Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.

AI usage control is the security and governance framework that enterprises use to monitor, regulate, and secure how employees interact with artificial intelligence tools. As Generative AI becomes deeply embedded in everyday workflows, organizations face a high-stakes balancing act: capturing massive productivity gains while preventing catastrophic data leaks, compliance violations, and intellectual property exposure.

If AI agents are becoming organizational actors, then governance needs to move beyond principles and into operational structure. In Camille Stewart Gloster’s upcoming book The Insider You Build, she explains that governance is not defined by policies or structures, but by whether it can actually influence system behavior at runtime. In an agentic environment, governance only exists where it can shape, constrain, and intervene in decisions as they happen.

Cosine similarity is pure math. No magic. No understanding. Once you accept that, a lot of the confusion goes away. We talk to a lot of customers, and even seasoned engineers, who treat cosine similarity like magic that solves everything. Engineers talk about embeddings like they are definitive. Product teams trust similarity scores like they are facts. Vendors sell “semantic understanding” like the model actually understands. Truth is, it does not.

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.

Two protocols are shaping the AI revolution: A2A for agent-to-agent delegation, and MCP for agent access to tools and external systems. A2A expands who can participate in a workflow by enabling agent-to-agent delegation. MCP expands what agents can reach by connecting them to data and systems. By the end of 2026, task-specific AI agents are expected to appear in 40% of enterprise applications, up from less than 5% in 2025. That shift changes where security has to live.

The cybersecurity industry is sleepwalking. We are still captivated by the romanticized image of the hacker: a human in a hoodie manually typing code to breach a network. Wake up to the reality of 2026. The modern adversary is no longer human. It is algorithmic.