part of “what’s coming” is agentic AI moving into production. When an autonomous agent can take actions, call tools, and talk to other agents, what new attack surfaces open up that legacy defences were never built to see?

The biggest change is that the attack surface is no longer limited to data, applications, and infrastructure. Enterprises now also need to govern the agents themselves.

Cybercriminals are already using agentic AI to make attacks more scalable and targeted, with different agents handling reconnaissance, phishing, coordination, and data analysis. At the same time, enterprises are introducing autonomous agents that can call tools, access systems, and communicate with other agents. That creates a new layer of risk.

For example, if one agent does not have permission to complete a task, it may interact with another agent that does. Without the right governance, that can bypass traditional security boundaries. The risk is not always intentional or malicious. An agent may simply be trying to complete its assigned goal, but in doing so it can drift into behavior that creates security, compliance, or data exposure risks.

This is why we need stronger governance around agent-to-agent communication. Enterprises need to understand what each agent is allowed to do, what identity it uses, which systems it can access, and who is accountable if something goes wrong. We should think of every agent almost like a new employee: it needs onboarding, permissions, supervision, and accountability.

Agent-to-agent interaction and data integrity are emerging as core risks. Technically, how do you secure trust between autonomous agents, and stop a compromised one from cascading across a workflow?

The first principle is that AI security has to be layered. It cannot start and end at the agent level. Enterprises need controls across the full AI stack, from infrastructure and microservices to LLMs, agents, applications, and data flows. If any one layer is compromised, it can affect the integrity of the wider workflow. This is particularly important as AI-native applications increasingly depend on multiple models, services, APIs, and agent interactions.

The second priority is controlling how agents communicate with each other and with enterprise systems. That means applying guardrails to inspect prompts, responses, behavior, permissions, and outputs in real time. It also means monitoring agent-to-agent communication so that a compromised or misdirected agent cannot collapse across a workflow unchecked. In short, every layer of the AI ecosystem requires its own security controls.

There is no single magic solution that can secure the entire AI environment. Effective security requires layered capabilities across AI guardrails, governance, LLM security, and backend security. At TrendAI™, we combine these capabilities as we work with partners such as Anthropic and NVIDIA to help organizations secure AI from development through deployment.

Most enterprises are layering agentic AI onto existing infrastructure rather than building greenfield. From a solutions engineering standpoint, where do the security gaps typically appear in those hybrid deployments?

The most common gap is visibility. An organization may officially approve one AI tool, but employees and teams may still be using others across the business. That creates a fragmented AI environment where security teams may not know which models are being used, what data is being shared, or whether those tools are sanctioned. This is where the core issue lies.

Once visibility is established, the next challenge is control. Enterprises need to define what each AI system is meant to do, how it should interact with users and systems, what malicious input looks like, and what type of output should be blocked. . Most of the newer top-tier models have some form of AI security guard built in, but the mid-tier models that many organisations rely on do not have those controls.

The issue is not that organisations are moving fast. Innovation should continue. The risk is moving AI projects into production without the right security checks. The better approach is to establish an AI security blueprint and production gates, so that AI applications, LLMs, agents, data flows, and backend systems are assessed before they go live.

Visibility keeps coming up. What does observability actually look like for autonomous systems and how do you monitor and audit decisions an agent makes with no human in the loop?

Observability for autonomous systems has to work across multiple layers. At the first layer, you need visibility into the agent itself – where it is running, what it is doing, and which systems it is interacting with. At the second layer, you need visibility at the gateway level, where communication moves between users, agents, applications, and LLMs. At the third layer, you need visibility into local or enterprise-hosted LLMs, including how they connect to internal systems, data sources, and services. Together this gives you visibility of how an AI whether a chatbot agent or an autonomous agent communicates with the various backend services it draws data from, including on-prem LLMs and how MCP servers are integrated across the ecosystem.

This also extends to internal LLM projects and public AI services such as OpenAI, where guardrails are needed to monitor usage and reduce risk. With TrendAI™, organisations can identify which AI tools are sanctioned or unsanctioned, user interactions, agent behavior, prompt activity, data movement, and potentially malicious commands. Without this level of observability, organisations cannot properly govern autonomous systems.

For auditing, the starting point is a clear blueprint. Every agent should have a defined role, expected behavior, access permissions, and decision framework. In an AI development lifecycle, for example, agents may generate code, test it, scan for vulnerabilities, and prepare it for commit. But the process still needs checkpoints, audit trails, policy enforcement, and human review at critical stages.

The goal is not to slow AI down but to make autonomous activity measurable, auditable, and accountable. Without those checks, agents can create operational, security, and even cost risks, including excessive token consumption or actions that were never intended by the business.

For an organisation just starting to deploy agentic AI, what’s the advice you would give them to first set-up on the security side and to be aware of the most common early mistake that organisations make?

My advice is to start with an AI security blueprint before moving anything into production. Organisations should first define the use case, expected outcome, the systems the AI will interact with, the data it can access, and the controls required across the lifecycle. Security cannot be treated as an afterthought. It has to be built into the design, development, deployment, and monitoring of every AI-native application.

At TrendAI™, we help organisations secure the full AI lifecycle, from defining the use case and building the AI system to deploying it safely into production and governing it once it is live. This is where TrendAI Vision One™ plays an important role, providing an AI security blueprint that gives organisations visibility into which AI tools are running, which are unsanctioned, where AI is being used, and what risks or attacks may be emerging. It also helps monitor user activity, agent behavior, security posture, rate limits, and token consumption, enabling organisations to put the right guardrails in place before deployment and maintain control as AI scales across the enterprise.

The most common mistake is rushing to production without visibility or governance. Many organisations move quickly because the business pressure around AI is high, but they only revisit security after something goes wrong. The better model is to put production gates in place from day one, so AI can scale safely without creating unmanaged risk.