3 min read

AI agents upended security’s old playbook

Token Security argues fixed security workflows no longer fit AI agents, and says identity should be the foundation for managing access.

Image: BleepingComputer

For years, enterprise security operated on a basic assumption: the environment was knowable. Teams could inventory users, map systems, define policies, and rely on vendor dashboards and workflows because infrastructure changed at a human pace. According to Token Security, AI agents have broken that model.

In this sponsored post published by BleepingComputer, Token argues that agents are fundamentally different from traditional apps. They can act autonomously, call tools, gain access across systems, and shift behavior based on context. Some are approved and run in SaaS platforms, while others are unsanctioned and run locally. They may even borrow human credentials and disappear before the next inventory scan.

That makes static security workflows less useful. Token says the most important questions are now highly specific to each organization, such as which newly created agents can reach production through inherited credentials, which local coding agents still hold active tokens after a project ends, and how an attacker could move between systems using AI agents. Those are not problems a generic vendor workflow can fully anticipate.

The company points to its own research showing a wide range of enterprise deployments, from human-triggered chatbots to autonomous production services. It says more than a fifth of local agents already have direct access to production data sources.

Why Token says build-vs-buy has changed

Token argues that the old build vs. buy debate is too narrow. Security teams do not need to rebuild the entire stack, but they also cannot depend on fixed workflows created months earlier by vendors.

Recommended reading

One in six PCs still run Windows 10

The post cites Retool’s 2026 Build vs. Buy report, which found that 35% of teams had already replaced at least one SaaS tool with something built internally, and 78% expected to build more this year. But Token says security teams face a harder challenge than most departments because everything depends on live data across identity, permissions, ownership, and activity systems.

Rebuilding integrations across AWS, Azure, GitHub, Salesforce, Okta, secret managers, CI/CD pipelines, SaaS platforms, agent frameworks, and on-prem systems is the real cost, the company says, especially when upstream APIs change.

Why identity is the foundation

Token’s central claim is that identity should be the control plane for agentic AI. Every meaningful agent eventually needs access: it authenticates, uses credentials, invokes tools, and reaches data. In many cases, it does not even have its own identity, instead borrowing one from an employee, which can make agents hard to distinguish from people in audit logs.

That is why, Token argues, identity is the layer security teams should buy as a foundation, while building their own operational layer on top of it. The foundation should cover:

  • continuous discovery
  • integrations
  • normalization
  • identity correlation
  • access mapping
  • governance controls
  • auditability
  • secure execution boundaries

Teams should then build the workflows, reports, reviews, automations, and remediation paths that reflect their own environment.

“The winning model is not 'buy everything' or 'build everything.' It is 'buy the foundation, build the operating layer.'”

Token Security

The piece is explicitly labeled sponsored and written by Token Security, but it captures a real shift security teams are grappling with as AI agents spread across enterprise systems: in a faster-moving environment, access and identity may be the only stable layer left to control.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via BleepingComputer

// Keep reading