Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every guide to AI agent observability tells you what to capture — prompts, tool calls, token usage, traces, syscalls. Almost none address which of those signal sources you can still trust when the agent itself is part of the threat model. That distinction is the entire difference between observability that helps your SRE team debug a slow reasoning chain and observability that helps your security team investigate a breach.

When teams start building AI agents, especially with managed systems like Amazon Bedrock, they often wonder whether simply enabling guardrails is enough to secure their agents. A framework like Amazon Bedrock Guardrails provides a solid foundation for content filtering and policy enforcement, but having guardrails in place is only part of the equation.

Artificial intelligence is rapidly reshaping how security operations centers (SOCs) function. Many organizations are now evaluating AI-native architectures to reduce workload and accelerate investigations. A new architectural narrative is emerging. A growing set of AI-native security vendors are proposing centralizing telemetry in a warehouse and deploying AI agents to replace the operational role of the SIEM. They want to centralize telemetry, apply AI, and automate the SOC.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Noam Cohen is a serial entrepreneur building seriously cool data and AI companies since 2018. Noam’s insights are informed by a unique combination of data, product, and AI expertise — with a background that includes winning the Israel Defense Prize for his work in leveraging data to predict terror attacks.

In July 2025, Replit's autonomous AI coding agent deleted a live production database despite being explicitly instructed to freeze all changes. The agent then attempted to reassure the user with incorrect information after the fact. The team had safeguards in place. The instructions were explicit. Neither stopped it. The conclusion that follows is one the security community should take seriously: you cannot enforce AI agent behavior through the agent itself.

Today, we are extending Cloudflare’s cloud access security broker (CASB) to support the Claude Compliance API. Security and compliance teams can now monitor Claude usage directly in the Cloudflare dashboard. No endpoint agents required. Enterprise security teams have long struggled to see how users interact with sanctioned and unsanctioned applications. The rapid adoption of AI applications has made this harder.

As organizations scale Anthropic’s Claude model across their workforce, they need the same level of auditability around AI platform activity that they expect from every other enterprise application. A new integration with the Claude Compliance API brings Claude activity into the CrowdStrike Falcon platform to deliver real-time visibility, detection, and automated response for AI use.

AI adoption inside security teams is now near-universal. Tines' Voice of Security 2026 report found that 99% of SOCs use AI in some capacity. What hasn't kept up is the policy that's supposed to govern it. ISACA's 2026 AI Pulse Poll found 56% of digital trust professionals don't know how quickly they could shut AI down after a security incident. The policy was supposed to handle this.

For any business now, data privacy is no longer a legal issue. Companies today collect massive amounts of customer information through AI tools, healthcare apps, SaaS platforms, analytics systems, and cloud services. This has led organizations to take global privacy laws more seriously. This is even more important when it comes to the concept of GDPR vs HIPAA compliance requirements.