A group of masked thieves shocked the world when they stole more than $100 million worth of crown jewels from the Louvre in broad daylight last October, slipping in and out in less than 7 minutes.

The security industry was also shocked. Practitioners rushed to understand the failures that allowed the culprits to pull off such a bold heist. Amid the post-mortem discussions, some security leaders also made a strong declaration: artificial intelligence (AI) could have stopped this.

In many cases, these calls came from security leaders who sell AI-powered security technologies (and thus have a vested interest in the technology). But they do have a point. The investigation into the theft, ordered by France’s culture ministry, found that while video surveillance captured the heist, the footage was not being monitored in real-time. It took up to 8 minutes for security guards in the museum’s control room to switch to that specific live feed because the control room did not have enough screens to simultaneously watch all the live feeds. Police arrived at the scene just 30 seconds after the thieves fled.

“For those precious 30 seconds, all it would have taken was a slightly faster alert from the control room agents if they had been able to see the camera sooner, and a longer window break-in resistance time than was observed,” said Noël Corbin, chief of general inspection of cultural affairs, according to Reuters.

In security settings, AI can process vast amounts of data from multiple sources simultaneously and in real-time, making it possible to parse through immensely more footage, identify anomalies, and detect patterns beyond what human eyes could view or make sense of in the same timeframe.

Now agentic AI, a new iteration of AI technology, could take this ability a step further by using AI agents to make decisions and act independently to carry out a complex sequence of tasks. Agentic AI-powered security systems would go beyond spotting potential security incidents to making a judgement call about the observed data and how to respond to it.

An increasing number of security technology vendors are now offering agentic-powered solutions designed to autonomously triage incidents, clear false alarms, validate access events, and even initiate and carry out deterrence and containment responses.

“I do think [AI] is going to improve the way we do business,” Jeffrey Slotnick, CPP, PSP, president of Setracon Enterprise Security Risk Management Services, tells Security Technology.

At the same time, this technology is still very much in its early stages, and it introduces new kinds of risks that practitioners will need to manage. Liability and security experts say organizations need to bolster their governance and risk assessment processes, as well as their technology posture, when exploring the potential benefits of agentic AI.

 “Agents are going to be capable of doing a lot more in a short period of time,” says Brandon Reilly, partner and leader of privacy and data security at legal and consulting firm Manatt. “So, there is this scalability that promises insane innovation and efficiency, but with it brings real challenges to monitoring, transparency, and incident escalation.”

How Security is Using AI

At its core, the potential for agentic AI in security centers around making it possible to better detect events and act on them in ways that were simply not possible before.

Consider fraudulent slip and fall claims. Scammers often intentionally wait out the retention period for which a company holds onto camera footage before filing their fraudulent claim. Delaying their claim means that any security footage the company could use as a defense has often been deleted or recorded over.

Requiring a person to regularly look through all video footage for potential slip and fall incidents and archive them just in case would be incredibly time-consuming and cost-prohibitive. An agentic AI system, however, could proactively analyze all footage for these types of incidents in real-time, flag incidents to the security and facilities teams, and automatically archive relevant footage, ensuring the company retains it in case of future litigation.

“With agentic AI, what we’re thinking is, can we make it proactive? If something is not right, can we automatically create an incident summary for you? Can we automatically do deterrence or archive the footage?” says Babak Behzad, head of engineering, AI, search, and analytics at Verkada, one company offering agentic-AI based security solutions.

 

Now, imagine a scenario where immediate action is needed—such as a break-in. Three years ago, Verkada introduced an AI-based deterrence system that analyzes a video camera scene in real-time. If the system spots an intruder, it can trigger a response via a speaker and play prerecorded audio telling the person to leave the premises.

Another agentic AI-powered system released late last year now takes this a step further. If the intruder doesn’t comply with the audio instructions, Verkada representatives say the system can more deeply analyze the scenario, make a judgment call about the next steps to take, and do so on its own accord. Next steps could mean following up with a customized message tailored to the moment, explains Andrew Bowers, vice president of product at Verkada.

For example, the customized message might say, “‘Hey, you with the black backpack and spray paint. I've already told you we’re closed. Please leave now or I'm going to escalate,’” Bowers says. From there, the system could take more independent steps like triggering alarms to initiate a security response or notifying law enforcement.

The Risks of Adopting Agentic AI

Agentic AI poses several unique risks that could be heavily consequential if not mitigated, in addition to the risks of previous types of AI models.

Security professionals need to ensure the models they are using are right for the task and ensure that they are managing risks to the models themselves, says Brian Allen, an attorney and technology governance advisor with a background in the security industry.

One risk is hallucination—when a generative AI system fabricates information and confidently presents it as fact. Agentic AI could then act on that bad information, perpetuating the problem. Hallucination is inherent to how these systems work and cannot be entirely avoided, so security practitioners need a process for identifying when this happens and managing it, Allen explains. 

AI systems are also vulnerable to prompt injection attacks, where a system is “poisoned” with malicious instructions hidden in the data it accesses, which it then executes. This attack could cause an agentic AI system to expose sensitive data or carry out impermissible or destructive actions.

Perhaps the biggest and most unique risk of agentic AI systems, however, is the potential for compounding error. Because AI agents carry out complex, multistep sequences of actions autonomously, one inaccuracy or error has the potential to exponentially accumulate if left unnoticed. This threat makes it vital to be able to map the connection points, identify where a failure happens, and have mechanisms in place to stop it.

