Likelihood: MODERATE
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is moderate because exploitation is unconfirmed and requires an adversary to first identify and target an over-provisioned AI agent, but the structural gap is actively accumulating across organizations deploying agentic AI without IAM controls, making opportunistic exploitation increasingly plausible as agent inventories grow. Impact is high because a compromised or misbehaving agent with unconstrained credentials can traverse systems laterally without generating attributable audit evidence, creating both a material operational disruption scenario and a regulatory reporting failure that compounds the original incident.
Treatment rationale: The risk stems from a controllable governance and architecture gap — extending existing IAM frameworks to cover AI agent identities — making mitigation through policy, tooling, and access controls both feasible and the appropriate primary response before exposure compounds further.
Third-Party / Supply-Chain Risk
Organizations using third-party AI agent platforms, SaaS-embedded agentic tools, or cloud-provider AI orchestration services (e.g., agents provisioned within shared platforms) inherit identity and access assumptions set by those vendors. Per NIST SP 800-161, these represent external dependency risks: the organization may not control the identity lifecycle, credential scoping, or audit logging for agents instantiated by third-party services, and vendor IAM defaults may not meet enterprise policy requirements. Due diligence and contractual access-control requirements for AI agent components in vendor agreements are not yet standardized.
Loss Exposure (illustrative)
Magnitude: moderate-to-high — illustrative $250K–$3M per incident, reflecting investigation cost, regulatory response, operational disruption, and potential notification if regulated data is in scope
Frequency: Illustrative: an organization with multiple deployed AI agents and no formal IAM controls could plausibly encounter one material misuse or misbehavior event per 2–4 years, with frequency increasing as agent deployment scales and adversary tooling to target agent credentials matures
Annualized: Illustrative ALE: approximately $80K–$750K annually, derived from illustrative loss magnitude divided across a 2–4 year mean time between events; upper range applies to organizations with broad agent deployment and regulated data exposure
Basis: Estimate driven by: (1) moderate likelihood of a control failure event given structural gap and growing attack surface, (2) high investigation and attribution cost when audit trails are absent, (3) regulatory reporting exposure if agents touch PII or other regulated data, (4) operational disruption potential if lateral movement goes undetected. No third-party actuarial report figures used. Ranges are illustrative only.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Unauthorized system access resulting from uncontrolled AI agent privileges may constitute a security failure triggering cyber liability coverage conditions — verify scope and notification obligations with broker.
• Incomplete audit trails for AI agent activity may impair the organization's ability to demonstrate reasonable security controls under existing cyber policy terms — verify with broker.
• If regulated data is accessible to AI agents without documented access controls, this may invoke breach investigation and notification obligations under applicable privacy regulation — verify with counsel.
• Contracts with enterprise customers or partners that include access-control and audit-logging standards may be implicated if AI agents operate outside those documented controls — verify with counsel.
