The rise of agentic AI is reshaping the technological landscape, but it’s also creating a gaping blind spot in the realm of cybersecurity. Personally, I think this is one of the most underappreciated challenges of our time. While organizations are rapidly adopting AI agents to streamline operations, the security teams tasked with protecting these systems are often left in the dark. What makes this particularly fascinating is how history seems to be repeating itself—just as cloud computing once outpaced security measures, AI is now doing the same, but at an unprecedented speed and scale.
From my perspective, the core issue isn’t just about policy or monitoring; it’s about understanding. You cannot secure what you do not comprehend, and right now, many security professionals are struggling to grasp the intricacies of agentic AI. This isn’t merely a technical gap—it’s a strategic one. When security teams fail to engage meaningfully with AI technologies, they risk becoming irrelevant. Business units will move forward without them, not out of malice, but because they can’t afford to wait. This raises a deeper question: Are security teams evolving fast enough to remain indispensable partners in the AI era?
One thing that immediately stands out is the democratization of AI tool-building. With agentic AI, anyone—from marketers to finance teams—can create functional tools without writing traditional code. While this is a game-changer for productivity, it’s also a double-edged sword. Most of these custom agents bypass security reviews, creating a shadow ecosystem of tools that could introduce vulnerabilities. What many people don’t realize is that this isn’t just a technical risk; it’s a cultural one. Security teams need to shift from being gatekeepers to enablers, helping teams build secure tools without stifling innovation.
The risk landscape is further complicated by the three distinct categories of AI agents. General-purpose tools like GitHub Copilot are already embedded in workflows, yet their access to sensitive data often goes unquestioned. Vendor-built agents, powered by protocols like MCP, introduce new attack vectors—like malicious calendar invites that can trigger unauthorized actions. And custom agents, built by non-technical users, are the wild west of AI security. If you take a step back and think about it, this is a supply chain problem in disguise, where the chain is internal and largely unregulated.
What this really suggests is that security teams need to rethink their skill sets. Understanding AI architecture from a practitioner’s perspective is no longer optional—it’s essential. But it’s not just about knowing how agents work; it’s about staying current in a rapidly evolving landscape. Vendors are already peddling AI security solutions, but without foundational knowledge, security teams risk being sold snake oil. A detail that I find especially interesting is how configuration—often overlooked—can be one of the most effective security controls. Limiting an agent’s scope to its intended function can drastically reduce the attack surface, yet this simple principle is frequently ignored.
The tension between utility and security is real. Powerful agents require broad access, but that access comes with significant risk. Finding the right balance demands early involvement from security teams in the design process. Organizations that fail to do this will find themselves playing catch-up, applying bandaid fixes to systems that were never designed with security in mind.
Looking ahead, the organizations that invest in building AI security fluency today will be the ones shaping the future of this technology. Those who wait will be left to clean up the mess. This July, I’ll be teaching a course at SANSFIRE 2026 that dives deep into these challenges, offering hands-on training in AI application security. It’s not just about keeping up—it’s about getting ahead.
In conclusion, agentic AI isn’t just a technological shift; it’s a paradigm shift for cybersecurity. The question isn’t whether security teams can adapt, but whether they will. The clock is ticking, and the stakes have never been higher.
