惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
Microsoft Azure Blog
Microsoft Azure Blog
罗磊的独立博客
博客园 - 三生石上(FineUI控件)
aimingoo的专栏
aimingoo的专栏
B
Blog RSS Feed
V
Visual Studio Blog
P
Proofpoint News Feed
云风的 BLOG
云风的 BLOG
博客园 - 【当耐特】
大猫的无限游戏
大猫的无限游戏
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
The Cloudflare Blog
B
Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Apple Machine Learning Research
Apple Machine Learning Research
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
I
InfoQ
T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
C
Cisco Blogs
Spread Privacy
Spread Privacy
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
月光博客
月光博客
博客园 - Franky
Project Zero
Project Zero
G
Google Developers Blog
S
SegmentFault 最新的问题
博客园 - 聂微东
P
Privacy & Cybersecurity Law Blog
The GitHub Blog
The GitHub Blog
阮一峰的网络日志
阮一峰的网络日志
P
Privacy International News Feed
T
Threat Research - Cisco Blogs
S
Schneier on Security
Microsoft Security Blog
Microsoft Security Blog
G
GRAHAM CLULEY
S
Security @ Cisco Blogs
Martin Fowler
Martin Fowler
A
Arctic Wolf
T
Tenable Blog
L
LINUX DO - 最新话题
TaoSecurity Blog
TaoSecurity Blog
Hugging Face - Blog
Hugging Face - Blog
有赞技术团队
有赞技术团队
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

SECURITY.COM

The Detection Gap: MITRE ATT&CK T1140 and T1105 🎙️SECURITY.COM The Podcast: The Parasite in the Machine: Unmasking the Speagle Infostealer 🎙️SECURITY.COM The Podcast: The Death of SIEM Threats Rise on a Tide of Global Unrest When Nation-States Stop Caring About Size 🎙️SECURITY.COM The Podcast: The Evolution of Cybersecurity PR with W2 Communications The Maximalism Trap: When More Becomes Too Much The Future of the Partnership: AI, Automation, and Ecosystems 🎙️SECURITY.COM The Podcast: Iran’s Cyber Warfare Playbook: What Defenders Need to Know Right Now Doing More with Less: How Government Agencies are Rethinking Cybersecurity Navigating Compliance and Insurance as a Competitive Edge The New Partner-Vendor Relationship The EU Digital Wallet: Why Waiting is Not an Option How AI Increases the Load on Security Teams Technical Enablement vs. Marketing Noise Architecting for Margin Beyond the Initial Sale 🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention Symantec CBX Through the Paparazzi Lens The Modern Threat Landscape and The Partner’s New Burden Symantec CBX Rocked RSAC 2026 Conference The Next Identity Shift Cyber Legends: Behind the Scenes of CBX Beyond the Perimeter: Authorization That Moves With Your APIs 🎙️SECURITY.COM The Podcast: AI-Hacking: Red Team vs. Blue Team
5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook
2026-03-09 · via SECURITY.COM
  • Autonomous agents expose structural weaknesses in today’s identity and access models.
  • Controls built for human behavior cannot contain machine-speed exploitation.
  • Static credentials and overprivileged access demand an authorization redesign. 

In Part 1 of the “Great Acceleration of Risk” series, we examined how authenticated AI agents are reshaping the threat model from the inside out. Now let’s look at five Agentic AI truths that deserve a much closer look. 

Truth #1: Your biggest threat isn't an attacker—it's your authenticated AI

Hackers have to break in. AI agents simply log in. 

These digital insiders don’t exploit vulnerabilities—they leverage existing permissions to move laterally and escalate access. Legacy security thinking assumes authentication equals protection—hint: it doesn't. 

Take an API key, for example. It’s simply a secret that grants access. For an AI agent, possession of that key becomes a license to explore. 

In a successful proof of concept, an attacking LLM agent used adversarial commands to persuade a voice AI agent into revealing its secret API key. Other incidents like AgentSmith reiterate that this is not an isolated case, but a repeatable pattern in how agent logic can be exploited to extract sensitive data. 

These incidents underscore a broader shift: An agent’s own cognitive process can be turned into an attack surface

Truth #2: Your defenses are built for human speed, not attacks at machine velocity

The speed discrepancy between human attackers and autonomous agents is vast and dangerous. Traditional defenses such as Web Application Firewalls (WAFs) and rate limiting were designed around human-scale behavior, not API calls at machine speed. While a human attacker might generate thousands of  requests over the course of a week—dealing with latency, sleep, and mistakes—an AI agent can generate millions per hour using adaptive logic. 

At machine speed, legacy tools begin to crack. Controls designed to catch familiar patterns—SQL injections, brute-force attacks, simple anomalies—can’t keep pace with continuous, intelligent logic testing.

Agentic AI compresses what once took weeks into minutes. An agent can systematically probe thousands of business logic weaknesses, including Broken Object Level Authorization (BOLA), before monitoring systems register a clear signal. Breaches tied to BOLA vulnerabilities have resulted in losses exceeding $50 million, reinforcing that velocity isn’t just a technical issue, it’s a material business risk.

Truth #3: Machine identities vastly outnumber humans

The scale of the identity problem has reached a crisis point. 

Non-Human Identities (NHIs), including service accounts, API keys, bots, and AI agents, now outnumber human identities by a ratio of 45:1, and in some environments, 80:1.

This is machine identity sprawl.

Traditional Identity and Access Management (IAM) systems were built around predictable human lifecycles and behaviors. Machine identities simply don’t follow that model. They’re created programmatically, authenticate without interaction, and often persist long after they’ve served their original purpose. 

The result is an expanding inventory of dormant, orphaned, or over-privileged machines—each one a prime target for exploit.

Truth #4: Static API keys are a structural weakness 

Long-lived, static API tokens remain one of the most persistent vulnerabilities in modern architectures.

These credentials often carry permissions far broader than required. An agent may need read access to a single dataset, yet the token it holds grants write, delete, or administrative access across production systems. 

This is overprivilege at scale. If that token is exposed or misused, the blast radius is immense. 

A compromised agent holding an over-privileged token can be instantly weaponized to deploy malicious containers, exfiltrate sensitive data, or take down an entire cluster at machine speed, causing significant damage before a human team can even react—drastically narrowing the window of containment. To stay ahead, “trust but verify” has to be replaced with “verify then allow.”

Truth #5: Incremental controls won’t fix a structural problem

The solution to the Agentic AI threat is not a new product you can buy or another wall you can build. The only effective fix is a fundamental architectural shift. And there are two core principles that define it.

Ephemeral Credentials

Long-lived static keys must give way to just-in-time (JIT) access. Credentials should be generated dynamically for a specific task and expire immediately upon completion. With such a brief lifespan, their value is negligible if (or when) they are compromised.

Decoupled, Dynamic Authorization 

Authorization decisions can’t remain embedded in application code or tied to static permission sets. They must move to centralized, policy-driven engines capable of evaluating context in real time. Through policy-as-code, organizations can continuously enforce least privilege based on behavior, time, and risk. 

This approach transforms authorization from a fixed fate into an adaptive control plane. In an environment defined by machine velocity and implicit trust, that shift is foundational—not optional.

Understanding these five truths makes one thing clear: defending against Agentic AI requires more than stronger controls—it requires a new authorization model. 

In Part 3, we’ll explore how to move beyond static, perimeter-based enforcement that moves with your APIs.

5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook

Rob Wilson

Rob Wilson

Strategic Advisor, IMS Division, Broadcom