Experts Urge Intern-Style Oversight for AI Agents as 12 Shadow Instances Expose Governance Risks
Updated
Updated · ZDNet · Jun 12
Experts Urge Intern-Style Oversight for AI Agents as 12 Shadow Instances Expose Governance Risks
3 articles · Updated · ZDNet · Jun 12
Summary
AI security experts at Snowflake Summit said companies should manage agents like human interns—giving them very specific instructions, tight permissions and continuous human oversight as they move from chatbots to action-taking digital workers.
That warning reflects how agentic systems behave: unlike traditional software with fixed API paths, agents can wire tools together on the fly, creating unpredictable actions and raising the risk of data exfiltration or unauthorized writes.
12 OpenClaw instances found in one client environment illustrated the shadow-AI problem, with access to API feeds and source code and even a contractor using Telegram, making it hard to tell whether a human, service account or agent took an action.
1Password and Tenable executives said the biggest danger is over-permissioned agents with long-lived credentials, arguing for identity controls, visibility into prompts and configurations, and guardrails that preserve productivity without blocking useful autonomy.
With AI agents acting like interns, can our security stop them from making million-dollar mistakes at machine speed?
When an autonomous AI causes a massive data breach, who is legally responsible: the user, the developer, or the company?
The Unchecked Surge of Shadow AI: 57% Employee Adoption, Security Risks, and the New Governance Mandate
Overview
The report highlights how the rapid and largely unmonitored adoption of AI tools—especially 'Shadow AI' used without IT approval—has become a major risk for enterprises. Many employees prefer external AI solutions for their superior features, but this leads to a critical gap in oversight, as most organizations lack visibility and strict policies for AI use. As a result, security policies are inconsistent across teams, increasing overall risk. This environment has led to more security incidents and vulnerabilities, with unauthorized AI tools implicated in a significant share of breaches, underscoring the urgent need for better governance and controls.