Presented by Snowflake
Too often, the history of enterprise security has been a history of making things harder to use. A new threat emerges, a new control is put in place, and somewhere in the process, people begin to work around the very systems that are designed to protect them.
Over the course of my career, I’ve seen firsthand that security adoption rarely fails because people don’t care about security. It fails because the safe path seems harder than the unsafe path.
In the age of AI, that lesson matters more than ever.
AI expands the attack surface and increases the limits of what attackers can do, making it even more important to simplify security. Security controls that require effort or inconvenience are ultimately ignored. People look for solutions. The answer is to make the safest path the easiest path.
Security works best when it’s out of the way
When security is easier to use than to avoid, people adopt it. Years ago, when the industry was introducing two-factor authentication on a large scale, the biggest challenge was not building security, but the hassle that came with using it. People had to stop what they were doing, grab the phone, launch the VPN, enter the code, and interrupt their workflow to log in.
What ultimately drove adoption was not the policy, compliance requirements, or security training. It was simplicity. Now since it is as easy as fingerprint or face scan, people use it without any hesitation.
This same principle inspired browser makers to make security more visible and intuitive to everyday users. Rather than expecting people to manually inspect URLs, modern browsers prominently mark non-HTTPS sites as unsafe, helping guide users toward safe behavior by default. Security became stronger to some extent as safe passage also became easier and more obvious.
Where complexity appears in AI
Agent permissions are a good example of where this works in AI systems. Employees accumulate many permissions over time through a project here, have a system access there, a role that is never cleared after a team change. Humans know which accesses are relevant to a task, even if the system does not actively enforce it.
Agents lack that judgment. The assigned agent will check every available path for a problem. If it can access up to 12 systems, but only two are needed for the task, it can still detect the other 10. This is just happening perfectly, but the result is a potential attack surface that is much larger than the required function.
It’s tempting to throw a human in the loop by marking important tasks and asking for approval before moving forward. But in practice, an agent may induce a human to approve a deeply technical action without sufficient context to decide whether it is appropriate. In most cases, they will approve it just to keep the workflow going. This only increases friction and a false sense of surveillance.
What is really needed is a permissions model built around intent. The agent should only have the credentials it needs for a specific task, and they should expire when the task is completed. The industry is already starting to move toward better models. Standards such as OAuth are evolving to support agentic AI, allowing agents to carry identities that are scoped to a specific task rather than a user’s full permission set.
Making AI security easier to use
Ease of use starts with visibility, so the first priority is knowing exactly what’s going on. Where are your agents connecting from? What data are they touching? What permissions are they using?
Many enterprises are surprised when they see the answers for the first time. Most organizations operate with approximately 80% visibility and control. The problem is the remaining 20%, because this is where the real risk lies. AI will find those gaps much faster than humans. Start by monitoring, even if you’re not ready to implement anything yet. Use AI to sort through what you find and prioritize the highest-risk behaviors. Then turn them off systematically.
On the identification side, move toward workload identification wherever possible. The old model of creating service accounts, downloading keys, and distributing them across your infrastructure is fragile and hard to audit. Modern cloud environments offer a better approach: workload identity is established upon deployment and credentials are never distributed as static keys. The management burden is reduced and the attack surface shrinks with it.
Particularly for agents, resist the temptation to give them broad permissions on the assumption that human approvals will catch problems before they happen. The Scope Agent obtains access to the existing task and ensures that those permissions expire after the task is completed. For teams managing multiple agent-to-tool connections, MCP gateways are emerging as a practical way to encode governance rules centrally rather than tool by tool. Keep the human in the loop for consequential tasks, not for every task, especially for tasks where the blast radius of the mistake is meaningful.
The pace of risk is accelerating
In the AI age, the gap between exposure and exploitation is rapidly disappearing, from days to hours, and in some cases minutes. CrowdStrike’s 2026 Global Threat Report states that the average time to escape for an attacker has increased by 65% year over year. As AI becomes more capable of autonomously identifying vulnerabilities, security teams that rely on manual response processes will be left behind.
However, the answer has not changed. The protection causing friction will eventually be bypassed. Security is built directly into the architecture, implemented by default and invisible in practice, other than what is actually implemented. AI raises the stakes, but the principle remains the same: security only works if the safe path is also the easiest.
Mayank Upadhyay is the Chief Security and Trust Officer at Snowflake.
Sponsored articles are content produced by a company that is either paying for the post or that has a business relationship with VentureBeat, and they are always clearly marked. Contact for more information sales@venturebeat.com.
<a href