Abstract
Enterprise AI agents are rapidly moving beyond simple task automation to become autonomous systems that can make decisions, access enterprise data, and operate across digital environments.
This shift opens up new possibilities for efficiency and innovation—but also introduces governance, identity, and security challenges that traditional IAM models were never equipped to handle. This whitepaper explores the emerging risks with agentic AI, including permission creep, identity misuse, memory poisoning and gaps in accountability. Built on OWASP’s GenAI Security framework, Tech Mahindra and Microsoft present a practical approach to adaptive trust and AI governance.
It highlights technologies such as Entra Agent ID, Purview, Defender, Orion, and VerifAI, and outlines actionable strategies to build AI ecosystems that are scalable, auditable, resilient, and secure—enabling organizations to innovate with confidence.
Key Insights
Adaptive Trust Framework for Enterprise AI Governance
A modern governance framework designed for autonomous AI agents that adapts continuously to their behavior, intent, permissions, and evolving risk across enterprise environments.
Integrated AI Identity and Access Management
Brings together Microsoft Entra Agent ID and Tech Mahindra’s AI governance capabilities to deliver secure, auditable, and role-based identity management for AI agents.
OWASP-Aligned Security and Risk Mitigation
Maps enterprise AI risks to OWASP GenAI security standards, enabling organizations address threats such as tool misuse, privilege abuse, and memory poisoning with greater clarity and control.
Behavioural Validation and Continuous Monitoring
Uses AI validation and continuous behavioural monitoring to detect anomalies, track agent activity, and support responsible execution across workflows and connected systems.
Scalable Governance for Autonomous AI Systems
Applies least-privilege access, conditional policies, and adaptive authorization to securely scale agentic AI deployments
