About
Subscribe
  • Home
  • /
  • Security
  • /
  • ITWeb TV Biz: How to secure your AI agents before they expose you

ITWeb TV Biz: How to secure your AI agents before they expose you

Tamsin Mackay
By Tamsin Mackay
Johannesburg, 08 Jul 2026
Global Micro's JJ Milner took his turn in the hot seat at ITWeb. This session explored what it means to be properly secure and how AI has changed the stakes. #globalmicro

As agents proliferate across companies, teams are losing visibility fast. Too often, during an incident, companies can’t answer critical questions – who did what, when, and did our controls work?

JJ Milner, MD of Global Micro Solutions, says this tension is universal. “There’s an incredible amount of enthusiasm about the opportunity that AI presents,” he says. “But there is equally a lot of anxiety. Boards fear falling behind their competitors, while security teams are worried about losing control.”

The advice followed by most companies over the past few years has been to lock AI down, keeping it as tightly constrained as possible within very controlled use cases and environments. Milner used to give this advice; now he believes companies should create safe spaces for experimentation, with guardrails narrow enough to contain mistakes while the business builds what he calls "AI muscle memory".

“The often hides in the permissions nobody has audited,” he explains. “These historically over-permissioned files or systems that have gone unnoticed because nobody was actively looking for them. Now if you turn on an AI assistant that has access to these files, it doesn’t know that a user wasn’t meant to have access and a cleverly phrased prompt can surface the data a policy was meant to protect.”

Jon Milner, MD of Global Micro Solutions.
Jon Milner, MD of Global Micro Solutions.

This is why identity sits at the heart of the agile AI conversation. An AI agent is the equivalent, says Milner, of an intern with a PhD who still arrives late for meetings and has zero EQ. Just as a business wouldn’t hand an intern unrestricted access on day one, AI agents need their own registered identity that’s separate from the user invoking them, and permissions need to be scoped to specific functions.

“There’s a lot of theatre at the moment,” says Milner. “Departments scrambling before audits to produce the evidence of where they are strong in security and compliance while steering auditors away from their weak spots. The fix right now – one that is critical in the era of AI – is to be audit ready every day, pulling evidence continuously and tightening the net incrementally."

Global Micro Solutions focuses on developing and proving controls that work, relying on the Center for Internet Security benchmarks layered across operating systems, identity and cloud platforms. While AI-specific benchmarks don’t exist as yet – ISO 42001 offers an emerging framework focused on process and documented decision-making – there are ways in which companies can embed their own security controls and parameters that allow them high levels of awareness and security.

“There are three vectors that should remain a priority right now so your organisation can benefit from AI,” Milner says. “Reframe IT from a cost centre to an enabler, stop compliance theatre and get genuinely audit ready, and recognise that the security stakes have already been raised, so it’s time to meet them where they are so your organisation is ready. And your organisation is going to be the better for it.”

* ITWebTV Biz episodes are sponsored. 

Share