Op-Ed: Agentic workspaces – securing Australia’s future now

These digital colleagues don’t just respond to commands. They act independently. A finance agent can draft reports, a customer service agent can juggle multiple conversations at once, and an HR agent can monitor employee sentiment in real time.

For a country like Australia, already among the most digitally connected in the world, the productivity upside is enormous. Banks, telcos and healthcare providers are already experimenting: for example, Commonwealth Bank of Australia is building what it describes as “virtual relationship managers” to serve its business banking customers. Also, interestingly, TechnologyOne, one of Australia’s largest enterprise software companies, has recently launched its own ChatGPT-styled products to be integrated into local government and businesses.

But, while the promise is clear, the risks are just as sharp. Without proper guidance and governance, agentic workspaces could open a dangerous new front in cyber.

The new cyber frontier inside the office

Australia already faces one of the highest rates of cyber crime globally, with 47 per cent of Australians experiencing at least one form of cyber crime in the past 12 months. Adding thousands of semi-autonomous agents to this picture without stronger controls could be reckless. If compromised, an agent could approve a fraudulent payment, leak patient data or make unauthorised changes at machine speed.

The attack surface is also growing. Every agent needs access to data and systems to do its job. That creates more potential doors for attackers to walk through. A single compromised HR agent could expose employee records, while a hacked sales agent could hand over sensitive customer information.

VIEW ALL

Then there’s trust. Workers may place too much confidence in AI outputs, assuming accuracy and security are guaranteed. Others may distrust agents altogether, slowing down adoption. Either way, the absence of clear rules and oversight undermines both security and productivity.

Australia has already seen what happens when governance lags behind digital adoption. The rise in ransomware incidents, breaches across universities, and ongoing state-aligned campaigns against critical infrastructure all have shown that the stakes are high. The agentic workspace could amplify these threats if left unchecked.

Why human-centric cyber security is the answer

The answer is not to slow the march of AI into our workplaces but to secure it properly. The younger generation is eager to embrace emerging technologies, with over 58 per cent already using tools like ChatGPT and Google’s Gemini in the workplace. Technology should always serve to protect and empower people, and that principle must also hold as human employees begin working side by side with autonomous agents.

This means rethinking how we defend against threats. Attackers are already experimenting with ways to manipulate AI assistants by embedding malicious prompts in emails or chat messages. New security measures need to spot and block these attacks across email, cloud and collaboration tools before they reach a person or an agent. In practice, this ensures that both humans and their digital colleagues can trust the interactions they rely on every day.

Data protection is another frontier. Information no longer sits quietly in a database – it moves constantly across SaaS platforms, mobile devices and now through AI agents themselves. Organisations will need the ability to see where their data is, classify its sensitivity, and enforce policies on how it is used. Automated controls and real-time monitoring will make sure information is accessed only for legitimate purposes and cannot be quietly siphoned off or misused.

Equally important is recognising that AI agents must be governed just as human users are. They need identities, permissions and guardrails. Extending zero-trust principles to agents ensures they remain effective but accountable, able to perform their tasks without straying beyond their mandate.

Finally, security operations themselves must adapt. With the scale and complexity of agentic work, AI will play a role in security too, taking over repetitive tasks, reducing alert fatigue, and allowing human experts to focus on oversight and strategy. This kind of augmentation is both efficient and essential for cyber resilience.

Taken together, these approaches show how human-centric cyber security can extend into the agentic era. The goal is to create a workplace where people and AI agents can collaborate securely, confident that the protections around them are as dynamic as the way they work.

Becoming AI-ready is key to a secure future for Australia

The federal government has pledged to make Australia “the most cyber-secure nation in the world by 2030”. That ambition will be tested by how we handle the shift to agentic work. The challenge is to ensure governance and security frameworks keep pace.

The future of work in Australia will be agentic, with humans and autonomous agents collaborating in real time, and reshaping how businesses and governments operate. The choice is whether that future is one of trust and resilience – or one where the rush to adopt leaves us exposed.

Getting the balance right means remembering a simple truth: technology’s role is to assist people. Protecting that principle, through human-centric cyber security, is how we will secure the agentic workspace and the future of work itself.