For nearly two decades, enterprise security has operated on the assumption that environments are clear and manageable. Security teams could easily purchase tools, track users, map systems, define policies, and utilize vendor dashboards to manage operations smoothly.
This model, while not perfect, thrived as environmental changes occurred at a human pace.
However, AI agents have disrupted that assumption and transformed strategic approaches to security.
Agents are not standard applications; they function autonomously, invoking tools, accessing system-wide resources, and modifying their behavior based on contextual factors. Some operate on licensed SaaS platforms, while others bypass authorization by leveraging human access, potentially vanishing before the next inventory scan.
The reach of these agents varies dramatically. Research from Token Security identifies that enterprise deployments range from human-triggered chatbots to autonomous production services, revealing that over 20% of local agents already access production data directly.
The “build vs. buy” dynamic in cybersecurity has fundamentally shifted. Previously, it focused on a simplistic question: “Should I purchase this tool, or build it myself?” In today’s agent-driven landscape, that framework is insufficient.
Security teams don’t need to overhauls their entire tech stack, yet they cannot depend on outdated workflows established months ago.
A more relevant question is: Which layers should the security team actively manage?
Challenges of Static Security Workflows
The emergence of AI agents has made environments increasingly dynamic and unpredictable. While vendors can develop dashboards targeting common risks—such as overprivileged service accounts, outdated credentials, and inactive admin users—the most critical questions often relate to specific environmental contexts.
- Which agents were introduced in the past two weeks with access to production via inherited human credentials?
- Which local coding agents maintain active tokens post-project?
- What are the potential attack vectors facilitated by AI agents between various systems?
Such questions often escape the scope of standard workflows, which rely heavily on factors like cloud presence, SaaS applications, development methodologies, ownership models, compliance requirements, and AI adoption strategies. Vendor roadmaps fail to accommodate every unique combination.
This represents the operationalization gap: while security teams can often identify risks, translating that into specific remediation paths becomes challenging—especially as AI agents develop quicker than traditional tool cycles, further widening this gap.
Waiting for vendor capabilities while agents continuously amass access is not a viable security strategy. It’s merely a backlog.
The unregulated growth of shadow AI and agents is surpassing security teams’ response capabilities.
Token Security identifies all agents, maps risky access points, and automatically enforces intent-based policies, allowing organizations to scale AI safely without compromising control or hindering innovation.
The Limitations of “Just Building”
AI-assisted development has fundamentally altered what can be created. According to a report by Retool’s 2026 Build vs. Buy Report, 35% of enterprises have already replaced certain SaaS tools with internally developed alternatives, with 78% intending to build more SaaS solutions this year.
This trend carries significant security implications, as AI has accelerated the development of custom tools, reducing the time required to prototype from weeks to mere hours.
However, cybersecurity faces unique challenges—particularly in the data layer. Effective security workflows hinge on identity, access, permissions, ownership, and activity data. Building a custom application is manageable, but securely connecting to live enterprise systems poses a more complex hurdle.
Security teams shouldn’t need to rebuild integrations across various platforms like AWS, Azure, GitHub, Salesforce, Okta, CI/CD pipelines, SaaS platforms, agent frameworks, and on-premises solutions.
Organizations don’t have to normalize every schema by themselves or manage fragile scripts that break with upstream API changes.
This represents the hidden cost of “just building it.” The labor-intensive aspect isn’t writing code but ensuring that it connects adequate live, normalized, secure, and comprehensive data to underpin real-world decision-making.
Invest in Foundations, Own Operational Layers
The future of cybersecurity isn’t a binary choice between building and buying. It’s about establishing the correct foundation.
Security teams must concentrate on layers that are architecturally complex and widely integrated across the organization: continuous discovery, integration, normalization, identity correlation, access mapping, governance, auditability, and secure execution boundaries.
These competencies demand depth, scale, and ongoing maintenance and are not typically where security teams should expend their valuable engineering resources.
Conversely, teams need to manage operational layers such as workflows, applications, reporting, reviews, and automation reflecting their organization’s unique environment.
This is where differentiation occurs. Here, security teams establish how their organization operates: identifying agent ownership, determining critical systems, outlining permissible access, defining allowable exceptions, prioritizing risks, and setting remediation priorities.
An effective model leverages both “buying the infrastructure and building the operational layer.”
Identity: The Core Layer
The cornerstone for AI agents must be identity. Agents inherently require access to operate: authenticate, utilize credentials, invoke tools, and retrieve data.
Often, agents lack their own identity, choosing instead to borrow from employee accounts. The agents in your organization may not always allow you to identify who is impersonating whom in audit logs.
Consequently, identity forms the sole control plane for effective agent AI management. It offers the clarity needed for discovery, ownership, access, and lifecycle management across all agents simultaneously.
Security measures, such as guardrails, prompt filtering, and behavior controls, function based on what agents disclose. Identity shapes agents’ operational range, determining the extent of their impact.
A robust identity foundation equips security teams with the context required to formulate and answer critical questions:
- Who is the owner of this agent?
- What functions does it perform?
- Which identity will be utilized?
- What systems are accessible?
- Is the access congruent with its intended operations?
- What are the consequences if it becomes abandoned, compromised, or altered?
Without such a foundation, custom workflows risk becoming ineffective, relying on outdated exports, incomplete inventories, and one-off scripts.
This enables security teams to develop operational logic that maintains real-world connectivity, adjusting as agents emerge, evolve, and vanish.
Effective Security Teams
Static security playbooks designed for known environments are increasingly irrelevant, especially with the advent of AI agents. Future playbooks must prioritize adaptability.
Assumptions must be made that environments will continually evolve and that no vendor can pre-emptively construct all necessary workflows. Security teams must possess flexibility to establish controls, reports, reviews, and remediation strategies tailored to their specific circumstances.
However, it’s equally important to recognize that teams shouldn’t independently reconstruct their foundational requirements. Leading teams don’t merely accumulate extensive tool lists or maintain versatile dashboards; they understand which layers warrant their management.
For AI agents, the directive is clear: cultivate a robust operational layer built atop a live identity foundation to swiftly adapt. In this new age of agents, security teams can respond efficiently while maintaining control.
If you want to safeguard your AI agents, schedule a quick technical demo with Token Security to learn how to protect your organization as you scale.
Sponsored by Token Security.
Source: www.bleepingcomputer.com


