Agentic AI: The Next Frontier in Security
In the fast-paced world of technology, Agentic AI is emerging as a game-changer, but it's also a potential blind spot for security teams. This article delves into the challenges and opportunities presented by Agentic AI, offering a unique perspective on why this technology demands our attention.
The Challenge of Understanding Agentic AI
Agentic AI is already operational in many organizations, executing tasks and making decisions independently. Yet, security professionals often find themselves playing catch-up, struggling to grasp the implications of this technology.
As the saying goes, "You cannot secure what you do not understand." This fundamental principle of information security is especially relevant when it comes to Agentic AI. Security teams must develop a deep understanding of AI engineering to effectively defend against potential threats.
The Language Barrier
Imagine a security team unable to speak the language of AI engineering. They can't challenge design decisions, propose controls, or ask informed questions. As a result, they get bypassed, and business units move forward without their input. This scenario has played out with every major tech shift, and AI is no exception.
The solution? Engagement. Security professionals must immerse themselves in the world of Agentic AI, experimenting with the same tools as developers. This hands-on approach is the key to developing a genuine understanding of AI and its potential risks.
Three Categories, Three Risks
The Agentic AI landscape is diverse, and the risks vary significantly. Here are three distinct categories to consider:
General-Purpose Agents: Tools like Claude Code and GitHub Copilot are already embedded in developer workflows. Whether approved or not, they're being used. Security teams must understand the data these agents can access and the actions they can take.
Vendor-Built Agents: Powered by the Model Context Protocol (MCP), these agents connect to external services. A malicious calendar invite, for example, can instruct an agent to execute hidden commands. This creates a live attack surface that requires careful configuration and review.
Custom Agents: Perhaps the most intriguing category. With Agentic AI, anyone can build functional tools without traditional coding skills. While this empowers security teams to develop specialized tools, it also means every team in the organization can create agents, often without a security review.
The Cost of Lagging Behind
When security teams lag, the organization moves forward without their input. Developers deploy, business units adopt, and security becomes an afterthought. As a result, exposure compounds. Powerful agents require broad access, and when something goes wrong, the blast radius can be significant.
An agent with access to a terminal and an email inbox, for instance, can be manipulated through either channel. Understanding how agents are built is crucial to mitigating these risks.
Building Competency in Agentic AI Security
Competency in Agentic AI security requires a two-pronged approach:
Understanding AI Architecture: Security professionals must grasp the components of AI applications from a practitioner's perspective. How do agents consume inputs, chain tools, and produce outputs? This foundational knowledge is essential.
Staying Current: The AI landscape is evolving rapidly. Vendors are developing security controls, open-source frameworks are emerging, and threat taxonomies are constantly updated. Security teams must know which tools to evaluate and which frameworks are gaining traction.
Configuration as a Security Control
Many Agentic AI deployments carry risks due to insecure configurations, not inherently flawed tools. For example, a self-hosted AI assistant connected to Telegram could respond to anyone without proper controls. A simple configuration change, like pairing the agent with a trusted account, can significantly reduce exposure.
The key is scoping agents to their intended functions, limiting the attack surface and potential blast radius.
Getting Ahead of the Curve
Organizations that invest in AI security fluency now will shape how these systems are deployed. Those who arrive late will find themselves playing catch-up, implementing controls after the architecture has been decided without their input.
Attending events like SANSFIRE 2026 can provide security professionals with the knowledge and tools to engage with AI systems from a position of strength. Courses like SEC545 offer hands-on experience with model scanning and other techniques to detect compromised models.
In a world where Agentic AI is becoming increasingly prevalent, staying informed and engaged is crucial. Security professionals must embrace the challenge of understanding this technology to ensure a secure digital future.
