Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are now acting across SaaS, cloud, and endpoint environments with identities and permissions that traditional controls cannot fully govern. Most enterprises already have more agents in production than they realize, many created without security review. Across the industry, the research aligns.

For security teams, the adoption of agents showed up operationally before it showed up strategically - creating new expectations and requirements. Risk is no longer tied to prompts or the model alone. It shows up in what agents do once they are connected to critical systems - coming from permissions they inherit, tools they invoke, and data they move.

The OWASP GenAI Security Project has officially released its Top 10 for Agentic Applications, the first industry-standard framework focused on the operational risks created by autonomous and semi-autonomous AI systems. AI has evolved in a way that directly changes how enterprises need to think about security. We started with machine learning systems designed to classify and predict.

Data is never the problem. Security teams rarely complain about having too much of it. The real danger comes from data that sits unconnected and unexplained. What teams actually need is data that is actionable and converges into meaning. Data that cuts deeper than surface level signals. Data that reveals what is unfolding and what needs to happen next.

AI agents are increasingly connecting to more systems and workflows. They read structured data, follow multi-step instructions, and can reach deep into applications and developer environments. The same capabilities that make them powerful also create new opportunities for attackers. As Zenity Labs continued to study these emerging attack classes, we noticed a pattern starting to appear.

Agentic browsers are quickly becoming part of everyday work. Tools like ATLAS, Comet, and Dia can read web content, navigate SaaS tools, interpret instructions, and act on behalf of a user. They promise faster execution and higher productivity but they also introduce new risks that traditional security tools are not designed to see. As these browser-based agents spread across both managed and unmanaged devices, the enterprise attack surface grows in ways that most teams can’t quantify.

In the first installment of our Inside the Agent Stack series, we examined the design and security posture of agents built with Azure Foundry. Continuing the series, we now focus on Amazon Bedrock AgentCore, a managed service for building, deploying, and orchestrating AI agents on AWS.