Microsoft encourages organisations to adopt ‘zero trust’ strategies and foster a culture of secure innovation. Zero trust is not new, but its application to AI agents is. “Zero trust means designing systems where nothing is trusted by default, AI behaviour is continuously verified, and observability and risk-based conditional access are implemented from the start,” says Oberoi. “For customers operating across Europe, this approach aligns closely with the EU AI Act requirements for risk management, cybersecurity protections and human oversight, as well as the UK’s emphasis on robustness and accountability rather than simple prescriptive rules.” The EU AI Act, the world’s first comprehensive AI law, comes into effect in June 2026. It ensures organisations use AI systems in the European Union safely, transparently, traceably and without discrimination, while promoting sustainability. Organisations must implement risk-based safeguards, maintain detailed documentation of AI system behaviour and build human oversight into decision-making processes. “A zero trust approach to agents helps close the gap by explicitly verifying every identity, enforcing least-privilege access, continuously monitoring behaviour and applying conditional access based on risk signals,” says Oberoi. Crucially, organisations also need visibility. “You can’t protect what you can’t see, and you can’t manage what you don’t understand,” says Jakkal. “Observability is having a control plane across all layers of the organisation (IT, security, developers, and AI teams) to understand what agents exist, who owns them, what systems and data they touch, and how they behave.” Without a unified control plane, organisations risk losing sight of how many AI agents they have deployed, what permissions they hold and how they evolve over time. At the 2026 Microsoft AI Tour in London, UK, “ Like human employees, an agent with too much access – or the wrong instructions – can become a vulnerability” VASU JAKKAL, MICROSOFT SECURITY COVER STORY 40 At the 2026 Microsoft AI Tour in London, Microsoft’s Alym Rayani described Microsoft Agent 365 as ‘a central control plane for agents’ Photo: Technology Record
RkJQdWJsaXNoZXIy NzQ1NTk=