In the ever-evolving landscape of cybersecurity, the emergence of Agentic AI presents both a challenge and an opportunity. As an expert in the field, I find myself reflecting on the implications of this technology and the critical need for organizations to adapt. The question is no longer if Agentic AI will impact security, but rather how quickly and effectively we can address this emerging blind spot.
The AI Revolution and Its Security Implications
Agentic AI, with its ability to execute tasks and make decisions autonomously, is already transforming various industries. However, its integration into production environments has raised concerns about security. The industry's initial focus on policy decisions (allow, restrict, or monitor) overlooks a fundamental aspect: understanding the technology itself. As the saying goes, 'You cannot secure what you do not understand.'
The analogy with cloud computing is telling. When cloud technology emerged, organizations that skipped the foundational work found themselves with complex environments they couldn't control. Similarly, with AI, the lack of understanding among security professionals is becoming a significant gap. This gap compounds over time, as business units move forward without the necessary security input.
Three Categories of Agentic AI and Their Risks
The Agentic AI landscape is diverse, and the risk profile varies across different categories. Here are three distinct categories worth exploring:
General-purpose coding and productivity agents: Tools like Claude Code and GitHub Copilot are already embedded in developer workflows. While they enhance productivity, their access to data and interactions with codebases require baseline security knowledge. Understanding these agents' capabilities and limitations is crucial for effective security management.
Vendor-built agents powered by MCP: The Model Context Protocol (MCP) enables agents to connect to external services. A malicious calendar invite with hidden instructions is a real attack vector. Security professionals must deliberate on configuration and security reviews to mitigate these risks.
Custom agents built by individual users: The barrier between security practitioners and code has traditionally been a significant challenge. With Agentic AI, anyone can build functional tools without traditional coding skills. This democratization of development presents both opportunities and risks. Security teams must now consider the supply chain of custom agents, ensuring proper security reviews and controls.
The Cost of Arriving Late
When security teams lag behind major technology shifts, the consequences are predictable. The rest of the organization moves forward without security input, and the exposure compounds. Powerful agents require broad permissions, and when something goes wrong, the blast radius can be significant. An agent with access to both a terminal and an email inbox can be manipulated through either channel, creating a lateral movement path for attackers.
Skills for Agentic AI Security Competency
Building competency in Agentic AI security requires two distinct layers of knowledge:
Understanding AI application architecture: Security professionals must grasp the components of AI applications, how agents consume inputs, and the access control implications of MCP-connected agents. This foundational knowledge enables meaningful engagement with the technology.
Staying current with tooling and threats: The AI security landscape is evolving rapidly. Vendors are developing controls, open-source frameworks are emerging, and threat taxonomies are constantly updating. Security teams must stay informed to navigate vendor solutions effectively and distinguish well-designed controls from marketing wrappers.
Configuration as a Security Control
Many Agentic AI deployments carry risk due to inadequate security-conscious configuration, not because of inherent tool flaws. A self-hosted AI assistant connected to Telegram, for instance, could respond to anyone without proper controls. A simple configuration change, such as pairing the agent with a single trusted account, can significantly reduce exposure. The principle of scope is crucial; agents should be limited to their intended functions to minimize attack surfaces.
Getting Ahead of the Curve
The organizations that build genuine AI security fluency now will shape the deployment of these systems. Those who arrive late will find themselves applying controls to architectures already decided without their input. I will be teaching a course, SEC545: GenAI and LLM Application Security, at SANSFIRE 2026, where practitioners can gain hands-on experience with techniques like model scanning to detect compromised models. This is where real understanding begins, and it's crucial for navigating the complex world of Agentic AI security.
In conclusion, the integration of Agentic AI into production environments demands a reevaluation of security strategies. By embracing engagement, understanding architecture, and staying current, security professionals can navigate this evolving landscape effectively. The organizations that lead in AI security fluency will be well-positioned to shape the future of this technology, ensuring a safer digital environment for all.
