As enterprises race to connect AI agents to customer service platforms, customer relationship management (CRM) systems and internal business applications, new questions around security risk are moving up the agenda: what happens when autonomous tools gain access to sensitive customer data?
In this CX Today interview, Nicole Willing speaks with Vincent Danen, Vice President of Product Security at Red Hat, about how AI agents are reshaping enterprise risk. AI is already being embedded across customer support, software development and operational workflows. Yet as these systems become more capable and more autonomous, the security model around them needs to evolve too.
Danen explains that while traditional automation is predictable, repeating the same task in the same way, autonomous AI agents behave differently. They can make decisions, change commands and take actions that teams may not have fully anticipated. That creates a very different risk profile, especially when agents interact with customer records, support systems, code repositories, or other high-value enterprise environments.
The most immediate concern for CX teams is data leakage. If an AI agent can access sensitive customer information, there is a chance it could expose that data through prompt injection, misconfiguration or another emerging attack method. Danen’s advice is clear: limit what the agent can reach in the first place.
“Don’t give the agent access to the stuff that you don’t want it to tell people. That feels like common sense, but maybe it’s not so common. Because if the agent knows about it and can be tricked in some way that we haven’t discovered yet, or new types of prompt injections and other types of attacks seem to be happening on a regular basis, you can’t really protect against the thing that you don’t know exists.”
For enterprise leaders, that means sandboxing agents, segmenting data and reducing the blast radius if something goes wrong. If an AI agent only needs product information to answer customer questions, it should not have access to broader CRM records or private user information.
Danen also challenges assumptions about open source software, arguing that transparency should not be confused with insecurity. In his view, open source gives enterprises a clearer view of their threat landscape and more options to mitigate risk.
The wider message is pragmatic. Security vulnerabilities matter, but they are only one part of enterprise risk. Phishing, weak passwords, misconfigurations and poor visibility can be just as dangerous. As AI adoption accelerates, CX leaders need to understand their environments and risk tolerance to ensure autonomous agents are deployed with strong controls from day one.
Watch the full interview to learn how enterprise teams can reduce the blast radius of AI agents and avoid giving autonomous systems access to information they should never expose.