Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents have changed how teams think about private network access. Your coding agent needs to query a staging database. Your production agent needs to call an internal API. Your personal AI assistant needs to reach a service running on your home network. The clients are no longer just humans or services. They're agents, running autonomously, making requests you didn't explicitly approve, against infrastructure you need to keep secure.

Agents let you build software faster than ever, but securing your environment and the code you write — from both mistakes and malice — takes real effort. Open Web Application Security Project (OWASP) details a number of risks present in agentic AI systems, including the risk of credential leaks, user impersonation, and elevation of privilege.

We have thousands of internal apps at Cloudflare. Some are things we’ve built ourselves, others are self-hosted instances of software built by others. They range from business-critical apps nearly every person uses, to side projects and prototypes. All of these apps are protected by Cloudflare Access. But when we started using and building agents — particularly for uses beyond writing code — we hit a wall. People could access apps behind Access, but their agents couldn’t.

In automotive and manufacturing, digital transformation is no longer a future ambition—it’s operational reality. Connected vehicles, smart factories, and increasingly complex supply chains have introduced a new dependency: trusted device identity and secure key management at scale. And yet, many organisations are still: This gap is no longer just a technical issue—it’s a business risk.

The revolution is here, but it’s not what we expected. AI coding assistants have transformed software development, with developers shipping code faster than ever before. GitHub Copilot, Amazon CodeWhisperer, and Claude Code have become as essential to modern development as Git itself. The productivity gains are undeniable; what once took hours now takes minutes. But there’s a dangerous blind spot in this revolution: security.

For decades, security leaders have optimized defenses in two dimensions. Doors, locks, fences, cameras, access badges, identity systems, and multi-factor authentication have all been designed to control who and what moves through physical and digital perimeters. But as experts discussed during RSAC 2026, something fundamental has changed: the threat landscape has gone airborne.

Anthropic just released Claude Mythos Preview. They did not make it publicly available. That decision alone should tell you everything you need to know about what this model can do. During internal testing, Mythos autonomously discovered and exploited zero-day vulnerabilities across every major operating system and web browser. It found a 27-year-old bug in OpenBSD. A 16-year-old vulnerability in a widely used media codec.

In the fifth installment of SafeBreach’s AI-First series, VP of Development Yossi Attas explores how the development team’s AI-First philosophy is being extended to the customer frontier and improved upon through the Anti-Hallucination Protocol.