This week brought significant developments in data privacy and security as AI agents become more common in businesses worldwide.

AI agents are smart computer programs that can think, decide, and act on their own without constant human control. Unlike regular software, these agents can learn from experience and make independent choices about how to handle data and interact with systems.

A major study released this week called AI at Work 2025 surveyed business leaders around the world about their experiences with AI agents. The results show that while these technologies bring many benefits, they also create new privacy and security challenges that companies are struggling to manage.

The study found that data privacy and security risks are the top two concerns for business leaders using AI agents. This makes sense because AI agents often need access to sensitive company information and customer data to do their jobs effectively. When an AI agent has access to lots of data, there's always a risk that information could be stolen, misused, or accidentally shared with the wrong people.

One of the biggest challenges is managing identity and access management for AI agents. Unlike human employees, AI agents don't have a specific person responsible for their actions. They also have very short lifespans and need to be created and deleted quickly as business needs change. This makes it much harder to keep track of what each agent is doing and ensure they only access the information they need.

Experts are calling this new era the age of agentic AI. In this world, privacy is no longer just about building walls around our data. Instead, it's about trusting that AI agents will handle our information responsibly even when we're not watching them. This is a big change from how we used to think about data protection.

The problem is that AI agents don't just store and move data around. They also interpret it, make assumptions about it, and use it to make decisions. For example, an AI health assistant might start by helping you drink more water, but over time it could begin analyzing your voice for signs of depression and making decisions about what information to share with your doctor.

This creates new legal challenges too. Current privacy laws like GDPR in Europe were designed for simpler systems where data moves in predictable ways. But agentic AI operates in complex, changing contexts where the same piece of information might be used differently depending on the situation.

In the United States, lawmakers are working on new rules to address these challenges. The Privacy Act Modernization Act of 2025 is being discussed to give people stronger rights over how the government collects and uses their data. There's also a new Department of Justice rule about cross-border data sharing that sets strict limits on who can access sensitive US data and where it can be sent.

China has been very active in creating new data protection rules. This month, Chinese regulators released guidelines for QR code ordering systems that prevent restaurants from forcing customers to follow social media accounts or give their phone numbers. They also created rules for shake-to-trigger advertising to prevent phones from accidentally opening ads when people shake their devices.

The Chinese government also released a checklist for companies to help them understand what regulators will be looking for during data security inspections. This is the first time China has provided such clear guidance about their expectations for data protection and cross-border data transfers.

Business leaders are responding to these challenges by investing more in identity and access management systems. The AI at Work 2025 study showed that 85% of leaders now consider IAM either very important or important for successfully using AI agents. This represents a seven percentage point increase from the previous year, showing how quickly awareness of these issues is growing.

Experts recommend that companies start thinking about privacy and security from the very beginning when they design new AI systems. This privacy by design approach is much more effective than trying to add protection measures after the system is already built.

Looking ahead, the challenge will be creating new legal frameworks that can keep up with rapidly evolving AI technology. As AI agents become more sophisticated and autonomous, we'll need new concepts like AI-client privilege to protect the confidential information people share with their digital assistants.

The message from this week's developments is clear: AI agents offer tremendous benefits for businesses and consumers, but they also require us to completely rethink how we protect privacy and security in the digital age.