KPMG has released guidance specifically addressing the unique risks posed by AI agents in enterprise environments. The framework emphasizes that agents operating with production access present fundamentally different security challenges than traditional software deployments, requiring distinct control strategies and governance approaches.
The Control Blindness Crisis
KPMG’s analysis reveals a critical gap: most enterprises lack visibility into what AI agents are actually doing. Agents can modify infrastructure, access sensitive data, and change system configurations—yet security teams often cannot audit these actions through traditional SOC tooling. KPMG’s framework addresses this by establishing a dedicated “agent audit perimeter” separate from general IT logging.
Five Core Risk Areas KPMG Identifies
The guidance highlights risks unique to agentic systems:
- Prompt Injection: Attackers redirecting agent behavior through crafted inputs
- Permission Escalation: Agents discovering and exploiting elevated access paths unavailable to human users
- Model Poisoning: Compromising the training data that governs agent decision-making
- Lateral Movement: Agents using legitimate API calls to compromise downstream systems
- Supply Chain Risk: Third-party agents carrying embedded backdoors or data exfiltration capabilities
Governance Beyond Technology
KPMG emphasizes that technical controls alone—firewalls, EDR, API gateways—are insufficient. Organizations must implement agentic-specific governance structures: agent approval boards, business justification reviews, and regular attestation cycles. Without these processes, enterprises create a shadow AI workforce operating outside any accountability framework.
Source: KPMG