Who let the AI agents out of the bag?

By Scott Morris (pictured), Managing Director for Australia & New Zealand at Infoblox

The rise of large language models has made Generative AI a global phenomenon almost overnight. Despite the term first being coined in the 1950s, generative AI is everywhere now – dinner parties, billboards, podcasts and even your local supermarket. While this is likely to continue for the foreseeable future, the spotlight appears to be shifting, with agentic AI taking centre stage.

But what does agentic AI actually mean and why is everyone so excited about it?

Agentic AI is essentially the use of autonomous artificial intelligence systems designed to be decisive. The difference between agentic AI and its pal generative AI is that generative AI provides you with all the information possible for you to make an informed decision. Theoretically, agentic AI will use that information to take it a step further – making the decisions – and even taking action itself. The idea is that agentic AI or AI agents will need limited supervision.

The benefits are set to be transformative for businesses across most industries. The technology will increase operational efficiency, reduce workloads, scale projects and be able to autonomously discover and invoke other tools and services. Recent studies suggest more than half of Australian businesses are already using agentic AI.

But as we’ve seen with the adoption of generative AI in organisations, the success of the shiny new tool will depend on whether organisations have the right security, visibility and infrastructure in place before implementation.

Like generative AI, it is no surprise organisations are diving headfirst into the adoption of AI agents. However, as different parts of a business begin to see the technology’s value, there comes the risk of rogue agents popping up left right and centre, with IT teams struggling to keep track of all the agents.

With the autonomous behaviour of AI agents, it is even more critical for businesses and public sector to have structured guardrails in place. Policy should reflect reality and new amendments, such as those proposed in Singapore’s CSA and the USA’s NIST Cyber AI profile; including agent discovery as a foundational security control, a core part of any organisation’s layered approach to securing Agentic AI.

For example, the adoption of a DNS-AID would align agent discovery with zero‑trust principles so operators can use DNS naming and records to publish which agents and tools are authorised, and which destinations should be treated as trustworthy.

Because if AI agents are more decisive and capable of taking control in certain situations, the safety of an organisations entire IT department will depend on visibility and oversight.

Every time an AI agent reaches out across a network – to retrieve data, call an external service or execute a task – it generates Domain Name System (DNS) queries. Those queries are one of the earliest and most reliable signals that something is operating on your network, making DNS visibility a foundational piece of any agentic AI strategy. DNS isn’t just a logging source, it’s becoming a de-facto discovery and policy enforcement plane for agentic systems.

Agents with unmonitored autonomy and unauthorised access are known as “shadow AI agents”. These unknown agents may operate in unexpected places, lurking in the shadows, and skirting legitimate security controls. Because AI agents are constantly communicating across the network, shadow agents will inevitably leave a DNS footprint – but only organisations actively monitoring DNS traffic will catch them.

That’s why well-governed infrastructure is so critical. It must include internal clarity with teams beyond the IT department, to ensure employees are not setting up AI agents without the knowledge of their keepers. Otherwise, what could have been a dream come true for increased productivity, will become a complex, time-consuming game of hide and seek. Not only would this drain resources and waste precious time, but it would also become a cybersecurity nightmare.

That’s why organisations need to treat AI agents as identities, standardising how agents are authorised and audited across environments with robust monitoring protocols, and develop clearly defined policies to manage both sanctioned and unsanctioned AI activity. The advice would be to do this before the AI agents “run wild”. Because once AI agents are running amuck within an organisation, models can communicate laterally within the network, making their movements more difficult to track.

This brings forward another important consideration: what kind of applications can your AI agents visit? Are there networks or IP addresses that are deemed dangerous, and therefore need to be blocked?

So how can we reap the benefits of agentic AI while keeping assets visible?

The key will be to set up a way to track and monitor AI agents on the network. This can be achieved by tracking unique DNS queries. In order to do this, practitioners must be aware of the AI agents on the network.

Having an inventory of what AI is running on the network will become highly valuable, because unfortunately, the more relaxed an organisations policy is on AI agents, the wider the attack surface area.

The benefits of adopting agentic AI will outweigh the risks, if clear protocols are in place before implementation. Just like you wouldn’t buy a house without checking out the location first, don’t deploy AI agents without a robust vetting process in place.

For organisations, it’s simple. First, establish policy; second, gain visibility into network activity; and third, block unsanctioned activity at the infrastructure layer.

If productivity is the goal, policy needs to be the first step.