Organizations are investing heavily in securing their AI initiatives. New governance frameworks are being established, AI usage policies are being drafted, and security teams are deploying tools that provide visibility into AI agents, models, APIs, MCP servers, and connected applications. Across the industry, visibility has become the first priority in securing agentic AI. This focus is understandable. Most organizations are still trying to answer foundational questions.

The next government security challenge isn’t AI models, it’s AI agents. Zenity and Carahsoft are helping agencies prepare. Across government agencies, AI agents are already interacting with sensitive data, mission-critical workflows, and public services. Yet most organizations still lack visibility into where these agents are deployed, what they can access, and how they behave once operational. The result is a growing governance gap between AI adoption and AI security.

Enterprise AI agent adoption has created a massive blind spot: 83% of organizations have no visibility into what their AI agents are doing, while 86% lack visibility into their AI data flows. With 1 in 3 enterprise employees now using an AI assistant daily — mostly without security governance — this visibility gap has become a critical enterprise risk. The security industry's response splits into two distinct layers.

A few weeks ago, the U.S. government issued a directive requiring Anthropic to suspend access to two of its frontier AI models, Fable 5 and Mythos 5, citing concerns about a reported jailbreak technique. Anthropic complied, even while publicly disputing whether the finding warranted such a dramatic response. I'm not here to relitigate that specific decision. But the incident forced a question our industry has been dancing around for too long.

AI agents don't behave like the playbooks security and IT teams have spent years building. They form intent, select tools at runtime, and chain actions across systems in sequences nobody pre-authored. This means dropping an LLM into an existing automation sequence and expecting it to act like a smarter playbook is the fastest route to ungoverned, unpredictable outcomes.

As we speak, bad actors are using AI agents to do their dirty work. Our own research tells us 85.8% of phishing attacks were AI-driven in the past 12 months. Agentic power is helping social engineering and malware get smarter, faster and harder to detect. But enough of what you probably already know. Let’s talk about how we can address these risks. Our CISO Advisor Dr. Martin Kraemer wrote recently about AI agents being used for good.

In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries.