Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This week’s McKinsey incident should be a wake-up call for every enterprise moving fast to deploy AI. Not because AI itself is inherently insecure. But because too many organizations are still thinking about AI security at the model layer, while the real enterprise risk sits in the action layer: the APIs, MCP servers, internal services, and shadow integrations that AI agents can reach, invoke, and manipulate. That is the part most companies still do not see.

According to the SACR 2025 AI SOC Market Landscape report, 40% of security alerts go uninvestigated. The average alert investigation takes 70 minutes. Meanwhile, attackers achieve breakout in under 48 hours. That math doesn’t work in anyone’s favor — except the adversary’s.

Forget the breach notification email. Forget the security audit trail. A fintech user opened their chatbot last year, saw someone else’s account details staring back at them, and filed a support ticket. That’s how the team found out their LLM had been leaking customer PII for weeks. LLM data security isn’t a checkbox. It’s an architecture decision. Make it before the first model call, not after the first breach. Most teams get one expensive lesson before they understand that.

The EU AI Act places significant emphasis on documentation because regulatory oversight depends on an organization's ability to demonstrate how its AI systems operate and how associated risks are managed. Compliance is not determined solely by how an AI system performs, but by whether the organization can provide evidence that appropriate governance, risk controls, and oversight mechanisms are in place throughout the system lifecycle.

AI agents are rapidly becoming embedded in enterprise workflows, influencing revenue operations, customer engagement, development, and internal decision-making. As these systems gain autonomy and inherit access across SaaS, cloud, and endpoint environments, they introduce a new layer of operational and security risk that traditional controls cannot fully manage.

Over the past year, AI-generated code has moved from novelty to normal. Developers are shipping faster, prototyping faster, refactoring faster… sometimes without fully understanding what they just merged. From the outside, it looks like a productivity renaissance. From the inside, it feels like something else: a new kind of operational risk that doesn’t behave like the old kind.

Last month, the Mexican government was hacked. 150GB of government data was stolen, including 195 million taxpayer records. This attack exploited a couple of dozen vulnerabilities across ten institutions. In the past, this would have likely taken a skilled team months to crack. But of course, we’re living in a new age. This attack was executed by one person and their Claude Code assistant.

Your CNAPP flags a misconfigured service account. Your CSPM warns about an overly permissive IAM role. Your container scanner reports vulnerabilities in a model-serving image. But none of these tools can tell you that an AI agent just called an internal admin API it has never touched before — or that a prompt injection caused your LLM to leak customer data through a RAG connector.

Your SOC gets three alerts in quick succession: an unusual outbound connection from a container, a file read on a Kubernetes service account token, and a process spawn that doesn’t match the workload’s baseline. Three different tools, three separate dashboards, three tickets.