Presented by Snowflake
Too often, the history of enterprise security has been one of making usability difficult. A new threat emerges, a new administration is shut down, and somewhere in the process, people begin to work around the systems designed to protect them.
Throughout my career, I’ve seen firsthand that security adoption rarely fails because people don’t care about security. It fails because the safe path seems more difficult than the unsafe path.
In the age of artificial intelligence, this lesson is more important than ever.
AI expands the attack surface and raises the ceiling on what attackers can do, making it even more important to simplify security. Security controls that require effort or inconvenience are ultimately ignored. People find solutions. The answer is to make the safe way the easiest way.
Safety works best when it’s out of the way
When security is easier to use than escape, people embrace it. Years ago, when the industry was rolling out two-factor authentication at scale, the biggest challenge wasn’t building the security itself, but the friction in using it. People had to stop what they were doing just to log in, pick up the phone, turn on the VPN, enter the codes, and hack into the workflow.
In the end, adoption was not driven by politics, compliance requirements, or security training. It was simplicity. Now that it’s as easy as a fingerprint or face scan, people use it without hesitation.
The same principle has driven browser manufacturers to make security more visible and intuitive for everyday users. Instead of waiting for people to manually check URLs, modern browsers help guide users to more secure behavior by default by explicitly declaring non-HTTPS sites as untrusted. Safety has been enhanced in part because the safe path has also become easier and clearer.
Where complexity appears in AI
Agent permissions are a good example of where this plays into AI systems. Employees accumulate multiple permissions over time through a project here, a system login there, a role that never gets purged after a team change. Even if the system doesn’t actively apply it, people know which input is relevant to the task.
Agents are deprived of this decision. The agent assigned to the problem will check every available path. If he can access 12 systems, but only needs two to complete a task, he can still explore the other 10. It’s simply comprehensive, but the result is a much larger potential attack surface than the task requires.
The trick is to throw a person in a loop by noting important actions and asking for confirmation before moving on. But in practice, an agent may prompt a human to approve a deeply technical action without enough context to judge whether it is appropriate. In most cases, they will simply approve it to continue the workflow. This only adds friction and a false sense of control.
What is really needed is a permission model built around intent. An agent should only have the credentials it needs for a specific task, and they should expire when the job is done. The industry is already starting to move towards better models. Standards such as OAuth are evolving to support agent AI, allowing agents to carry task-specific scoped identities rather than the user’s full permission set.
Making AI security easier to use
Ease of use starts with visibility, so the first priority is knowing what’s actually going on. Where do your agents join? What information do they touch? What permissions do they use?
Many businesses find the answer surprising at first glance. Most organizations operate with about 80% visibility and control. The problem is the remaining 20%, because this is where the real risk tends to reside. AI will find these loopholes faster than humans. Even if you’re not ready to implement anything yet, start with monitoring. Use AI to review your findings and prioritize the highest-risk behaviors. Then close them systematically.
On the identity side, move toward workload identity wherever you can. The old model of creating service accounts, downloading keys, and distributing them across your infrastructure is fragile and difficult to audit. Modern cloud environments offer a better approach: workload identity is determined at deployment, and credentials are never distributed as static keys. The control load is reduced and with it the attack surface narrows.
For agents in particular, resist the temptation to give people broad permissions in the belief that their consent will catch problems before they occur. Cover the agent’s access to the task at hand and ensure that those permissions expire when the work is done. For teams managing multiple agent-instrument relationships, MCP gateways emerge as a practical way to code management rules centrally rather than on a per-instrument basis. Keep the person in the loop for consecutive moves, not every move, especially moves where the bug’s blast radius makes sense.
The pace of risk is increasing
In the age of artificial intelligence, the distinction between exposure and exploitation is rapidly disappearing, collapsing from days to hours and, in some cases, minutes. CrowdStrike 2026 Global Threat Report Documents showing that the average time to breach by attackers has accelerated by 65% year over year. As AI has the ability to autonomously identify vulnerabilities, security teams that rely on manual response processes will be left behind.
The answer hasn’t changed though. Security that creates friction will eventually be bypassed. Security built directly into the architecture, applied by default, and invisible in practice is the type that is actually protected. Artificial intelligence increases the risks, but the principle remains the same: security only works when the safe way is also the easiest way.
Mayank Upadhyay is Chief Security and Trustee at Snowflake.
Sponsored articles are content produced by a company that paid for the post or has a business relationship with VentureBeat and is always clearly marked. Contact for more information sales@venturebeat.com.
