AI agents aren’t coming … they’re already here. And they’re not waiting for your security architecture to catch up. As enterprises race to deploy agentic AI, CISOs must pivot from securing systems to securing intent. That’s why Forrester built AEGIS.

Forrester clients can read the full report, Introducing Forrester’s AEGIS Framework: Agentic AI Enterprise Guardrails For Information Security.

Why AEGIS, And Why Now?

Agentic AI is more than just another emerging tech trend. It represents a fundamental shift in how enterprises operate. These systems are distributed, autonomous, scalable, and designed to exhibit emergent behavior. They don’t just follow instructions; they adapt, plan, and act.

Traditional cybersecurity models, built for human-centric systems, are ill-equipped to handle this. Agentic AI introduces:

  • Emergent behavior that can bypass entitlements and escalate privileges.
  • Cascading failures triggered by hallucinated or corrupted data.
  • Obscured causal provenance, making post-incident forensics nearly impossible.
  • Decision fatigue for humans in the loop, overwhelmed by agentic scale.

CISOs must now secure intent, not just infrastructure.

Cybersecurity Loses One Of Its Biggest Luxuries

Cybersecurity (like IT), has a long history of blaming the user: “If only the user hadn’t clicked on the link, put in their password, or opened that PDF, then the breach wouldn’t have happened.” Now that the agentic enterprise is here, cybersecurity pros, ironically, are about to discover that user behavior was one of their biggest luxuries. Here’s why:

Users are predictable. Willpower is finite.

Agents are relentless. Willpower is infinite.

People want to do their job. If they encounter resistance, they might try a few different ways to get things done (hence the birth of shadow IT and BYOAI), but there’s a limit to their motivation and, most importantly, their ability. If they don’t succeed, they’ll escalate, call the helpdesk, or give up.

Kiss that luxury goodbye, because agents are code. Agentic systems take this to another level because they are programmed to overcome obstacles and exhibit emergent behavior by design. Agent ability increases with each action. Soon, CISOs will opine about the “good ol’ days” when all we had to worry about was a user in finance opening every email no matter how suspicious; that was so much easier than dealing with thousands of ephemeral agents completing tasks autonomously.

What Is AEGIS?

AEGIS — Agentic AI Guardrails For Information Security — is Forrester’s six-domain framework designed to help CISOs secure, govern, and manage AI agents and agentic infrastructure. The six AEGIS domains are:

  1. Governance, risk, and compliance (GRC)
  2. Identity and access management (IAM)
  3. Data security and privacy
  4. Application security
  5. Threat management
  6. Zero Trust architecture

Each domain is built to evolve with the technology, not lag behind it. AEGIS introduces principles such as least agency, continuous assurance, and explainable outcomes to help security leaders adapt to this new paradigm.

How To Get Started

AEGIS includes a phased implementation roadmap, because this isn’t an overnight uplift. It is, however, an urgent one. Organizations still struggling with securing generative AI will find that AI agents are on their way. CISOs have to act now. AEGIS recommends that security leaders:

  1. Start with GRC. Leverage minimal tech for maximum impact. Establish governance, build inventory systems, and define acceptable use.
  2. Build IAM and data security. Treat agents as a new identity class. Secure data provenance, memory, and enclaves.
  3. Advance to DevSecOps and threat management. Secure the agent lifecycle, detect hallucinations, and deploy circuit breakers.
  4. Optimize with Zero Trust principles. Enforce least agency, monitor emergent behavior, and isolate rogue agents.

Each domain builds on the last to accelerate your readiness.

Why This Matters

Agentic AI changes the game:

  • Intent becomes your biggest challenge.
  • Emergent behavior becomes a new threat vector.
  • CISOs become the new architects of trust.

Security leaders must shift from “block or allow” to “probability of success,” and CISOs need to realize that challenges also create opportunities. AEGIS equips them to lead with confidence, not caution.

Forrester clients can read the full report.

Attend our Security & Risk Summit, November 5–7, in Austin, Texas, to learn more about how security will be transformed by AI agents and agentic AI in two keynotes. The first will be led by Allie Mellen, titled The Security Singularity and covering how AI will transform the way that attackers and defenders operate. The second keynote, which I’ll deliver with my colleague Jess Burn, is called The CISO Of The Agentic Future; we’ll discuss how AI agents will transform your security program.

To discuss the report in detail and strategize on how to make the best use of our new framework, Forrester clients can set up a guidance session or inquiry with me.