Another RSAC in San Francisco wrapped recently, and unsurprisingly, one topic dominated: AI agents.
In hallway conversations, panels and private meetings, AI agents, and the risks they introduce, were front and center. That shouldn’t surprise anyone. Over the past year, agents have become embedded across enterprise workflows, making decisions and acting autonomously across departments, from engineering to sales. The real question now is: how securely are they being deployed?
At RSA, a co-panelist compared poorly governed agents to teenagers testing boundaries. It’s an apt analogy. Unless guardrails are applied and tightly enforced, agents will find ways around them.
I’ve written previously about the risks of emerging AI agents, instances of agents behaving unpredictably, exposing sensitive data or operating outside intended constraints. At RSAC, those theoretical concerns became tangible stories of incidents both big and small.
RSAC recap
The real-world examples were shared in large numbers: agents making unauthorized purchases, generating unexpected cloud costs in AWS and Azure, and operating without user awareness.
But one story stood out. Yaki Faitelson, CEO of Varonis, a leading data governance company, described an incident of an agent attempting to access restricted files for which it did not have credentials. Unable to gain entry, it requested credentials from other agents. Eventually, another agent complied, effectively bypassing access controls.
That should concern every CISO, particularly in highly regulated industries like financial services. Without iron-clad enforced guardrails, agents interacting with one another can erode the security policies organizations depend on.
Key priorities for CISOs
Every executive team today is balancing the same challenge: how to integrate AI into core operations while maintaining control over data and security.
Coming out of RSAC, the priority is clear: get control of your agents. That starts with three areas:
- Lock down the data. Agents should not have unrestricted access to core data systems. Organizations need to double down on data protection, leakage prevention and governance frameworks designed for an AI-driven environment.
- Monitor agent behavior. You need full observability, what agents are doing, what they’re requesting and how they’re interacting with each other. Without this, you’re operating blind.
- Enforce guardrails. Strong, enforceable controls are essential. This is still early-stage technology, and no single vendor has a complete solution. But lack of perfection isn’t an excuse for lack of control.
And just as the industry was digesting these challenges, another development raised the stakes.
Claude Mythos preview
Shortly after RSAC, Anthropic’s Claude Mythos Preview surfaced, alongside its broader Project Glasswing initiative.
According to Anthropic, Claude Mythos Preview can identify and exploit zero-day vulnerabilities across major operating systems and browsers. That’s a step change. We’re talking about AI that can uncover, and potentially weaponize, previously unknown flaws at scale. It has demonstrated a greater than 83% first-attempt exploit rate, far outpacing prior vulnerability scanning tools. And the model has found issues that no human has previously detected – including a 27-year-old vulnerability in OpenBSD, the secure operating system used in firewalls, routers and other core infrastructure products.
To mitigate risk, Anthropic has limited access to a small group of partners, including major technology and financial institutions such as AWS, Apple, Google, JP Morgan and Microsoft. For everyone else, the reality is clear: you’ll need to rely on existing security tools and practices to identify and address vulnerabilities.
That creates immediate pressure for CISOs. If you can’t eliminate vulnerabilities quickly, you need to strengthen your defensive posture across firewalls, endpoints, identity systems and cloud infrastructure.
Looking ahead
Anthropic is moving fast, but they’re not alone. It’s reasonable to assume that other major players are pursuing similar capabilities, with industry estimates that these efforts are only 6-12 months behind Mythos.
That raises an uncomfortable question: what happens when these tools extend beyond controlled environments?
An increase in exploit volume and severity is inevitable. This isn’t a reason for panic, but it is a reason for urgency. The next 2–3 years will test security teams in ways we haven’t seen before.
To Anthropic’s credit, limiting access to Mythos, at least initially, gives the industry time to prepare. It allows security vendors, startups and enterprises to strengthen defenses before these capabilities become more widely available.
That’s a net positive.
At the same time, it will accelerate innovation. We’re likely to see a new wave of startups and solutions emerge in response, focused AI-native remediation and defense, in additional to agent governance, observability and control.
AI agents are here. The question isn’t whether to adopt them, it’s whether you can manage them.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Read More from This Article: Reflections on RSAC and the Mythos of agents
Source: News