Fran Rosch is the CEO of Imprivata, a digital identity company for life- and mission-critical industries.
In my last article, I explored how AI is more than just an enterprise tool. It’s becoming autonomous, empowered to act, decide and interact with systems, just as any human within an organization can.
This shift stopped feeling theoretical for me during a recent conversation with clinical leaders at a major U.S. healthcare system, who described how quickly AI was moving across their environment. What began as a cautious discussion about use cases led me to a deeper realization: AI agents are now active participants in the workforce, operating across clinical applications, browsers and endpoints in ways that mirror human behavior. The question, however, is whether organizations are truly prepared for what that level of autonomy brings from a security perspective.
Such a shift introduces significant risk. And nowhere is this transition more consequential than in healthcare.
From Tool To Actor
Over the last year, the AI conversation in healthcare has changed dramatically. Last year, ambient listening solutions were all anybody talked about at events like HIMSS and ViVE, and this reflected an industry still evaluating AI at the tooling level.
In 2026, I’ve noticed a shift that is reflected not only in the sheer number of AI vendors available but also in the maturity of these AI use cases. Health systems are no longer piloting AI tools in isolated workflows. They’re operationalizing them, moving from experimentation to embedding AI into real clinical and operational environments.
In my conversations at HIMSS and ViVE this year, I heard less about what AI could do and more about what it’s already doing. We’re seeing AI agents draft clinical notes, triage patient messages, manage prior authorizations and coordinate care pathways. These systems take action inside core clinical and administrative environments.
Why Healthcare Is Different
I’ve spent much of my career talking with healthcare leaders about risk. There’s always an immediacy to the tone of those conversations, because behind every system and workflow is a patient waiting for relief.
Unlike most retail or finance situations, in healthcare, risk can directly impact customer or patient safety. If an AI agent misroutes a referral, delays a prior authorization or introduces an error into clinical documentation, the downstream impact can affect diagnoses, treatment timelines and the ability to provide care.
The Rise Of Shadow AI In Clinical Settings
Another pattern that emerged from the headlines coming out of this year’s industry events was the rise of shadow AI. Front-line staff are constantly under immense pressure to do more with less. So, when they find tools that help them move faster, they use them—often without formal approval.
This isn’t a new phenomenon. Shadow IT has existed for decades, but AI raises the stakes in two critical ways: AI tools are easy to adopt and integrate into daily workflows, and the actions these tools take can directly influence clinical decisions and outcomes.
I find that many healthcare delivery organizations believe they have little to no unsanctioned AI activity in their environment. But in reality, many simply are not aware of how quickly AI-enabled workflows are infiltrating their networks. For example, one customer of mine, after conducting a manual review of identity provider data and network traffic, discovered more than 400 different AI agents and services already in use, many tied to individual employee-driven workflows. This finding underscores how quickly AI adoption is outpacing control.
The result is an environment in which AI agents interact with sensitive systems and data, often outside formal security policies and structures. Unlike traditional software, these agents learn and adapt, and they sometimes behave in ways that weren’t fully anticipated at deployment. This introduces a fundamentally new dynamic: These systems are not purely deterministic and must be managed more like co-workers than code.
The Speed Problem
The core challenge for AI in healthcare is that security still operates at human speed, while AI operates at machine speed. Healthcare organizations have built compliance around human timelines. Often, reviews take hours or days, audits take weeks or months, and access decisions are normally static.
AI collapses those timelines to seconds.
An AI agent can execute hundreds of actions before a human has reviewed a single event. This creates a fundamental imbalance, where human-speed oversight cannot keep pace with machine-speed action.
How To Secure AI Agents
If AI agents are becoming actors, then they must be treated as identities, the same as any clinician across an organization. That means moving beyond traditional access controls and thinking in terms of identity-driven security:
• What is this agent allowed to do?
• Under what conditions is it allowed to do it?
• How do we verify that it’s acting within its intended scope?
• What happens when it deviates?
• Who is accountable for its actions?
In healthcare, this becomes even more critical due to the environment’s complexity. AI agents often interact across multiple systems (clinical, operational and financial), each with its own rules.
Dynamic, context-aware controls that can adjust in real time are necessary. This includes capabilities like just-in-time access, clear ownership models and the ability to rapidly provision and revoke permissions at the same speed these agents operate.
Closing The Gap
Addressing this new reality requires a shift in how we think about control and security of agentic AI in healthcare.
Organizations need to know which AI agents are operating in their environment, what systems they’re accessing and what actions they’re taking. If an AI agent behaves outside its expected parameters, the system should be able to detect and respond in real time. Finally, it should be clear who owns the behavior of an AI agent and how decisions are traced when something goes wrong.
There’s a clear evolution in the way healthcare leaders view and use AI. What began as experimentation is now integration, with AI being woven into care delivery as an integral part of the team itself. That’s the real inflection point. The moment AI acts, it assumes an identity, and when it does, it must be secured like one.
In a world of machine-speed actors, security can’t afford to move at human speed.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
