AI Agents and the data governance wild west

This is a guest blogpost by Fraser Dear, head of AI and innovation, BCN

We’re now in an age where AI agents can summarise lengthy documents, trawl through SharePoint, and draft emails in seconds. It’s no wonder that teams are racing to create their own agents to offload some of their more repetitive, monotonous tasks, especially when that efficiency can be passed through entire teams.

But with all this power comes some very real risks. As AI agents sift through files, transcripts and shared drives to support you, they may also be pulling in outdated, irrelevant or confidential information. What started off as a productivity win can quickly become a blind spot in your organisation’s data security strategy.

Rather than chase the AI productivity revolution blindly, organisations need to go into it with their eyes wide open to harness all the benefits, while avoiding significant problems later down the line.

The difference between AI agents and RPA

To understand the sheer capabilities – and risks – of AI agents, it’s important to highlight how it differs from Robotic Process Automation (RPA). RPA has been a staple of IT automation for years; it’s driven by logic and follows a specific set of instructions, moving data from one place to another. It doesn’t learn, adapt, or have the capability to deviate from a predefined routing.

In contrast, AI agents, powered by generative AI, don’t follow a script for a predefined activity. Instead, they adapt based on the outcomes of the previous actions. Powered by large language models and integrated with tools such as Microsoft Power Platform or Copilot, these agents interpret data from a variety of sources – even unrelated ones – by considering the context and intent. These agents operate with greater autonomy, but in many cases, they don’t come pre-installed with guardrails.

The growing shadow IT problem

Today, anyone from an HR director to a marketing intern can quickly build and deploy an AI agent simply using Copilot Studio. This tool is designed to be accessible and quick, making it easy for anyone to play around with and launch a sophisticated agent in no time at all. But when these agents are created outside of the IT department, most users aren’t thinking about data classification or access controls, and they become part of a growing shadow IT problem.

These applications can completely revolutionise business processes and, therefore, can quickly become business critical. Yet, the unintended consequence is that organisations are handing over responsibilities to systems with sometimes unrestrained access, without rules and security parameters. This essentially creates an AI wild west.

What’s the scale of the problem?

Many organisations have now moved their infrastructure from on-premises to cloud-based SharePoint files. Think about what these AI agents might access across SharePoint; multiple versions of documents, transcripts, HR files, salary data, and lots more. Without guardrails, AI agents can access all this indiscriminately. They won’t necessarily know which versions of these documents are draft and which are approved. The issue escalates when an agent created by one person is made available to a wider group of colleagues. It can inadvertently give them access to data that is way beyond their permission level.

Agents can also ‘hallucinate’ facts and context, confidently providing an answer based on something as misleading as a transcript between two employees simply sharing opinions. Surfacing this information as fact is a business risk, especially if this information is then relied upon to make critical decisions. It has the potential to compromise the integrity of the organisation. Sensitive client data could also be exposed, breaching client trust and violating GDPR.

And when agents operate at scale and become business-critical, the risk of exposure increases.

How to implement AI agent guardrails

The problem is that most users will not be thinking like a developer with governance in mind when creating their own agents. Therefore, policies must be imposed to ensure that key security steps aren’t skipped in the rush to deploy a solution.

A new layer of data governance must be considered with steps that include configuring data boundaries, restricting who can access what data according to job role and sensitivity level, and clearly specifying which data resources the agent can pull from.

AI agents should be built for purpose, using principles of least privilege. This will help avoid a marketing intern having access to the entire company’s HR file. Just like any other business-critical application, it needs to be adequately tested and ‘red-teamed’. Perform penetration testing to identify what data the agent can surface, to who, and how accurate the data is. Track and audit which agents are accessing which data and for what purpose and implement real-time alerts to flag unusual access patterns.

Finally, educate all employees on the danger of overexposure and build an AI-literate workforce to harness the potential of AI agents responsibly while staying aware of the risks as they continue to evolve.

Build security and governance from the start

AI agents present some of the biggest productivity benefits for organisations of all sizes as they’re tailor-made to address specific business challenges. But unless guardrails are in place and agents are tested regularly, it’s far more difficult – if not impossible – to retrofit security and governance after the breach has occurred.