The View From Here
This final chapter marks the end of a series that has been a collective effort, reflecting the research, experience, and perspectives of the full team at Cloud Security Partners. We are proud of what we built together and grateful to everyone who contributed to making it happen.
At the start of this series, we introduced a paradox: unprecedented capability paired with unprecedented uncertainty. That paradox has not been resolved. If anything, it has deepened. When I sat down to write this chapter a few weeks ago, the landscape had already shifted in meaningful ways. Anthropic had released Claude Code Security, RSA had come and gone with AI dominating nearly every conversation on the floor, and Claude Mythos had just launched with the “ability” to identify and patch zero-day vulnerabilities. This space is moving on a weekly basis, sometimes daily, and that pace is itself part of the challenge.
Over the course of these chapters, we walked the stack from tooling and agents to skills marketplaces, code generation, program building, compliance, and offensive security. The picture that has emerged is not simple, and frankly, it is one our team debates constantly. Hardly a week goes by without an internal conversation about whether some new AI capability changes the security perspective in a meaningful way, or whether it is mostly vendor marketing dressed up in new language. That tension is real, and we suspect most security teams are navigating the same thing.
What comes next is not simply more AI. It is AI operating with greater autonomy, broader reach, and higher stakes, and that does not introduce entirely new problems so much as it amplifies everything we have already discussed. The controls that were optional become mandatory. The gaps that were manageable become material. And the difference between deliberate and reactive security becomes something organizations will feel, not just discuss. I meet monthly with a group of security leaders here in Northern Virginia, and without fail, AI finds its way into every conversation. How it is changing daily workflows, how others in the organization are trying to use it, and how it is complicating already stretched budgets and processes. It is not a theoretical discussion anymore. It is the texture of the job right now.
Autonomy Expands, and So Does the Risk Surface
Today’s AI systems are still largely supervised. They operate within constrained workflows, with humans in the loop at key decision points. That balance is already starting to shift, and the organizations that are not thinking about what comes after supervised automation are going to find themselves catching up under pressure.
As agents evolve, they will operate across longer time horizons, interact with more systems, and execute with broader permissions and less direct oversight. The constraint we identified in areas like penetration testing, that fully autonomous execution remains impractical in complex environments, is a product of current capability, not a permanent ceiling. As autonomy increases, the unit of risk begins to shift. It is no longer just about systems and users. It becomes about agents acting on behalf of both.
That shift introduces a concept organizations will need to internalize: agentic blast radius. When agents begin interacting with other agents across internal systems, third-party services, and external APIs, traditional trust boundaries start to break down. A single misconfigured permission, flawed prompt, or compromised workflow does not just expose one system. It can cascade across an entire chain of automated decisions before anyone notices something has gone wrong.
This is already happening. I was recently part of a conversation with a Security Lead at a large technology company and a Product Security Lead at a software platform company that started casually and quickly turned into a deep technical discussion about exactly this problem. Both were grappling with how to protect their organizations from the risks introduced by third-party services and AI dependencies, and both were candid that the trust boundaries they had relied on for years are either breaking down or being fundamentally redefined. There was no clean answer in the room. That is probably the most honest summary of where the industry sits right now.
The maker-checker model1, which has long been a cornerstone of control design, will need to evolve. It was built for human-to-human and human-to-system validation and does not translate cleanly to AI-to-AI workflows. Organizations will need to rethink how validation, approval, and accountability function when both the maker and the checker are automated, a question most governance frameworks have not yet seriously engaged with.
Meanwhile, offensive capabilities are advancing along the same curve, but without the governance overhead. AI-accelerated reconnaissance is already compressing attacker timelines. What used to take days or weeks can now be done in hours. Prompt injection, which many teams still treat as an edge case, will mature into a primary attack vector as attackers learn to reliably manipulate agent behavior mid-task. AI-generated social engineering will continue to close the gap with human-crafted attacks, at a scale and speed that most defensive teams are not yet built to handle.
Autonomy does not just increase efficiency. It increases impact in both directions.
The Supply Chain and Compliance Reckoning
Earlier in this series, we found something uncomfortable when examining the AI skills ecosystem: a significant portion of it already carries serious security flaws. We also explored how existing compliance frameworks were never designed with generative AI in mind, and how security tools transmitting artifacts, logs, and code to external LLM services are quietly introducing a new class of exposure inside the control plane itself. Neither of those problems is getting smaller.
The industry will eventually treat AI dependencies the way it learned to treat software dependencies, with rigor, provenance checks, and formal risk assessment. What usually forces that shift is an incident significant enough to make the status quo indefensible. That incident has not happened yet at scale, but the conditions for it are already in place. A widely adopted skill, plugin, or model integration will become a supply chain event. The only open question is whether your organization has thought through its exposure before that happens.
When it does, AI SBOMs will move quickly from a theoretical concept to a practical requirement. Organizations will be expected to account for not just the code they are running, but the models, skills, and external AI services their systems depend on, and how those dependencies behave under adversarial conditions.
We are already seeing what this looks like in practice. In April 2026, Anthropic launched Project Glasswing, granting limited access to Claude Mythos Preview, a model purpose-built for vulnerability discovery, to over 40 organizations including major security vendors and cloud providers2. Within days it had identified critical flaws in widely used open source projects, some decades old. The capability is real. So are the governance questions it raises about who gets access, under what conditions, and how findings are responsibly disclosed. It is a useful marker of where the industry is heading and a reminder that governance frameworks need to keep pace with the capability.
