The AI Security Summit 2025

The AI Security Infrastructure Gap: Why Traditional DevSecOps is Failing the Agentic Era

The enterprise AI security landscape is experiencing a fundamental infrastructure crisis that goes far beyond traditional vulnerability scanning. As organizations race to deploy agentic AI systems, they're discovering that existing security frameworks are catastrophically inadequate for non-deterministic, multi-agent environments. The evidence from operators suggests we're witnessing the emergence of an entirely new security paradigm that demands purpose-built infrastructure.

The scale of the visibility problem alone is staggering. As Manoj Nair from Snyk observed during customer meetings: "I've been in meetings where the CISO and CTO are on the call with me and ask the question, 'How many agents or LLMs do you have in production?' And the answer from the security team is zero. The answer from the CTO is thousands." This isn't just a communication gap—it's a fundamental breakdown in enterprise asset management that creates massive attack surfaces. When security teams can't even inventory their AI assets, traditional perimeter-based security models become meaningless.

The technical complexity compounds exponentially when you examine the attack vectors emerging from agent orchestration systems. Nair's team discovered critical vulnerabilities in seemingly benign infrastructure: "We found the toxic flow attack pattern that the GitHub MCP server had an exploit potential, and that is a prompt injection, plus bringing this improper access." Model Control Protocol (MCP) servers, designed to connect AI agents with external tools and data sources, are creating novel attack chains that combine traditional infrastructure vulnerabilities with AI-specific prompt injection techniques. The result is a multiplication of risk rather than simple addition.

What's particularly concerning is how AI's pattern recognition capabilities are weaponizing existing enterprise data hygiene problems. Traditional security models relied on the statistical improbability of attackers finding sensitive data scattered across vast enterprise datasets. But as one operator noted, AI systems excel at "finding anomalies" and can act as "a magnet for those needles" in data haystacks. This means decades of accumulated technical debt in data classification and access controls are suddenly becoming critical vulnerabilities.

The infrastructure investment implications are massive. Ed Sim from Boldstart Ventures, whose portfolio company Protect AI sold to Palo Alto Networks for over $700 million, argues that organizations need "one vendor to help them solve more problems than just one." But the technical reality suggests something more fundamental: enterprises need entirely new security architectures. Snyk's Evo platform represents one approach—what they call "the world's first agentic security orchestrator"—but the broader market is still in its infancy.

The datacenter and cloud implications are equally profound. Sanjay Poonen from Cohesity highlighted emerging regulatory pressures: "In Europe, they have this regulation called DORA, requires data to stay in the country, and we think there's going to be a lot more sovereign cloud requirements." When combined with AI workloads that generate massive audit trails and require real-time security monitoring, this is driving demand for entirely new classes of infrastructure that can handle both the computational requirements of AI security and the regulatory requirements of data sovereignty.

Perhaps most critically, the economics of AI security are forcing a fundamental rethink of enterprise security budgets. Francesca LaBianca from Factory noted that successful AI adoption requires "agent readiness," which "incorporates a number of things" including comprehensive changes to testing frameworks, linting systems, and development containers. This isn't just about buying new security tools—it's about rebuilding core development infrastructure to be AI-native from the ground up.

The competitive landscape is already consolidating around platforms that can handle the full stack of AI security challenges. As Sim observed about the broader trend: "I've never seen a technology take off with AI-assisted coding like it has. About a year and a half ago, no one was like, 'Ah, we're trying out GitHub Copilot.' All of a sudden, it's wall to wall every large Fortune 500 right now." The organizations that can build comprehensive AI security platforms—not just point solutions—will capture disproportionate value as enterprises realize they can't patch their way to AI security.

The infrastructure implications extend beyond security into fundamental questions about how enterprises architect their AI systems. The move toward "agent-driven development," as Factory terms it, requires "a fundamentally new way of working" that touches everything from code review processes to production monitoring. Organizations that fail to make these infrastructure investments aren't just accepting security risks—they're limiting their ability to capture AI's productivity benefits entirely.