The AI Security Problem Nobody Wants to Talk About
The biggest security risk in your company right now might be your own AI
For decades, enterprise security worked like an airport. You secured the perimeter, checked the bags and scanned the passengers at the gates. Inside the perimeter, you monitored the authorities, the people with access: system administrators, developers, devops teams.
The whole model assumed a simple question: who is coming in, and what are they carrying?
That model worked because the threats were mostly external. Someone trying to break through the wall, malware hiding in a software package, a compromised credential being used to sneak past the gate.
You built higher walls, better scanners, smarter detection systems and for a long time that was enough. But something fundamental changed in the last two years, and most companies are not ready for it.
The change is AI agents.
Not the kind that retrieve information or answer questions, but the kind that make decisions. They access databases, call APIs, trigger workflows, move money. They operate inside your infrastructure with real authority, and they are spreading fast.
McKinsey reported that 78% of organizations now use AI in at least one business function (up from 55% in 2023). More than half of enterprises have actively deployed AI agents, and 39% of those are running more than ten agents in production.
Gartner projects that by 2028, a third of all enterprise software will incorporate agentic AI, which is more than thirty-fold increase from less than 1% in 2024.
I ran technology for one of the largest digital banks in Europe for six years. We scaled from zero to 45 million monthly active users. At that scale, security is not abstract; it is operational.
Every new capability you give your systems, every integration you open or API you expose creates something that somebody will try to exploit. We understood that because we were dealing with human actors, humans you can identify, authenticate, monitor, and hold accountable. But AI agents are different.
They are self-programmable, can be prompted, manipulated, redirected. In airport metaphor, imagine that one of the authorities inside the perimeter can be convinced to become a criminal, or simply acquires permissions it was never supposed to have.
That is how AI agents work inside enterprise systems today, and the security stack we built over the past 20 years was not designed for autonomous actors operating inside your own walls.
The Threat Sitting Inside Your Firewall
Headlines are now full of stories about hackers using AI, and that threat is real. Over 80% of cyberattacks now utilize AI. AI-generated phishing has driven a 703% surge in credential phishing attacks.
Deepfake incidents rose over 60% last year, with three-quarters of those fakes designed to impersonate CEOs and C-suite executives. The global average cost of a data breach hit $4.88 million, a record. All of that is serious, but it is also the obvious part.
The less obvious threat is one sitting inside your firewall, which is your own AI agents. You gave them the keys, you gave them access to customer data, financial systems, internal tools.
The question most companies cannot answer right now is simple: do you actually know what your agents are doing? Can you monitor their behavior in real time, can you catch when an agent starts drifting from its intended purpose, or when someone figures out how to make it do something it was never supposed to do?
OWASP identified prompt injection as a top security risk for large language models. This is exactly what it sounds like: someone crafts an input that causes your AI to ignore its instructions and follow new ones.
It does not require breaking into your network because the agent is already inside, the attack surface is the agent itself. And it gets worse at scale. Most enterprises are not running one agent, they are running dozens.
Less than 10% of organizations have successfully scaled AI agents in even a single business function, which means the majority of these deployments are in a messy, semi-operational state. Partially integrated, partially monitored, partially understood.
60% of IT professionals believe their organizations are not prepared to counter AI-generated threats. Only 18% of security teams have fully adopted AI-powered cybersecurity tools. These are not small numbers, they describe a systemic gap between deployment speed and security readiness
Why This Isn’t Getting Fixed
The core problem is incentives. Every company is racing to deploy AI, speed is rewarded. The board wants to hear about AI strategy, the market rewards companies that ship AI-powered features. Nobody gets promoted for slowing things down to think about security architecture.
I see this from the investor side. We look at hundreds of companies building AI applications, the energy is extraordinary. But the pattern is familiar: deploy first, secure later.
We saw this with cloud computing a decade ago, we saw it with mobile. The difference is that AI agents have more autonomy, more access, and more ability to cause damage than any previous technology deployed inside the enterprise.
The data confirms the mismatch. Between January 2024 and December 2025, startups in AI security raised a total of $8.5 billion. That sounds like a lot until you look closer: only $414 million of that, less than 5%, went to companies building solutions specifically to secure AI models, LLMs, and agentic systems.
The rest went to traditional cybersecurity tools that happen to use AI for defense, things like network security, threat detection, SOC automation. Important work, but not the work of securing the AI systems themselves.
Meanwhile, 93% of organizations say they understand AI risks. That sounds reassuring until you learn that fewer than half have an AI governance framework in place, only 43% have an AI-specific incident response plan.
75% of technology leaders cite governance as primary concern when deploying agentic AI, yet a third of organizations admit they lack a clear strategy for implementing it securely.
This is one of the reasons we spend so much time studying AI security operations at R136. Not because it is trendy, but because the gap between how fast agents are being deployed and how slowly security is catching up is one of the biggest mismatches I have seen in twenty years of technology investing.
What the Winners Are Building
The companies that will define this space share a few characteristics I keep seeing. First, they are building prevention-first architecture, not just better detection.
The traditional model waits for something bad to happen and then responds, but with AI agents operating autonomously at speed, by the time you detect a problem the damage may already be done. You need systems that constrain agent behavior before it goes wrong.
Second, deep observability. Not just logging what an agent did after the fact, but understanding what it is doing in real time: what permissions is it using, what data is it accessing, is its behavior consistent with its intended function? This is closer to how you would monitor a new employee with broad access than how you would monitor a piece of software.
Third, governance that treats AI agents more like employees than tools. This sounds strange, but think about it: when you hire someone and give them access to sensitive systems, you have an onboarding process, you have access controls, you have periodic reviews, you have the ability to revoke access.
Most companies have nothing equivalent for their AI agents, they deploy them with broad permissions and hope for the best.
The market is beginning to price this as a massive opportunity. The AI cybersecurity market is projected to grow from roughly $25 billion in 2024 to somewhere between $65 billion and $94 billion by 2030. The AI governance market alone is expected to reach nearly $6 billion by 2029, growing at 45% annually.
Venture funding is flowing in, companies like Noma Security ($100M), Lakera, and Prompt Security are raising meaningful rounds to build specifically for this problem. I think the market might be underestimating the size of this.
The projections assume a relatively orderly adoption curve, they do not fully account for what happens when something goes seriously wrong at a major company because of an unsecured AI agent. That event will reprice the entire market overnight.
The Risk Nobody Wants to Discuss
I have been investing in technology for twenty years, and before that I spent over decade building it at large institutions. If there is one pattern I have learned to recognize, it is this: the biggest risks are the ones nobody wants to discuss.
Not because they are invisible, but because discussing them requires admitting something uncomfortable, and admitting it might slow things down.
AI security is exactly that kind of risk. Talking about it means acknowledging that the AI systems companies are rushing to deploy might themselves be the vulnerability.
That is not comfortable conversation for a CEO who just told the board that AI is the company’s strategic priority, it is not a comfortable conversation for a CTO who has spent the last year building an AI platform. And it is definitely not a comfortable conversation for investors who are betting on the AI application wave.
But comfortable conversations are not where the important insights live. The companies that take AI security seriously now, that build governance and observability and prevention into their agent architectures from the start, will still be standing when something goes wrong. And something will go wrong. The only question is whether you are ready for it.