Defence in Depth for the Agentic Age

944981pwpadmin

July 4, 2026
Defence in Depth for the Agentic Age

Insight

Defence in Depth for the Agentic Age

Why agentic AI breaks old security assumptions and how practitioners are adapting

Most organisations think they’re securing AI – they’re actually securing fragments of it.

Inventory looks neat. Posture dashboards feel reassuring. Risk registers are filling up.

Then someone asks a simple question:

“What does our AI actually do, end to end?”

That’s where the confidence starts to fade.

A familiar field lesson

This keeps coming up in conversations with security and technology leaders.

An organisation is well into its AI journey. Agents are in play. Workflows are automated. Tools are connected. Value is being delivered.

Security has done what the market told them to do.

They’ve catalogued models. Tagged AI platforms. Mapped vendors. Assessed high-level risk.

On paper, things look under control.

Then a deeper walkthrough happens.

An agent doesn’t just answer questions. It calls tools. Pulls data. Triggers workflows. Hands work off to other agents. Writes results back into systems.

Suddenly the question isn’t “is this model secure?”

It’s “what happens if this chain is abused?”

That’s the moment many organisations realise they’ve crossed into the agentic age, without changing how they think about defence.

Agent-based vs agentic, why this distinction matters

This is where a lot of confusion starts.

Agent-based systems are still largely reactive. They assist. They recommend. They act within narrow, predefined bounds.

Agentic systems are different.

They:

  • Decompose goals
  • Decide next actions
  • Chain tools and agents
  • Operate across systems
  • Adapt based on outcomes

The system doesn’t just respond. It behaves.

That behavioural shift is why traditional controls struggle.

You can inventory an agent. You can’t inventory emergent behaviour.

The myth the market is selling

Right now, the market is heavily focused on:

  • AI inventory
  • AI posture management
  • Model governance
  • Policy enforcement

These are necessary. They are not sufficient.

They tell you what exists. They rarely tell you how it connects, how it behaves, or how it can be abused.

In agentic architectures, risk doesn’t sit in a single component.

It sits in the connections.

Why defence in depth needs to be rethought

Traditional defence in depth assumes relatively static systems.

Agentic systems are anything but static.

They are:

  • Composable
  • Dynamic
  • Context-driven
  • Capable of lateral movement

Security teams aren’t just defending assets anymore.

They’re defending decision-making systems.

That’s a fundamentally different challenge.

A practitioner-aligned framework for the agentic age

One approach that’s resonating with experienced teams aligns well with the MAAIS way of thinking, not as a product, but as a mental model.

1. Discover what actually exists

Start with discovery, but go deeper than inventory.

This isn’t just:

  • Models
  • Platforms
  • Vendors

It’s also:

  • Agents
  • Tools
  • Orchestration layers
  • MCP-style servers
  • Data dependencies

The goal is not completeness. It’s understanding.

2. Map runtime behaviour, not architecture diagrams

Static diagrams lie by omission.

Runtime mapping asks harder questions:

  • Which agent can call which tool?
  • Under which identity?
  • With access to what data?
  • In what sequence?

This is where many “secure AI” narratives start to break down.

3. Control permissions at the action layer

In agentic systems, permissions are not just about access.

They’re about capability.

Ask:

  • What actions can this agent perform?
  • Where can it write data back?
  • Can it trigger downstream automation?
  • Can it influence other agents?

Least privilege still applies. It just needs to be applied at a different level.

4. Red team the system, not just the model

This is where most organisations are underinvested.

Agentic systems need adversary simulation that focuses on:

  • Prompt manipulation
  • Tool misuse
  • Agent chaining abuse
  • Privilege escalation via workflow logic

This is not theoretical risk.

It’s how these systems fail in practice.

5. Govern the system as it evolves

Agentic systems don’t stand still.

Models change. Tools expand. Workflows grow.

Governance in this context means:

  • Continuous review
  • Clear ownership
  • Change awareness
  • Runtime visibility

Not control for control’s sake. Control for predictability.

Common traps teams keep falling into

Even mature organisations repeat the same mistakes:

  • Treating agentic systems as “automation plus AI”
  • Assuming posture scores reflect real risk
  • Over-focusing on models while ignoring execution paths
  • Delegating responsibility entirely to platform teams
  • Waiting for standards to mature before acting

Agentic systems won’t wait.

Quick wins you can act on this week

You don’t need a new tool to start thinking differently.

This week:

  • Ask a team to walk you through a single agent task, end to end
  • Identify which identity each agent operates under
  • Map which tools and APIs an agent can call
  • Review where agents can write or trigger actions
  • Run a tabletop or light red team exercise on one workflow
  • Assign explicit accountability for agentic security decisions

These conversations surface risk faster than most dashboards.

The real shift leaders need to make

Agentic AI didn’t create new security problems.

It exposed how much we relied on assumptions that no longer hold.

Inventory is no longer enough. Static controls are no longer enough. Model-centric thinking is no longer enough.

Defence in depth still matters. It just needs to evolve.

Final Takeaway

Agentic systems change how technology behaves.

Defence in depth is how we ensure that behaviour remains predictable, explainable and safe.

Not by slowing innovation. But by understanding it properly.

Article by Your Name

Pretium lorem primis lectus donec tortor fusce morbi risus curae. Dignissim lacus massa mauris enim mattis magnis senectus montes mollis taciti accumsan semper nullam dapibus netus blandit nibh aliquam metus morbi cras magna vivamus per risus.

Leave a Comment