Regulatory pressure is building along the same lines. Frameworks like NIST AI RMF, ISO 42001, and the EU AI Act will evolve from guidance documents into enforceable audit expectations. Shadow AI, the departmental tools adopted without security review that we discussed in the compliance chapter, will stop being a risk talking point and start showing up as a formal audit finding. Declining transparency from model providers will add further friction, and that pressure will eventually force disclosure standards that most vendors are not currently prepared to meet.
For organizations trying to get ahead of this, we recently published AI tool guidance and an AI Usage Policy template in the resources section of our website. This space is moving fast and the guidance reflects that, it is something we intend to maintain and update regularly as the landscape continues to evolve. If your organization is struggling to keep pace, it is a good place to start.
That practical guidance matters precisely because the underlying pattern is not new. We have seen versions of this play out with open source, cloud adoption, and SaaS sprawl. Each time, the industry moved faster than its controls, absorbed a painful lesson, and then built the infrastructure to manage the risk. What is different this time is the opacity. The dependencies are harder to see, and when they fail, the blast radius is harder to contain.
The Security Workforce Transforms
One of the more consistent themes in this series has been the idea that AI is becoming a new kind of security workforce, not a replacement for practitioners, but an extension of what teams can see, analyze, and act on. We are seeing it play out across code review, threat modeling, alert triage, incident response, and offensive testing, and the pace is only increasing.
There is no shortage of voices in the technology industry making sweeping claims that AI will replace entire job functions wholesale. I have seen this firsthand. A previous organization I was part of genuinely believed AI could replace most of its customer support team. I understood the logic, but I did not agree with the conclusion. The reality is more nuanced. AI can absolutely reduce the volume of work that lands on a human, but the judgment, context, and accountability that experienced practitioners bring is not something a model replicates cleanly. My view, and one that this series has tried to reflect throughout, is that the teams who treat AI as a force multiplier rather than a headcount reduction strategy are the ones who will come out ahead.
As these capabilities mature, the role of the human operator changes in ways that are worth being clear-eyed about. The most valuable security professionals in the next phase will not just be deep specialists in a single domain. They will be people who can build, evaluate, govern, and course-correct AI systems, what you might call AI operators. A skilled AI operator without domain knowledge is genuinely dangerous. A domain expert who cannot engage with AI will find their impact constrained, regardless of how deep their expertise runs. The professionals who combine both will define what high-performing security teams look like going forward.
New specializations will emerge from this. AI red teaming, focused on attacking AI systems directly, finding their failure modes, and stress-testing their guardrails, will become a distinct discipline. Separately, AI-assisted red teaming will redefine how traditional environments are tested, with both defenders and attackers using AI to increase coverage, speed, and creativity in ways that manual-only approaches cannot match.
The maturity model we outlined earlier is worth revisiting here, because the pressure to move up that curve is about to increase significantly. Organizations still operating in an ad hoc mode will not just find themselves less efficient. They will be exposed in ways that are hard to recover from quickly. Competitive pressure and regulatory expectations will combine to force maturation faster than many teams are currently planning for.
Tooling can help close that gap, but it cannot close it on its own. The judgment that comes from having built deliberately, from having made real decisions about governance, training, and accountability before a crisis forced the issue, is not something you can buy after the fact.
The Deliberate Path Forward
There has been a consistent thread throughout this entire series, speed without intentionality is not a strategy. That is even more true now than it was at the start.
The paradox we started with still exists. AI is creating real advantages for organizations that know how to use it, and real exposure for those that treat it as a feature to be enabled rather than a capability to be governed. The risks are not abstract. They are showing up in audits, in incidents, in the quiet accumulation of technical and compliance debt that builds when teams move fast without laying the right foundations.
But the path through it is workable. The organizations that have treated AI security as a discipline, something to be built with the same intentionality they brought to everything else, are already operating differently from those that treated it as a checkbox. The policies, governance structures, training programs, supply chain controls, and hybrid human-AI workflows they have put in place are not just risk management. They are what makes it possible to move fast without constantly cleaning up after yourself.
This is not about slowing down adoption. It is about ensuring that as capability scales, control scales with it.
AI security is not a destination. It is a discipline.
And the teams building it deliberately today are the ones writing the playbook everyone else will follow tomorrow.
About the Author
As Chief Information Security Officer at Cloud Security Partners, Rinaldi guides the firm's commitment to empowering organizations facing complex cloud security challenges with confidence and resilience. Central to his role is building and sustaining deep customer trust, ensuring that every security decision, strategy, and recommendation is grounded in integrity, transparency, and measurable business value. He provides executive leadership and strategic direction across customer-facing security initiatives, ensuring alignment with business objectives, regulatory requirements, and industry best practices.
Rinaldi focuses on helping organizations design, operationalize, and mature modern cloud security programs across data protection, threat detection and response, compliance, and secure cloud architecture. By fostering trusted partnerships and leading customers through critical transformation efforts, he enables them to reduce risk, accelerate cloud adoption, and build scalable, sustainable security capabilities that support long-term growth and innovation. Beyond his professional accomplishments, Rinaldi is deeply committed to fostering and advancing the security community. He actively supports and contributes to local security groups, including OWASP NoVA, NoVABeerSec, and SplunkersDC.
---
1 The maker-checker principle is formally codified as Separation of Duties in NIST SP 800-53 Rev 5 (Control AC-5), which requires that organizations separate duties of individuals to reduce the risk of malevolent activity. ISACA's COBIT 2019 framework addresses the same concept under governance and management objectives for information and technology. See: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final and https://www.isaca.org/resources/cobit
2 Anthropic officially announced Project Glasswing on April 7, 2026. Full details including launch partners and program objectives are available at: https://glasswing.anthropic.com
Stay in the loop.
Subscribe for the latest in AI, Security, Cloud, and more—straight to your inbox.
