Cybersecurity in the Age of Agents: When Software Can Act
In the age of agents, security stops being about what software knows and becomes about what it can do. These tool-using systems don’t just answer questions—they browse internal docs, call APIs, open PRs, trigger CI, message people in Slack, and basically operate like a junior engineer with superpowers… as long as you’ve handed them OAuth scopes and tokens. That collapses the gap between “thinking” and “acting,” which means everyday inputs like emails, tickets, and random webpages can quietly become control channels (hello prompt injection / indirect prompt injection). So the new attack surface isn’t just models—it’s permissions, connectors, skills/plugins, secrets in configs/logs, and workflow-based lateral movement. If we want to use agents safely, we can’t rely on “be careful” or “better prompts.” We need agent-specific controls: least-privilege tool access, short-lived creds, policy gates before/after tool calls, sandboxing + egress controls, DLP, and strong provenance/audit trails so every action is attributable and reviewable.