Why the agentic AI era demands a completely new approach to enterprise security – and what to do about it.
Microsoft dropped a broad set of security announcements yesterday, and the headline item was telling: a new runtime protection layer explicitly for AI agents. It gives the industry a same-day news peg for an issue that most engineering teams have been quietly ignoring while racing toward deployment.
The underlying data is alarming. 88% of organisations confirmed or suspected AI security incidents this year, yet only 14.4% have full security approval for the agents they have deployed. That is a massive discrepancy with serious consequences. What it implies for the security infrastructure most organisations rely on is genuinely uncomfortable. We are connecting autonomous systems to core data pipelines, and we are doing it largely blind.
Only 24.4% of organisations have full visibility into which agents are communicating with each other, and more than half run without any security oversight or logging. The reality is that agent adoption has created an entirely new attack surface that existing security frameworks were simply not designed for.
The gap in the perimeter
The traditional security stack – firewalls, identity providers, and role-based access controls – was designed around a clear assumption: a human is the primary driver of requests. The architecture was optimised for that. You verify the user, you check their permissions, and you let them through to interact with predictable application logic. For what it was built to do, it works well.
Then you introduce AI agents. These systems run continuously, reason across multi-step workflows, and query data autonomously at any hour without a human composing the request. Most organisations have no idea what is actually running in their environment right now. Agents string together APIs and pull data dynamically based on the context of a prompt. If an agent goes off the rails, your perimeter defence will not stop it, because the agent already holds the keys to your internal systems.
What actually needs to change
Moving from a human-driven security model to one that can support agent-scale consumption is not just a tooling change; it is a shift in how your data and platform teams must coordinate. The problem is that the target has moved while the defences stayed static.
Runtime protection is now a functional requirement
In the past, security was largely about the “gate” – once you were in, you were trusted. Agents require the opposite. You need a layer that monitors what the agent actually does with its access in real-time. If an agent starts querying tables it has no business seeing, or starts exfiltrating data via a newly created API connection, the system must be able to kill that process instantly. Waiting for a post-hoc audit is too late when the agent is acting at machine speed.
Visibility into agentic workflows
Most traditional logging systems see an agent’s request as just another API call. This is useless for security forensics. You need to capture the “reasoning trace” – the steps the agent took to arrive at a specific action. Without this, you cannot distinguish between a legitimate complex query and a prompt injection attack. If you cannot audit the reasoning, you cannot trust the result.
Upstream data governance
If your underlying data quality is poor or your access controls are loose at the database level, an agent will find and exploit those weaknesses far faster than a human ever could. Security for AI starts with the data architecture. The teams pulling ahead are moving their effort toward outcome definition and architectural governance, rather than just building more features.
Q&A: Securing Agentic AI
Does this mean we have to rebuild our entire security stack?
No. Your existing identity providers and network perimeters are still useful foundations. What changes is the layer above them. You need runtime protection that monitors behaviour rather than simply checking credentials. Think of it as moving from a bouncer at the door to a CCTV system inside the building.
How do we get visibility into agent-to-agent communication?
You need explicit agent logging. Currently, most agents generate generic traffic that blends into the background. You need to capture the intent behind the call, which requires monitoring specifically built for agentic workflows. If you cannot see the dialogue between agents, you have a massive blind spot.
Who is responsible for this – security or engineering?
It is a shared burden. Security teams must define the boundaries and compliance requirements, but platform engineers have to build the guardrails into the deployment pipeline itself. Security cannot be a “bolt-on” after the agent is live.
What makes agentic AI more dangerous than traditional applications?
Autonomy and unpredictability. A traditional app follows a hard-coded script. An agent makes decisions dynamically based on the prompts it receives. This means its attack vectors change in real-time based on the data it encounters, making static testing insufficient.
How do we know if our current stack is ready?
Run an agent against it with a real-world task and monitor the results. Where it produces confident but wrong answers, or accesses data that should be restricted, you have found your architectural gaps. A structured readiness audit is the most systematic way to identify these vulnerabilities before they are exploited.
Working Through This With Vertex Agility
The shift from human-optimised security to agent-scale protection is a conversation we are having with technology leaders across various industries. The challenge is often not the AI model itself, but the architecture it sits upon. Poor data quality or loose governance frameworks are often exposed the moment an AI programme begins to scale.
At Vertex Agility, we provide strategic delivery across AI, Cloud, Data, and Platform Engineering. Our Data Consultancy practice works with organisations to build the resilient, scalable architectures that AI systems need to perform reliably and securely. We ensure that your data engineering efforts follow best practices – from validation and standardisation to version control and robust documentation – to prevent costly setbacks.
Our AI Consultancy sits alongside this, helping teams with strategy, custom model development, and the governance frameworks required for responsible adoption at enterprise scale. By combining these disciplines, we ensure that your security and data work remain connected. If you want an independent view of your current exposure, we offer a free AI Readiness Mini Audit on our website. For a deeper discussion on securing your environment, get in touch with us directly below.