Agentic AI “can make a decision, and then it can make another decision, and then it can take another action, and take another action,” says Sam Tyner-Monroe, digital and technology director at Manatt. “So, that’s where the observability piece really comes in, and being able to break it down and find out, okay, at what [point] in the process did it fail?”

Observability goes hand-in-hand with explainability, or the ability to not only see what’s happening, but also understand the decisions the agentic system makes. Tyner-Monroe says this understanding requires good logging (immutable, time-stamped records of events performed by a system) and good technical expertise, as well as strong governance.

There’s a growing market of tools designed to help companies better observe and understand their AI systems, but this responsibility can’t be handed over to the technology completely. The idea of having “a human in the loop” doesn’t go far enough on its own, either, Allen says. Companies need to think critically about where the human is involved, why that point is appropriate, and what the criteria are for when that person needs to step in.

Overall, if security practitioners are considering bringing on an agentic AI offering, they really need to understand what’s under the hood, Slotnick says. How was the AI developed? What data is it using? How was it designed?

He also emphasizes having very firm guidance on what type of data is being collected and how it’s being used. These policies are crucial not only for governance, but also performance accuracy. These systems rely on imperfect data and learned patterns of what’s “normal” versus what’s “suspicious,” making them flawed and susceptible to bias. Numerous studies have shown facial recognition systems have higher error rates for Black and dark-skinned people compared to white people, leading to false arrests and imprisonment.  

“We need to make sure the information being collected is ethical,” Slotnick says. “And that the decisions that are being made are ethical and moral.”

Who’s Liable for Mistakes?

While agentic AI is a new technology and there may be some gray areas, it easily maps to long-standing legal precedents about liability, explained experts who spoke to Security Technology.

Agency law is well-established. It refers to a person or entity being authorized to act on the behalf of another. So even though an AI agent may act autonomously, the company deploying it would almost certainly be responsible for its actions and errors.

“There’s no reason, in many, many cases, why an action undertaken by an AI agent shouldn’t be seen or evaluated in the same framework that a court would evaluate a person acting on someone else’s behalf,” Reilly says. “That’s really how agent law works. You ask questions about scope of authorization, knowledge of the authorizing party, and what any person interacting with the agent thought [in terms of assuming authorization]."

A Canadian administrative tribunal has already assessed how AI falls into agent law. In 2024, a tribunal member ordered Air Canada to honor a refund its AI customer service chatbot offered to a customer against the airline’s policies. Ars Technica reported that during the tribunal, the airline had argued that the chatbot was “responsible for its own actions” when providing inaccurate information.

The tribunal said, “you can’t just point the finger,” at AI, says Allen, adding that it’s a dual responsibility between company leaders and their board to ensure they have completed their due diligence.

“Did you dot your I’s and cross your T’s? And did you have good hygiene? Was your practice good? Did you have policies?” Allen says. “If you weren’t doing those things, you’re probably negligent.”

Creating Strong Processes for Risk Governance

Allen works with boards and chief audit executives on these new AI technologies. He is seeing firsthand that their former practices of risk management need a serious upgrade.

“It’s not about a committee. It is not about governing AI technology. It’s governing a process to put the organization in a position for informed balance of risk and reward at speed,” Allen says. “And from what we see, I don’t think a lot of the governance models and practices out there are in shape for this kind of complex practice, and agentic AI is going to challenge things even further.”

This emerging technology requires more integration between stakeholders than ever before, Allen adds. General counsel, privacy lawyers, the head of HR, CIO, CISO, and personnel with direct knowledge of the AI models all need to be consistently involved in the risk management practice.

Reilly agrees and says that just forming a committee, essentially putting risk and governance practices in a corner, is the “biggest mistake” he sees companies make when starting to create a governance program for AI.

“This environment really beckons for centralized accountability, and you need a chain that can be escalated all the way up to the board,” he says.

On the technical front, Tyner-Monroe says the three key practices for organizations to address are:

1. Permissions. What do agents have the authority to do? And how is that authority controlled?
   
   
2. Autonomy. How much autonomy do agents have to act? What tools can they use?
   
   
3. Observability. Can you see what agents are doing? 

Slotnick and Allen recommend looking at other industries, which are already using this technology while security “plays catch-up.” In some ways even cybersecurity is ahead of physical security, yet many of the same practices and measures apply.

From there, security leaders can start small. Jey Kumarasamy, legal director of the AI division at ZwillGen, a law firm that helps companies navigate emerging technology and legal challenges, recommends starting with an agent that has access to very few tools, requires few permissions, and doesn’t deal with very sensitive data.

“That allows everyone to understand: How are the teams going to work together? Who’s responsible for what? What are the different risks and if something goes wrong,” he explains. “Hopefully it doesn’t go wrong, but at least in this small environment, if something goes wrong, you can learn a lot about incident response.”

Sage Lazzaro is a technology writer and editor focused on emerging technologies, digital culture, and technology’s impact on our society and culture. Her work has appeared in publications that include Fortune, VentureBeat, WIRED, OneZero, LeadDev, and The New York Observer. She is based in New York.

MOST POPULAR ARTICLES

1. From ‘Send Me the Video’ to Governance: How Privacy Makes Security Systems Defensible

2. Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

3. 3 Tools Providing Privacy Protections in Video Systems