1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Your security team doesnt know about half its users

    From TechnologyDaily@1337:1/100 to All on Fri May 29 11:00:26 2026
    Your security team doesnt know about half its users

    Date:
    Fri, 29 May 2026 09:52:24 +0000

    Description:
    Your security model was built for humans not agents.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Security teams built their entire model around human users, people who pause before clicking, who notice when something looks off, who can be trained to spot suspicious downloads. That model worked because humans, however imperfect, bring judgment to every interaction. Bill Robbins Social Links Navigation

    CEO of Menlo Security. That assumption is breaking. The newest enterprise
    user doesn't have judgment at all. Gartner estimates that in 2026 that 40%
    of enterprise applications will include integrated, task-specific AI agents, up from less than 5% last year. Now, the next billion users will be agents accessing applications, navigating cloud services, and interacting with data through browser sessions at a faster speed than ever. Latest Videos From You may like The mobile app traffic your security team can't see and AI agents are generating it AI agents are the new unmanaged endpoints AI security is broken at runtime: Most enterprises dont realize it yet

    The security infrastructure governing non-human users hasnt kept pace, and
    the controls built for human restraint and predictable behavior are failing
    to hold up as autonomous agents execute tasks in milliseconds. The visibility gap you didnt plan for Agents are operating at a scale that no human can match, creating a huge visibility gap. Traditional security assumes that human users act intentionally and follow recognizable patterns.

    Authentication systems prove users are who they claim to be. Behavioral analytics flag unusual patterns. Data loss prevention systems assume someone will notice when sensitive information appears in the wrong place.

    AI agents break every one of those assumptions. They dont hesitate before opening a file or notice when a prompt looks suspicious. They execute
    blindly, trusting the contents of digital inputs as instructions and lacking the intuition to know otherwise. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Many of these agents operate through headless browsers or interact directly with web protocols, working outside the visible sessions that traditional security tools are designed to monitor.

    Most organizations still treat agents as extensions of human users. Only 22% of security teams manage them as independent identities with distinct risk profiles.

    If youre applying the same permissions and policies to agents that you use
    for human users, youre creating exposure at a scale that compounds with every new agent deployment. Your security team won't see the breach until it's system wide. What to read next Why self-running agents are creating the biggest security crisis of 2026 How AI agents are wrecking havoc in legacy security setups and enterprises are catching up Shadow AI and agents like OpenClaw are hijacking corporate data too easily When risk moves faster than your controls There's a stark difference between an agent that suggests and one that acts. When agents move from assistance to execution, the nature of enterprise risk changes fundamentally. Actions that once required human
    review and took place in minutes can now happen autonomously in seconds.

    A compromised agent can move laterally across systems at machine speed exfiltrating data , escalating privileges, or iinitiating unauthorized wire transfers with no human oversight.

    The triggers don't even have to be dramatic.

    A manipulated prompt could lead an agent to initiate unauthorized payments or extract sensitive data.

    Over-privileged API access gives a compromised agent the keys to systems it was never meant to touch.

    Malformed input could trigger unintended workflows across connected systems.

    If security controls arent embedded at the point where actions occur, oversight becomes purely reactive. In an environment defined by machine-speed execution, reactive isnt sufficient because containment is starting after the damage is done. Why the browser is now the control point Heres the shift that changes everything for security leaders: Over 85% of enterprise workflows now occur in the browser, according to IDC research.

    That makes the browser both the primary attack surface and the most important enforcement point for security policy. As agents operate through web applications and process digital content, the browser becomes where their decisions happen.

    Risk shifts from traditional endpoints into live web sessions where access, data handling, and execution converge. Attackers are taking advantage of this shift, embedding malicious instructions in documents and website content to target the exact layer where agents process inputs.

    Subtle manipulations hidden in files or webpages can redirect agent behavior without raising flags for human reviewers.

    Traditional controls assume static inspection points periodic checks, endpoint scans, network-layer filters. Agentic workflows don't pause for inspection. They execute continuously, inside live sessions, at a speed that static controls weren't built to match. Attackers already understand this.

    Malicious instructions embedded in documents or web content can redirect
    agent behavior without triggering a single alert for human reviewers.

    That's why the browser has to become the control plane not a checkpoint before the session, but the enforcement layer inside it.

    When both human users and agents operate through browser-based workflows, the only way to maintain consistent visibility and policy enforcement is to
    govern all activity at the session level, in real time, regardless of whether the actor is human or autonomous.

    The era of managing human and agent sessions as separate systems with
    separate controls is over. What security leaders should reassess now The
    path forward starts with an honest assessment of where your current model breaks down.

    Most security teams have granted agents the same access, permissions, and monitoring treatment as human users because that was the fastest path to deployment. That shortcut is now a liability.

    Agents need distinct identity management: separate authentication, authorization, and behavioral monitoring built around how agents actually operate, not how humans do.

    Right now, most teams are trying to govern agent activity by stitching together tools that were built to protect humans, and none of them can see inside a browser session where agents are actually executing. The result is a visibility gap that compounds with every new agent deployment.

    Closing it requires session-level visibility across encrypted traffic, user interactions, and file activity that network and endpoint tools were never designed to capture.

    Security and productivity dont have a trade off against each other, and with agents they cant afford to. When security is embedded directly into the browser session, web content is isolated and inspected before it reaches
    users or agents. Protection stays invisible to your workforce.

    Agents operate within governed boundaries without performance drag. The security model stops being the thing that slows the enterprise down and
    starts being what makes it safe to move faster. Building trust with
    autonomous users Agents are becoming central to how work gets done, operating with speed and autonomy that legacy security models weren't built to manage. The enterprises that succeed will move security controls directly into the execution layer the browser to gain visibility into live activity and contain risk before it spreads.

    The security model that protected your organization last year was built for humans. The agents now operating inside your systems didn't exist when you built it. The window to close that gap is narrowing.

    The question facing every security leader is no longer whether agents will reshape your enterprise, because they already have. The question now is whether your security model has reshaped with them. We've featured the best endpoint protection software. This article was produced as part of TechRadar Pro Perspectives , our channel to feature the best and brightest minds in the technology industry today.

    The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit



    ======================================================================
    Link to news story: https://www.techradar.com/pro/your-security-team-doesnt-know-about-half-its-us ers


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)