Two things trended today that tell the same story. Mozilla published a blog about using Anthropic's red team to find vulnerabilities in Firefox. CyberStrikeAI, an AI-native security testing platform, hit GitHub trending with 1,400+ stars.
The security industry is about to go through the same transformation that every other knowledge work industry is experiencing. Except the stakes are higher because mistakes aren't just expensive. They're destructive.
The attack surface just expanded by orders of magnitude
Every AI agent deployed in a business is a new attack vector. Not theoretically. Practically.
An AI agent that has access to your email can be manipulated through prompt injection in incoming messages. An agent connected to your CRM can be tricked into exposing customer data. An agent with file system access can be directed to read, modify, or delete things it shouldn't.
Most AI security research has focused on the model layer. Jailbreaks. Alignment. Safety training. Important work, but it misses the bigger picture.
The real attack surface isn't the model. It's the integration layer. The tools the agent can access. The permissions it has. The data it can see. That's where the vulnerabilities live, and that's where most deployments have zero security.
Offense is ahead of defense
Right now, using AI for attacks is easier than using AI for defense. Generating convincing phishing emails at scale? Trivial. Automating vulnerability discovery? Getting easier every month (as Mozilla just demonstrated). Creating personalized social engineering campaigns? Basically solved.
Defending against AI-powered attacks? Much harder. Your spam filter was trained on human-written phishing emails. AI-written ones look different. Your intrusion detection system looks for patterns from known attack tools. AI generates novel approaches. Your security team reviews alerts during business hours. AI attacks run 24/7.
The defense side will catch up. It always does. But there's going to be a window of vulnerability that businesses need to take seriously right now.
What smart deployment looks like
I've been thinking about this in the context of every AI deployment I'm involved in. Here's my current framework:
Principle of least privilege. Your agent should have access to exactly what it needs and nothing more. If it manages your calendar, it doesn't need access to your file system. If it handles email, it doesn't need access to your database. Every unnecessary permission is an attack surface.
Input sanitization. Everything the agent reads from external sources (emails, messages, web pages) should be treated as potentially adversarial. The agent needs to distinguish between instructions from you and content it's processing on your behalf.
Output monitoring. Log everything. Not just for debugging. For security. If your agent suddenly starts accessing APIs it normally doesn't use, or sending data to unusual endpoints, you want to catch that immediately.
Blast radius containment. If the agent gets compromised, how much damage can it do? Run it in a container. Limit its network access. Use separate credentials for the agent and for administrative access to the host.
Where the money is
The AI security market is going to be massive. I'm talking Palo Alto Networks, CrowdStrike-scale revenue. Here's why:
Every business deploying AI agents needs security for those agents. Every AI-powered application needs protection against prompt injection and data exfiltration. Every organization needs to defend against AI-powered attacks on their existing infrastructure.
That's three massive market segments, all emerging at the same time. The companies that figure out AI security first will build decade-long competitive advantages.
If you're a founder looking for what to build, stop building chatbot wrappers. Build AI security tools. The demand is about to explode.
If you're a business deploying AI, don't wait for the perfect security product. Get the fundamentals right now. Sandbox your agents. Monitor their behavior. Limit their permissions. The basics will protect you from 80% of attacks while the security industry catches up.