This post is sponsored by Deloitte and Google Cloud.
Agentic AI is proving invaluable to businesses – harnessing insights from Generative AI to make autonomous decisions and perform tasks with limited human oversight.
Agentic AI can automate workflows across the organization, including triaging cybersecurity threats, personalizing marketing materials, handling returns, managing inventory and more. Enhancing AI with “mission logic” even allows it to learn from outcomes and improve over time.
It’s not surprising that half of all enterprises that report using Generative AI are expected to deploy AI agents by 2027, up from 25% in 2025. In fact, organizations may soon have more AI agents than human employees, according to Deloitte’s 2025 Predictions Report.
But along with the immense potential comes new security and governance challenges that organizations should address, Deloitte and Google Cloud note in a recent report: “The Automated Enterprise: Agentic AI and the New Security Imperative.” These include:
Access control and security:
Organizations generally use access control lists to safeguard their data, and these lists typically exist within individual systems. As AI agents operate across systems, organizations need new methods to control these agents and their permissions.
Hallucinations and cascading failures:
Generative AI can bring the risk of hallucinations or inaccurate information because AI uses an approximation to formulate its output. Communication between AI agents can lead to one mistake or bad input, creating a cascading series of failures. Grounding models in enterprise data by using technologies like Vertex AI Search can help ensure outputs are based on facts and relevant to the organization.
Skills and experience gaps:
The development and use of enterprise-grade Agentic AI systems requires highly skilled employees. However, a shortage of employees knowledgeable about these technologies is contributing to security challenges. Proper security groundwork is important, even for the most advanced AI agents.
ROI and navigating the unknown:
The outlook on the return on investment for AI is improving as costs decrease, driven by more efficient models and advances such as model distillation. Despite these positive trends, some leaders remain apprehensive about the unpredictable behavior of autonomous agents in critical environments.
A security framework for Agentic AI
To keep Agentic AI secure, Deloitte and Google Cloud recommend a structured methodology that includes:
- A governance framework: Organizations need AI that aligns with their strategies. A structure like Deloitte’s Trustworthy AI™ Framework, provides the governance and risk controls to align AI with enterprise strategy and regulatory expectations.
- Human oversight: AI moves and scales quickly. Therefore, a human-in-the-loop review process must be introduced at key checkpoints to flag risks early.
- Data reliability: The wrong data can introduce bias. Trusted enterprise data helps reduce AI bias and strengthen decision-making.
AI for business is advancing quickly. More efficient models, smaller architecture and innovations like model distillation are helping to bring down costs and facilitating wider use. Tomorrow’s autonomous agents will be trusted in complex, high-priority scenarios. The organizations that succeed will likely put the right controls and security framework in place today.
Learn more: Keep reading about this topic: “The Automated Enterprise: Agentic AI and the New Security Imperative” from Deloitte and Google Cloud.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (DTTL), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (DTTL), its global network of member firms or their related entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.
No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.
© 2026. For information, contact Deloitte Global