The Limits of Anomaly Detection
Anomaly detection has become a standard capability in many security tools, but it is only the starting point. A login attempt at 3 a.m. with valid credentials might trigger an alert, but without additional context, analysts cannot determine if it is a threat or a routine event like an employee traveling. Security teams often lack real time integration between HR systems and identity and access management platforms, leaving them to make decisions without the full picture. As Sujatha S Iyer, head of AI security at ManageEngine, noted, organizations need tools that bring together diverse data sources to produce decisions that are accountable, explainable, and context aware.
Agentic AI and the Privilege Problem
The same gap becomes critical in agentic artificial intelligence deployments, where enterprises frequently grant admin level access for convenience. This practice leaves a single API key as the only barrier to the entire backend. Iyer recommends scoping agent access to specific functions, securing the data access layer, and embedding security and privacy into design from the start. Without these measures, the risk of a misconfigured AI agent exposing sensitive systems remains high. Iyer, who leads AI security efforts at ManageEngine and has nearly 10 years of experience across AI engineering, deep learning, and product development, shared these insights in a video interview with ISMG at Cybersecurity Week in Mumbai.
Source: Healthcareinfosecurity
