The cybersecurity landscape shifted dramatically at RSA Conference 2026, with leading vendors like CrowdStrike, Cisco, and Palo Alto Networks unveiling agent-driven security tools. Yet, despite these advancements, a fundamental gap remains: no vendor has delivered a solution to reliably distinguish between legitimate agent activity and malicious behavior. This leaves enterprises vulnerable in an environment where adversaries now operate at machine speed.
The Shrinking Detection Window
The speed of modern attacks is accelerating. CrowdStrike CEO George Kurtz reported that the average adversary breakout time has plummeted from 48 minutes in 2024 to just 29 minutes today, with the fastest recorded breaches occurring in under 27 seconds. This means defenders have less than a minute to respond before a threat spreads. Simultaneously, the sheer volume of AI-driven applications running on endpoints has exploded: CrowdStrike now detects over 1,800 unique AI applications, totaling nearly 160 million instances, all generating a flood of data into security systems designed for human workflows.
This isn’t just about speed; it’s about scale. The problem isn’t simply that attacks are faster, but that the complexity of managing AI agents overwhelms existing security operations.
The Agent Adoption Gap
Cisco’s research reveals a significant disconnect between enterprise interest in AI agents and actual deployment. Eighty-five percent of surveyed organizations are piloting AI agents, but only 5% have moved them into production. This hesitation stems from fundamental questions security teams can’t yet answer: Which agents are running, what are their permissions, and who is accountable when they fail?
Etay Maor, VP of Threat Intelligence at Cato Networks, succinctly captured the issue: “We’re running towards complexity in AI, creating the next wave of security problems instead of solving the existing ones.”
The Indistinguishable Agent
One core challenge is that agent-initiated activity often appears identical to human behavior in standard security logs. As CrowdStrike CTO Elia Zaitsev explained, “An agent running a web browser looks no different than a human running the same browser.” Differentiating requires deep endpoint visibility and the ability to trace activity back to its origin – a capability many security teams lack.
This vulnerability is already being exploited. The ClawHavoc supply chain attack, targeting the ClawHub skill registry, demonstrated how compromised AI agents can deliver malware that erases its own traces, remaining dormant until activated. Kurtz warned, “The frontier AI creators will not secure itself. They’re building first, securing later.”
Two Approaches, One Blind Spot
Vendors are responding with two primary strategies:
- Approach A: Agents inside the SIEM. Cisco and Splunk are integrating AI agents directly into their SIEM platforms for automated triage and response.
- Approach B: Pipeline Analytics. CrowdStrike is pushing analytics upstream into the data ingestion pipeline, enriching events before they reach analysts.
However, neither approach addresses the critical missing piece: a baseline of normal agent behavior. Both accelerate triage and detection but fail to define what authorized agent activity looks like in a given environment.
Five Steps for Immediate Action
The urgency is clear. Security leaders must act now to adapt to the agentic threat landscape. Here’s what to do:
- Inventory all agents: Identify every AI application running on your endpoints.
- Verify agent activity differentiation: Confirm your tools can distinguish between agent and human behavior.
- Align architecture with existing SIEM: Choose a solution compatible with your current security stack.
- Build an agent behavioral baseline: Define authorized actions for each agent and detect deviations.
- Pressure-test the supply chain: Scan agents before deployment and monitor for compromise post-installation.
The security landscape has fundamentally changed. The SOC was built to protect humans using machines; now, it must protect machines using machines. The decision window is shrinking. Teams that fail to adapt will be overwhelmed by the speed and complexity of the agentic threat.
