Deploying agentic AI with safety and security: A playbook for technology leaders

This article is a collaborative effort by Benjamin Klein, Charlie Lewis and Rich Isenberg, with Dante Gabrielli, Helen Möllering, Raphael Engler, and Vincent Yuan, representing views from McKinsey’s Risk & Resilience Practice, Knowledge Partner of the upcoming RiskMinds International event in London.

Business leaders are rushing to embrace agentic AI, and it’s easy to understand why. Autonomous and goal driven, agentic AI systems are able to reason, plan, act, and adapt without human oversight—powerful new capabilities that could help organisations capture the potential unleashed by gen AI by radically reinventing the way they operate. More than 70 percent of organisations are now exploring or deploying agentic AI systems¹, which are projected to unlock $2.6 trillion to $4.4 trillion annually in value across more than 60 use cases, including customer service, software development, supply chain optimization, and compliance². And the journey to deploying agentic AI is only beginning: Just 1 percent of surveyed organisations believe that their AI adoption has reached maturity³.

But while agentic AI has the potential to deliver immense value, the technology also presents an array of new risks—introducing vulnerabilities that could disrupt operations, compromise sensitive data, or erode customer trust. Not only do AI agents provide new external entry points for would-be attackers, but because they are able to make decisions without human oversight, they also introduce novel internal risks. In cybersecurity terms, you might think of AI agents as “digital insiders”—entities that operate within systems with varying levels of privilege and authority. Just like their human counterparts, these digital insiders can cause harm unintentionally, through poor alignment, or deliberately if they become compromised. Already, 80 percent of organisations say they have encountered risky behaviors from AI agents, including improper data exposure and access to systems without authorisation⁴.

The future of AI at work isn’t just faster or smarter. It’s more autonomous.

It is up to technology leaders—including chief information officers (CIOs), chief risk officers (CROs), chief information security officers (CISOs), and data protection officers (DPOs)—to develop a thorough understanding of the emerging risks associated with AI agents and agentic workforces and to proactively ensure secure and compliant adoption of the technology. A review of early agentic AI deployments highlights six key lessons—from reimagining workflows to embedding observability—that can help organisations avoid some common pitfalls as they scale the new technology⁵. The future of AI at work isn’t just faster or smarter. It’s more autonomous. Agents will increasingly initiate actions, collaborate across silos, and make decisions that affect business outcomes. That’s an exciting development—provided those agents are working with not just a company’s access but also its intent. In an agentic world, trust is not a feature. It must be the foundation.

Emerging risks in the agentic era

By operating autonomously and automating tasks traditionally performed by human employees, agentic AI adds an additional dimension to the risk landscape. The key shift is a move from systems that enable interactions to systems that drive transactions that directly affect business processes and outcomes. This shift intensifies the challenges around core security principles of confidentiality, integrity, and availability in the agentic context, due to the additional potential of amplifying foundational risks, such as data privacy, denial of services, and system integrity. The following new risk drivers transcend the traditional risk taxonomy associated with AI⁶:

• Chained vulnerabilities. A flaw in one agent cascades across tasks to other agents, amplifying the risks.
• Cross-agent task escalation. Malicious agents exploit trust mechanisms to gain unauthorized privileges.
• Synthetic-identity risk. Adversaries forge or impersonate agent identities to bypass trust mechanisms.
• Untraceable data leakage. Autonomous agents exchanging data without oversight obscure leaks and evade audits.
• Data corruption propagation. Low-quality data silently affects decisions across agents.

Such errors threaten to erode faith in the business processes and decisions that agentic systems are designed to automate, undermining whatever efficiency gains they deliver. Fortunately, this is not inevitable. Agentic AI can deliver on its potential, but only if the principles of safety and security outlined below are woven into deployments from the outset.

Guiding principles for agentic AI security

To adopt agentic AI securely, organisations can take a structured, layered approach. Below, we provide a practical road map that outlines the key questions technology leaders should ask to assess readiness, mitigate risks, and promote confident adoption of agentic systems. The journey begins with updating risks and governance frameworks, moves to establish mechanisms for oversight and awareness, and concludes with implementing security controls.

Prior to agentic deployment

Before an organisation begins using autonomous agents, it should ensure that it has the necessary safeguards, risk management practices, and governance in place for a secure, responsible, and effective adoption of the technology. Here are some key questions to consider:

1. Does our AI policy framework address agentic systems and their unique risks?
2. Is our risk management program equipped to handle agentic AI risks?
3. Do we have robust governance for managing AI across its full life cycle?

Prior to launching an agentic use case

Once the above foundational questions have been addressed and an agentic AI risk framework and policies are in place, organisations should develop a clear understanding of precisely what they are building, accounting for associated risks and compliance considerations for each project. Addressing the following questions can help ensure that their ambitions are matched by readiness:

1. How can we maintain control of agentic initiatives and ensure that we have oversight over all projects?
2. Do we have the capabilities to support and secure our agentic AI systems?

During the deployment of an agentic AI use case

Once use cases and pilots are up and running, organisations will need to ensure that the pilots are enforced by technical and procedural controls. These controls should be regularly reassessed to ensure that they remain relevant and effective as agentic systems are refined and scaled. Here are some key questions to consider:

1. Are we prepared for agent-to-agent interactions, and are those connections secure?
2. Do we have control over who can use agentic systems and whether they are using them appropriately?
3. Can we trace agents’ actions and understand and account for their behavior?
4. Do we have a contingency plan if an agent fails or behaves unexpectedly?

No one wants to become the first agentic AI security disaster case study.

Conclusion: Agentic security cannot be an afterthought

The agentic workforce is inevitable. As more companies adopt AI agents, new challenges for maintaining the confidentiality and integrity of data and systems will arise. Currently, decision-makers face a pivotal moment to balance business enablement with a structured approach to risk management for agentic security; after all, no one wants to become the first agentic AI security disaster case study. CIOs, CROs, and CISOs should promptly engage in essential discussions with their business counterparts to gain transparency about the current state of agentic AI adoption in the organisation and start building the essential guardrails. Acting thoroughly and with intention now will help ensure successful scaling in the future.

Currently, agentic transactions remain digital, but the trajectory points toward an even more radical future, including embodied agents operating in the physical world. The implications for safety and security will become even more profound, making it all the more important to prepare a strong foundation today.

This is an edited version of our article published on October 16, 2025, “Deploying agentic AI with safety and security: A playbook for technology leaders”

References:

^[1] https://www.linkedin.com/posts/gartner_beyond-the-chatgpt-hype-deploying-generative-activity-7155206478876864512-ZXe7

^[2] “The promise and the reality of gen AI agents in the enterprise,” McKinsey, May 17, 2024.

^[3] Hannah Mayer, Lareina Yee, Michael Chui, and Roger Roberts, “Superagency in the workplace: Empowering people to unlock AI’s full potential,” McKinsey, January 28, 2025.

^[4] AI agents: The new attack surface; A global survey of security, IT professionals and executives, SailPoint Technologies, May 28, 2025.

^[5] Lareina Yee, Michael Chui, Roger Roberts, and Stephen Xu, “One year of agentic AI: Six lessons from the people doing the work,” McKinsey, September 12, 2025.

^[6] “Implementing generative AI with speed and safety,” McKinsey Quarterly, March 13, 2024.