Definitely, that's the issue with legacy tools and just plugging AI agents on top of existing API capabilities that were designed for human in the first place. Retrofitting agent-safety onto APIs that predate agents is harder than it looks (guardrails, permissions scopes etc.)

Disclosure: I'm CTO of an ITSM product in this space (Siit), so I think about this a lot.