For most of the last two decades, enterprise security ran on a workable assumption: the environment was knowable. Security teams could buy tools, inventory users, map systems, define policies, and rely on vendor-built dashboards and workflows to manage most of what happened next.
The model was imperfect, but it worked because the environment changed at human speed.
AI agents broke that assumption, and with it, the playbook.
Agents are not ordinary applications. They act autonomously, invoke tools, acquire access across systems, and change behavior based on context. Some are sanctioned and run in SaaS platforms. Others are unsanctioned and run locally. They can borrow human access and disappear before the next inventory scan.
They also vary enormously in what they can reach; Token Security research on how enterprises are actually deploying agents found everything from human-triggered chatbots to autonomous production services, with more than a fifth of local agents already holding direct access to production data sources.






