Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CEO Maxime Lamothe-Brassard made an observation after the RSA conference that security vendors don't typically say out loud: "The frontier models are just better than anything people roll their own. There's no secret sauce these vendors are offering that is better than the latest frontier model release." That's a pointed claim that carries a significant implication buyers may not have fully considered.

Champion / Spokesperson(s): Brendan Putek, Director of DevOps, and Esaie Batoula, Security Engineer. Relay Network is the innovator behind a secure B2C communications platform that combines SMS with dynamic feed technology to help regulated enterprises deliver personalized, action-oriented mobile experiences for every customer. In an industry where trust, compliance, and data protection are paramount, security has always been central to how the company builds software.

Companies and employees are racing to capture the value and efficiencies offered by AI, but security is often an afterthought. Employees are using unauthorized GenAI tools to summarize documents, draft emails, and analyze potentially sensitive or proprietary data. Developers are adding AI capabilities before security teams can review them. SaaS platforms are adding AI features that may process sensitive business data by default.

AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.

AI usage control is the security and governance framework that enterprises use to monitor, regulate, and secure how employees interact with artificial intelligence tools. As Generative AI becomes deeply embedded in everyday workflows, organizations face a high-stakes balancing act: capturing massive productivity gains while preventing catastrophic data leaks, compliance violations, and intellectual property exposure.

If AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure. In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.

Cosine similarity is pure math. No magic. No understanding. Once you accept that, a lot of the confusion goes away. We talk to a lot of customers, and even seasoned engineers, who treat cosine similarity like magic that solves everything. Engineers talk about embeddings like they are definitive. Product teams trust similarity scores like they are facts. Vendors sell “semantic understanding” like the model actually understands. Truth is, it does not.

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.