The agentic wave: Why advanced AI demands foundational security

The use of agentic and predictive AI in enterprise applications is arguably the fastest evolving frontier our industry has ever encountered. We are currently navigating a “mega-wave” of innovation and a period of rapid expansion where the capabilities of autonomous agents are outstripping our initial frameworks for managing them. While the technology feels revolutionary, the pattern of its arrival is remarkably familiar.

History rhymes: From microservices to agents

As an industry, we have stood on this shoreline before. We saw this with the rise of microservices and the containerisation movement, the birth of code pipelines, and the cultural shift of DevSecOps…and this is just one example.

In the early days of those transitions, there was a palpable sense of anxiety regarding the lack of “battle-hardened” best practices. Critics argued the tech was too raw for the enterprise. But the reality is simple: there are no battle-hardened best practices until there have been battles of significance. Best practices are forged in the heat of implementation, not in the vacuum of theory. 

We are repeating this cycle with agentic AI. We are moving at breakneck speed to create governance and security strategies in real-time. This isn’t a sign of chaos; it is the natural state of innovation. Crucially, it is worth recognising that doing nothing is not a viable alternative. Innovation will not pause to wait for the creation of a governance framework; it will not wait for us to provide the ultimate security framework; it will continue to move forward with or without our participation.

The blueprint for “careful adoption”

Recently, the Australian Cyber Security Centre (ACSC), along with its Five Eyes partners, published a document on the careful adoption of agentic AI services. It is a timely reminder that while we must move fast, we must also move with intent. 

The guidelines reinforce a core truth: AI security is not a standalone silo. It is a subset of your existing cybersecurity strategy. To be successful, these services must be integrated into what the ACSC refers to as a Modern Defensible Architecture. This framework moves us away from reactive security and toward systems that are “secure by design”, where the architecture itself is built to withstand and recover from the inevitable compromise.

The ACSC document highlights that we should not fear the agent, but we must respect its potential for autonomy by anchoring it within these resilient architectural pillars:

• The Principle of Least Privilege & Segmentation: Just as we did with microservices, agents must be granted only the minimum access required to perform their tasks. In a defensible architecture, this means treating every AI agent as a distinct identity, segmented from the core network to ensure that if an agent is “jailbroken” or compromised, the blast radius is strictly contained.
• Visibility and Logging: A key tenet of a defensible system is knowing what is happening in real-time. We must have full visibility into the “chain of thought” and the actions taken by an agent, ensuring that every autonomous decision leaves a verifiable audit trail.
• Human-in-the-Loop (HITL) as a Circuit Breaker: Autonomy does not mean an absence of oversight. High-stakes decisions, especially those affecting system integrity or sensitive data, require a human “green light.” This acts as the ultimate fail-safe in a resilient system, ensuring that logic remains grounded in human intent.
• Phased Implementation & Continuous Validation: Start with low-risk internal tasks to “earn” the right to move toward customer-facing or sensitive operations. This iterative approach allows us to test the “defensibility” of our AI integrations in controlled environments before they are exposed to the complexities of the open web.

By aligning agentic AI adoption with these principles in a Modern Defensible Architecture, we aren’t just protecting a single application; we are building a resilient ecosystem that can adapt to new threats as quickly as the AI itself evolves.

The best practice of today is the legacy of tomorrow

In an era of significant speed, we must accept a difficult reality: the best practice today may not be the best practice tomorrow. The models are changing weekly, and the threat vectors are evolving alongside them. To thrive in this environment, we don’t need rigid, static rules. We need flexibility and leadership. 

One of the most enduring lessons from all of the innovation waves that our industry has endured is that security cannot exist in a vacuum. IT and Security leaders must partner with their business counterparts. And it is not enough to just be “seen” as enabling innovation; there must be leadership and objective outcomes. They must be seen to deliver competitive advantages and efficiencies.

Our goal should be to build resilient systems that can withstand the “hallucinations” of a model or the sophisticated prompt injections of an adversary. We must bring our users along for the ride, educating them on the “why” behind the guardrails so that security becomes an enabler of innovation, rather than a hurdle.

Moving forward with deliberate innovation

The message for enterprise leaders is clear: Innovate…but do so carefully and deliberately.

We need robust governance that doesn’t just say “no,” but instead asks “how can we do this safely?” We need to build systems that are modular enough to swap out models as they improve and resilient enough to fail gracefully when they don’t.

We’ve navigated these waves before, from the mainframe to the cloud, and from monolithic code to microservices. The Agentic Wave is our next chapter. By applying the discipline of the past to the technology of the future, we can ensure that this wave carries us forward rather than pulling us under.

To learn more, visit us here.