Your AI agent has your passwords right now. Not metaphorically. Literally.

AIAIAgentsCybersecurityBusinessStrategyAIStrategy

Your AI agent has your passwords right now. Not metaphorically. Literally.

If you've connected an agent to your email, CRM, database, or payment system, it's probably holding real API keys and credentials. If that agent gets compromised (a bad plugin, a prompt injection, or just a model mistake), the blast radius is whatever those credentials allow.

This isn't theoretical. This week, a fake AI skill infected 26,000 agents through a single mutable link. A compromised agent drained $170K from a crypto wallet. Five Eyes intelligence agencies warned that AI-accelerated cyber threats are months away. And only 8.5% of MCP servers (the protocol most AI agents use to connect to your tools) use OAuth. The rest rely on static API keys or nothing at all.

Before you give any agent access to anything that matters, ask these five questions.

1. Does the agent hold real credentials, or does it use a broker?

Don't work harder to make it safe for agents to hold secrets. Make sure they never do. A credential broker sits between the agent and the API, swapping in the real key only at the last second. If the agent is compromised, all an attacker gets is a worthless token. If your vendor can't explain how credentials are handled (or gives you a blank stare when you ask), that's your answer.

2. Can the agent access more than it needs?

An agent deployed to schedule meetings shouldn't be able to read your financial records. But most agent frameworks default to broad permissions because restricting access creates friction. Permission creep happens gradually (one new integration at a time) until the agent has access no human in a comparable role would ever be granted.

3. What happens when (not if) something goes wrong?

Agents take irreversible actions. An agent that sends an email can't unsend it. One that modifies a database has already changed production data. One that moves money has moved money. You need enforcement before the action completes, not a report afterward.

4. Can you revoke the agent's access in under a minute?

When a human employee gets fired (or quits dramatically), you disable their account. When an agent goes rogue, can you kill its access just as fast? If revoking means tracking down scattered API keys across multiple services, you're going to burn a lot of time discovering how many systems it touched while you were scrambling.

5. Who's watching what the agent actually does?

Not what it says it's doing. What it actually does. Every tool call, every data access, every external request. Logged, monitored, and alertable. When companies audit their AI footprint, they consistently find two to four times more agents running than anyone expected.

I'm not anti-AI. I'm anti-careless. These five questions won't make you bulletproof, but they'll put you ahead of the companies that find out the hard way their agent had the keys to everything.