WHY ENTERPRISE SECURITY MUST EVOLVE FOR AGENTS

An AI escaped its sandbox. Chained together four exploits. Gained access to the internet. And emailed a researcher to let him know. He was eating a sandwich in a park.

Our only rational reaction? Panic, of course. The world is surely about to fall to robots?

Or maybe not.

It's true that the Houdini-like AI - Anthropic's new Mythos model - wasn't trained to do any of this. The capabilities emerged from general improvements in reasoning. Which means every sufficiently capable model that follows will probably develop similar abilities.

And, from the perspective of an enterprise security expert, this is doubly troubling. To date they've been able to assume one thing about their internal users: they're human or deterministic pieces of software. And neither tend to improvise creatively or change roles without notice.

So Mythos, currently deemed too powerful to release publicly, would likely lay waste to systems built on these principles. It found thousands of zero-day vulnerabilities across every major operating system and web browser. It exploited them on the first attempt 83% of the time.

Which means our security infrastructures need to evolve.

Agents break each one of the assumptions behind enterprise security models. They shift roles dynamically. They communicate non-deterministically. They operate at machine speed. And they can autonomously discover capabilities nobody designed them to have.

And these risks, operating from behind your firewall, are multiplied because large organisations are highly unlikely to have just one agent provider. ServiceNow, Salesforce, Microsoft, Anthropic, Google are all shipping agents into enterprise environments. Agents that will have to unite, build shared cognition and work together.

Making the panic reaction entirely understandable.

But solving much of this is within our grasp.

Cisco's AGNTCY project, for instance, proposes a way to solve agent access. Grant them minimum privileges. Elevate ephemerally for a specific action. Then drop back to baseline the moment the task completes.

The access is scoped to the action, not the actor - because the actor's role is temporary by design.

So it's probably not a coincidence that Cisco is also a launch partner for Anthropic's Project Glasswing - the defensive security initiative built around Mythos.

What's today's in-the-end-at-the-end?

Don't panic. But do work on adapting your security model. We need to be able to govern agents that can escape sandboxes. And do far more than just disturb sandwich lunches.