Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I signed the Free Fable letter at freefable.org. I want to explain why — and why the reasoning behind it matters for AI code security beyond any single AI model. Cybersecurity defenders are not just critics of technology. We are the builders and operators of the systems that keep real organizations running under pressure.

Agentic AI is evolving from assistants that answer questions into systems that can remember, use tools, call APIs, interact with SaaS applications, and improve over time. Hermes Agent, developed by Nous Research, reflects this shift as a self-improving agent that can create skills, persist knowledge, and build context across sessions., reflects this shift as a self-improving agent that can create skills, persist knowledge, and build context across sessions.

Security teams spend enormous energy responding to threats, but many of the most damaging incidents trace back to a surprisingly simple failure: the organization didn't have an accurate picture of what it owned, what was exposed, and what its tools were actually doing about it. That gap between assumed coverage and actual coverage is where attackers operate, and adding more tools doesn't fix the underlying visibility problem.

Organizations are investing heavily in securing their AI initiatives. New governance frameworks are being established, AI usage policies are being drafted, and security teams are deploying tools that provide visibility into AI agents, models, APIs, MCP servers, and connected applications. Across the industry, visibility has become the first priority in securing agentic AI. This focus is understandable. Most organizations are still trying to answer foundational questions.

The regulatory landscape for agentic AI is moving faster than most compliance programs are tracking. CISOs who wait for final guidance before building their compliance posture will find themselves in catch-up mode at exactly the wrong moment and, in some cases, already behind.

A few weeks ago, the U.S. government issued a directive requiring Anthropic to suspend access to two of its frontier AI models, Fable 5 and Mythos 5, citing concerns about a reported jailbreak technique. Anthropic complied, even while publicly disputing whether the finding warranted such a dramatic response. I'm not here to relitigate that specific decision. But the incident forced a question our industry has been dancing around for too long.

The next government security challenge isn’t AI models, it’s AI agents. Zenity and Carahsoft are helping agencies prepare. Across government agencies, AI agents are already interacting with sensitive data, mission-critical workflows, and public services. Yet most organizations still lack visibility into where these agents are deployed, what they can access, and how they behave once operational. The result is a growing governance gap between AI adoption and AI security.