The EU AI Act has an agentic problem, according to Roey Eliyahu, CEO and Co-founder of the platform Salt Security.
The EU AI Act entered into force in August 2024, with the most significant obligations for high-risk AI systems becoming fully enforceable on August 2, 2026. While much of the debate around the legislation has focused on transparency, explainability and model bias, the bigger operational challenge for enterprises is understanding and controlling what AI systems actually do inside the organisation.
AI systems are increasingly agentic. They do not just generate outputs or respond to prompts. AI agents can take action through APIs, interact with enterprise workflows, access sensitive data, connect to MCP servers and execute decisions autonomously at machine speed. That action layer is now where a significant portion of enterprise compliance and cybersecurity risk exists.
For CISOs and security teams, the challenge is proving operational control. The EU AI Act requires organisations deploying high-risk AI systems to demonstrate ongoing risk management, logging, cybersecurity resilience and meaningful human oversight. Organisations that cannot provide evidence of those controls face penalties of up to 35 million euros or 7 per cent of global annual turnover for the most serious violations.
A Fresh Look at AI Governance
Yet, many enterprises are still approaching AI governance from the wrong angle. Security investment has largely focused on the model layer through responsible AI frameworks, prompt filtering and output testing. Those controls remain important, but the Act also applies to the systems AI agents interact with once deployed, particularly APIs, machine-to-machine communications and orchestration layers.
That distinction matters because APIs have become the execution layer for enterprise AI. Every time an AI agent retrieves customer records, triggers a financial transaction, accesses an HR platform or connects to an internal service, it does so through APIs. Under the EU AI Act, those interactions fall directly within the scope of cybersecurity, monitoring and logging obligations.
The Visibility Challenge
This creates a major visibility gap across many organisations. Traditional AI security tools understand the model but have limited visibility into API activity and downstream actions. Traditional API security tools can monitor traffic but often lack awareness of the AI systems driving those requests. Security teams are left without a complete view of how AI behaviour translates into operational risk.
The challenge becomes particularly significant under Articles 9, 12, 14 and 15 of the EU AI Act. Article 9 requires continuous and iterative risk management across the AI lifecycle. Article 12 mandates tamper-evident logging and record keeping. Article 14 requires meaningful human oversight and the ability to intervene when systems behave unexpectedly. Article 15 introduces cybersecurity resilience obligations covering adversarial attacks, prompt injection, data poisoning and unauthorised access.
For many organisations, those requirements become difficult to satisfy once AI agents are connected to APIs, MCP servers and internal enterprise systems. In multi-agent environments, agents may interact with one another, trigger workflows autonomously and access sensitive systems without direct human involvement. Without continuous monitoring and behavioural visibility, organisations will struggle to classify risk accurately or demonstrate compliance during regulatory scrutiny.
The Agentic Security Graph
This is where the Agentic Security Graph becomes important. It provides continuous visibility across the full chain of AI interactions, including LLMs, MCP servers and APIs. It maps how agents communicate, what systems they can access, what data they retrieve and which actions they execute. That visibility creates the operational foundation required for governance, oversight and compliance.
Continuous monitoring is becoming a core requirement for enterprise AI security. Articles 72 and 73 of the Act introduce ongoing post-market monitoring and mandatory incident reporting obligations. Organisations must be able to identify incidents quickly, preserve evidence and report serious events within strict timelines, including as little as 24 hours for life or safety risks and 72 hours for other serious incidents.
To support those obligations, security teams need behavioural monitoring across the AI action layer. That includes establishing baselines for normal API and agent behaviour, then detecting deviations linked to prompt injection, data poisoning, model evasion or unauthorised data access. Monitoring east-west traffic between agents and internal services is also becoming critical as multi-agent architectures become more common.
Context and Human Oversightย
Human oversight is another area where many enterprises remain underprepared. Effective oversight requires more than simply placing a human approver into the workflow. Operators need contextual visibility into which agents carry the highest risk, what systems they can access and when intervention is necessary. Real-time alerting and behavioural analytics help security teams identify high-risk actions before they escalate into operational or compliance incidents.
Logging obligations under the Act will also place pressure on organisations that lack mature monitoring infrastructure. Article 12 requires automatic and tamper-evident logging capable of supporting investigations and regulatory scrutiny. For agentic AI, that means capturing API requests, responses, authentication context, behavioural anomalies and interaction histories across the full stack.
The compliance challenge becomes even more complex in multi-agent architectures. Recitals 99 and 100 of the Act address AI systems that interact with other AI systems. Organisations therefore need traceability across the full chain of agent activity, including which agent initiated a workflow, which APIs were invoked and how decisions propagated across connected systems.
The Time to Act Is Now
Security leaders should act now rather than waiting for enforcement deadlines to approach. The first step is identifying every AI agent, MCP server and API connection operating across the organisation, including shadow AI deployments outside formal governance processes. Organisations should then classify high-risk systems, implement continuous monitoring and logging, test oversight procedures and validate incident reporting processes against the timelines required by the Act.
The EU AI Act is reshaping enterprise security because it focuses on governing AI behaviour as much as AI capability. APIs are now central to how enterprise AI systems operate, making API and agentic security essential to compliance strategy. Organisations that can demonstrate visibility, monitoring and governance across the Agentic Security Graph will be in a far stronger position as enforcement accelerates across Europe in 2026.
