Start your day with intelligence. Get The OODA Daily Pulse.
The threat that I now spend most of my time designing against doesn’t look like a breach at all. At least not at first. Imagine a team deploys an agent that does exactly what it’s permitted to do: it reads a customer record, summarizes it, then sends the summary to an outside address. Every step in the sequence is authorized. But it turns out that the breach is the sequence itself. The problem is that each security check only looks at one step at a time. Is this read okay? Yes. Is this summary okay? Yes. Is this email okay? Yes. Each step passes. But nobody is watching the combination of all three steps together. The security tools designed for human-driven workflows assumed a person would be doing this manually, one thing at a time. However, the AI agent bundles it all into a single automated sequence, and that bundling slips through gaps between the checks.