AI agents may be software, but they can’t be secured like it. Instacart CISO Mrityunjay Gautam argues we need to start treating them as "thinking entities" with the potential to become the ultimate insider threat. "If we are going to treat AI agents as software pieces, then we will usually like to go into the software bill of materials," Gautam notes. "That’s not what the agent is. The agent… can not just connect with your data sources, but also take actions on your behalf."
Gautam, who joined Instacart about six months ago after four years at Databricks, describes walking into a threat landscape that surprised even him. With AI on the scene, CISOs now have to grapple with “too helpful” agents that can inadvertently bypass security controls on their quest to accomplish their tasks.
Here’s where he sees the sharpest risks:
“MFA fatigue”, but with agents: When agents repeatedly prompt users for permission, a dangerous pattern emerges. "We get into the classic MFA fatigue equivalent," Gautam explains, "where users just keep saying yes, yes, yes, yes, yes without reading what they're saying yes to." The friction compounds until users abandon oversight entirely. "It comes to the point where the user will say, 'Okay, stop asking for permission. Just do what's helpful.'"
Inherited permissions: Among the most dangerous behaviors Gautam sees is users granting AI agents their own full access and permissions. Least-privilege principles must extend to agent identities — not just humans. At Instacart, the team evaluates intended data use, minimum data access requirements, and whether permissions are scoped accordingly.
Context poisoning: Logs can reveal what an agent is doing and whether it’s misbehaving — but the "context window" remains a black box. "We do not know when the context is getting poisoned and when it will become an insider threat," Gautam warns. It’s a blind spot with serious consequences.
His bottom line for CISOs: Attackers are already using the same technology to move faster. Defenders can’t afford to wait. “We have to build AI defenses to work at the same velocity.”
Watch the full Executive Exchange video above to learn more from Mrityunjay Gautam on AI accountability, agentic permissions, and what happens when powerful AI tools land in the wrong hands.
