Does the agentic era signal the end of cybersecurity perimeters?

Many homes need fences, just as many organizations need a cybersecurity perimeter—but agentic AI, combined with some other big trends, could make it harder than ever to defend those edges.

According to CrowdStrike’s CTO of the Americas Cristian Rodriguez, perimeter-based cybersecurity has dealt with the rise of remote work and cloud applications. Now agentic AI could flood organizations with a host of synthetic identities and automated, unsupervised workflows, making it easier than ever for attackers to bypass traditional defenses.

“The new perimeter is wherever the user is going, it’s on the endpoint itself,” Rodriguez said. “It’s the identity that’s authentic, authenticating against the endpoint itself, but then also the identity that’s authorized to access any of the services that you are publishing for your employees.”

So, it’s an identity thing? Agents have accelerated the breakdown of perimeters because of their ability to make decisions across systems in ways that don’t cleanly map to traditional network edges, Human Security CISO Gavin Reid told IT Brew.

“The change in this that agentic has played into it is that it’s no longer just a person reaching out and doing that, it could be an agent,” Reid said. “If they don’t have the visibility to understand that and treat these connections very differently, which…that’s where we’re at today, a lot of these back-end infrastructure do not, they treat them all just like they were a user reaching out, and they have no visibility into the difference between those.”

Security, for a new perimeter. Johnny Ayers, founder and CEO at Socure, an AI-driven platform for identity verification, said that the biggest thing for IT pros to consider with a new perimeter is trust in the foundational framework. How do you establish a framework that enables agents to safely carry out their tasks within the organization, especially as new tools are continually brought online? Compounding the risk: Employees can fall into the habit of granting access to whoever asks, even if it’s an AI agent.

“Agents can still obviously go rogue on their own; really thinking through the external perimeter and are all of the employees that you are bringing into your organization [are] who they actually claim to be,” Ayers said. “Imagine the environment where you bring in an external bad actor that then has access to these tools and systems.”