Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.

With over 10 years of experience in implementing AI, KnowBe4 has a ton of agents on its platform which customers can use to significantly lower risk. They help to secure the digital workforce (humans + AI agents). But five of them, all based and driven by risk scoring metrics, have become my favorites.

A few weeks ago I was on a call with a financial services customer who had moved a credit-decisioning model into production on Red Hat OpenShift AI. They were happy with the platform. They were less happy with the answer they had for a question their risk officer had just asked: “If an attacker encrypts the cluster tomorrow, what do we need to bring back to be inference-ready by Monday morning?” The team started listing the obvious things — the model artifact, the serving endpoint.

This week, Connie Loizos, editor in chief of TechCrunch, sat down backstage with Francis de Souza, COO of Google Cloud, for a piece on the state of enterprise AI security. The interview is worth reading in full. Three points in it should reshape how every CISO is thinking about the next twelve months.

Cybersecurity operations were already becoming increasingly difficult to scale long before AI-driven and increasingly agentic attacks began accelerating the threat landscape. Customer environments continued expanding across endpoints, identities, cloud services, SaaS applications, remote users, and operational infrastructure. More environments created more telemetry, more coordination, and more operational complexity for teams already operating near capacity.

The NetSuite AI Connector Service enables external AI agents to authenticate directly into NetSuite using real user identities and MCP-based tool execution. While Oracle limits elevated actions at the platform level, AI agents still inherit the full permission scope of the connected role. That shifts longstanding governance weaknesses, including over-permissioned roles, SoD conflicts, and undocumented customizations, into active operational risk.

As large language models (LLMs) become more embedded in business operations, the risks and attack methods targeting them are evolving just as quickly. The 2025 edition of the OWASP Top 10 for LLM Applications reflects this rapid evolution, addressing the current threats facing generative AI systems in production environments. For organizations investing in LLMs, understanding the risks is crucial for deploying these systems securely.

Two protocols are shaping the AI revolution: A2A for agent-to-agent delegation, and MCP for agent access to tools and external systems. A2A expands who can participate in a workflow by enabling agent-to-agent delegation. MCP expands what agents can reach by connecting them to data and systems. By the end of 2026, task-specific AI agents are expected to appear in 40% of enterprise applications, up from less than 5% in 2025. That shift changes where security has to live.

The cybersecurity industry is sleepwalking. We are still captivated by the romanticized image of the hacker: a human in a hoodie manually typing code to breach a network. Wake up to the reality of 2026. The modern adversary is no longer human. It is algorithmic.