Uncategorized

Forrester Introduces AEGIS: The Security Framework CISOs Need for Agentic AI

Specifically Designed to Help CISOs Secure, Govern, and Operationalise Autonomous AI Agents

Photo of CSA Editorial CSA Editorial Send an email August 25, 2025
2 minutes read
AEGIS

Forrester has launched the Agentic AI Enterprise Guardrails for Information Security (AEGIS), a six-domain framework designed to help CISOs secure, govern, and operationalise autonomous AI agents. As AI systems evolve beyond human-centric architectures, Forrester’s research warns that legacy cyber security models are no longer sufficient. Agentic AI introduces novel risks including goal hijacking, cognitive corruption, and systemic collapse that demand a fundamentally new approach to enterprise security.

With AI agents now capable of planning, adapting, and executing at machine speed, organisations face unprecedented vulnerabilities. Emergent behaviours can escalate privileges, hallucinated or corrupted data may trigger cascading failures, and the absence of causal traceability renders forensic analysis nearly impossible. AEGIS offers a phased roadmap to help enterprises transition from infrastructure-centric to intent-centric security controls.

Key Takeaways About AEGIS

  • Agentic AI Fundamentally Transforms Cyber Security: Autonomous AI agents can develop emergent behaviours, adapt dynamically, and operate at machine speed, destroying traditional security paradigms. These agents can potentially escalate privileges, bypass entitlements, and take unexpected actions to achieve objectives, creating unprecedented security challenges. Unlike human users who have predictable behaviours and finite willpower, AI agents are relentless and programmed to overcome obstacles through emergent behaviour by design.
  • Existing Security Architectures Are Inadequate: Current cyber security approaches designed for human-centric organisations cannot effectively manage AI agents’ autonomous and unpredictable nature. The detection and prevention capabilities for agentic systems are nascent, with few existing security controls or control planes specifically designed for AI agent environments. Organisations must transition from securing infrastructure to securing intent, as traditional “block or allow” models become obsolete.
  • Comprehensive Governance Is Critical: Organisations must establish dynamic, real-time risk management processes that go beyond static compliance checks. This includes creating cross-functional AI governance groups with representatives from security, legal, privacy, compliance, IT, and business units to oversee AI strategy and risk management. Companies need to implement continuous control monitoring, develop AI acceptable use policies, and maintain comprehensive inventories of AI systems with proper risk classification.
  • Zero Trust Principles Must Be Radically Reimagined: Traditional Zero Trust approaches need fundamental adaptation, shifting from “least privilege” to “least agency” principles specifically designed for AI environments. This means constraining AI agents’ permissions through contextual and continuous authentication, implementing granular access controls, and developing mechanisms to validate agent behaviours and intentions in real-time. The framework requires continuous behavioural monitoring and advanced technical capabilities beyond current human-centric models.
  • Proactive Security Requires Holistic, Multi-Domain Approach: Securing agentic AI demands a comprehensive framework covering six critical domains: governance, identity management, data security, application security, threat management, and Zero Trust principles. Organisations must adopt a phased implementation strategy starting with governance and risk management in the first six months, followed by technical control implementation over the next 12–18 months, building capabilities incrementally while maintaining flexibility to address emerging risks.

AEGIS

“Agentic AI is more than just another emerging tech trend. It represents a fundamental shift in how enterprises operate,” said Jeff Pollard, VP and principal analyst at Forrester in a recent blog about AEGIS. “These systems are distributed, autonomous, scalable, and designed to exhibit emergent behaviour. They don’t just follow instructions; they adapt, plan, and act. As enterprises race to deploy agentic AI, CISOs must pivot from securing systems to securing intent. That’s why Forrester built AEGIS.”

The Forrester AEGIS framework provides a phased implementation roadmap because organisations cannot address these challenges overnight, though the need is urgent. Security leaders must start with governance and risk management for maximum impact with minimal technology investment, then progressively build identity and access management capabilities, advance to DevSecOps and threat management, and finally optimise with Zero Trust principles specifically designed for agentic environments.

Tags
Photo of CSA Editorial CSA Editorial Send an email August 25, 2025
2 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Sensedia

Sensedia, Incore Seal MoU to Spark the Next Wave of Open Banking in Malaysia

August 25, 2025
KnowBe4

KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication

August 25, 2025
Keeper Security

Keeper Security Launches Innovative Biometric Login with Passkeys

August 23, 2025
Google

Google Announces New Defence Capabilities at Security Summit

August 22, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net