Microsoft's Executive V-P of Security Charlie Bell has issued a stark warning about the security implications of AI agents in enterprise environments, urging organisations to implement robust governance frameworks to prevent AI from becoming "double agents" that undermine cybersecurity efforts.

In a blog post, Bell emphasised that while AI promises unprecedented productivity and innovation, it also introduces unique security risks as organisations rapidly deploy AI agents across their operations.

"AI isn't just another chapter - it's a plot twist that changes everything. The opportunities are huge, but so are the risks," Bell wrote.

Drawing a parallel to Star Trek characters, Bell compared the dual nature of AI to the android Data and his evil twin Lore, highlighting how AI agents can either strengthen or compromise security postures.

The warning comes as IDC research predicts there will be 1.3 billion AI agents in circulation by 2028, creating an urgent need for enhanced security measures.

Bell outlined three key principles for managing AI security risks: recognising the new attack landscape, practicing "Agentic Zero Trust," and fostering a culture of secure innovation.

"Unlike traditional software, AI agents are even more dynamic, adaptive and likely to operate autonomously. This creates unique risks," Bell explained.

The Microsoft security chief advocated for applying Zero Trust principles to AI deployments through "Containment" and "Alignment" - concepts he attributes to discussions with Mustafa Suleyman, Executive Vice President and CEO of Microsoft AI.

"Containment simply means we do not blindly trust our AI Agents, and we significantly box every aspect of what they do," Bell noted, adding that organisations must never let "any agent's access privileges exceed its role and purpose."

Bell emphasised the importance of proper identity management for AI systems, stating that "every agent must have an identity" with clear accountable ownership within the organisation.

To combat emerging threats, Bell recommended several practical steps, including assigning each AI agent an ID and owner, documenting their intent and scope, monitoring their actions, and keeping them in secure, sanctioned environments.

Microsoft has been developing solutions to address these challenges, including Microsoft Entra Agent ID, which helps customers assign unique identities to agents created in Microsoft Copilot Studio and Azure AI Foundry.

Bell indicated that Microsoft will unveil additional AI security innovations at the upcoming Microsoft Ignite event later this month.