Brought to you by snowflake
Too often, the history of enterprise security has been a story of making things harder to use. A new threat emerges, new control is introduced, and somewhere along the line, people start working with the very systems designed to protect them.
Throughout my career, I have seen firsthand that security adoption rarely fails because people don’t care about security. It fails because the safe path seems more difficult than the unsafe path.
In the age of AI, that lesson is more important than ever.
AI expands the attack surface and raises the limit of what attackers can do, making streamlining security even more critical. Security controls that require effort or inconvenience end up being ignored. People find solutions. The answer is to make the safe path the easy path.
Security Works Best When Stepped Away
When security is easier to use than to avoid, people adopt it. Years ago, when the industry was implementing two-factor authentication at scale, the biggest challenge was not developing the security itself, but the friction that came with using it. People had to stop what they were doing, pick up a phone, start a VPN, enter codes, and interrupt their workflow just to log in.
What ultimately drove adoption was not policies, compliance requirements, or security training. It was simplicity. Now that it’s as easy as taking a fingerprint or facial scan, people use it without hesitation.
The same principle drove browser makers to make security more visible and intuitive to everyday users. Instead of waiting for people to manually inspect URLs, modern browsers prominently mark non-HTTPS sites as insecure, helping guide users toward more secure behavior by default. Security became stronger in part because the safe path also became easier and more obvious.
Where complexity appears in AI
Agent permissions are a good example of how this plays out in AI systems. Employees accumulate numerous permissions over time through a project here, a system access there, a role that was never cleaned up after a team change. Humans know which access is relevant to a task even if the system does not actively apply it.
Agents lack that criterion. An agent assigned to a problem will explore all available routes. If you can access 12 systems but the task requires only two, you could still scan the other 10. You’re just being thorough, but the result is a much larger potential attack surface than the required task.
The temptation is to put a human being in the loop by pointing out important actions and asking for approval before continuing. But in practice, an agent can prompt a human to approve a deeply technical action without enough context to judge whether it is appropriate. In most cases, they will approve it simply to keep the workflow moving. This only adds friction and a false sense of supervision.
What is really needed is an intent-based permissions model. The agent should have only the credentials it needs for a specific task, and they should expire when it completes. The industry is already starting to move towards better models. Standards like OAuth are evolving to support agent AI, allowing agents to carry identities tied to a specific task, rather than a user’s entire set of permissions.
Making AI security easy to use
Usability starts with visibility, so the first priority is knowing what’s really happening. Where do your agents connect? What data are they touching? What permissions are they exercising?
Many companies are surprised by the answer when they first look at it. Most organizations operate with about 80% visibility and control. The problem is the remaining 20%, because that is where the real risk usually lies. AI will find those gaps much faster than humans. Start monitoring, even if you’re not ready to enforce anything yet. Use AI to examine what you find and prioritize the highest risk behaviors. Then close them systematically.
As for identity, move toward workload identity whenever you can. The old model of creating service accounts, downloading keys, and distributing them across your infrastructure is fragile and difficult to audit. Modern cloud environments offer a better approach: a workload’s identity is established at deployment time and credentials are never distributed as static keys. The management load decreases and with it the attack surface is reduced.
For agents specifically, resist the temptation to grant them broad permissions under the assumption that human approvals will catch problems before they happen. Grant the agent access to the task in question and ensure that those permissions expire once the job is completed. For teams managing multiple agent-to-tool connections, MCP gateways are emerging as a practical way to codify governance rules centrally rather than on a tool-by-tool basis. Keep a human informed about consequent actions, not all actions, especially those where the blast radius of an error is significant.
The pace of risk is accelerating
In the age of AI, the gap between exposure and exploitation is rapidly disappearing, collapsing from days to hours and, in some cases, minutes. CrowdStrike 2026 Global Threat Report documents that an attacker’s average escape time has accelerated by 65% year over year. As AI becomes more capable of autonomously identifying weaknesses, security teams that rely on manual response processes will be left behind.
The answer, however, has not changed. Security that creates friction will eventually be ignored. Security built directly into the architecture, applied by default and invisible in practice, is what really sticks. AI raises the stakes, but the principle remains the same: security only works when the safe path is also the easiest.
Mayank Upadhyay is Chief Security and Trust Officer at Snowflake.
Sponsored articles are content produced by a company that pays to publish or has a business relationship with VentureBeat, and are always clearly marked. For more information, contact sales@venturebeat.com.
