Cybersecurity is Changing Faster Than You Think
We Built Security Around Infrastructure Control
But, our systems no longer behave like infrastructure.
This Anthropic announcement is part of the change, and we’re living this daily in our startup too.
For most of my career, cybersecurity has meant controlling infrastructure.
- Control the network (eg VPC or private cloud).
- Control the endpoint.
- Control identity.
- Scan the code (for vulnerabilities and look them up in a database).
- Scan the data (for things like ransomware detection).
It was a coherent model because the underlying systems were stable. Humans wrote software. Humans reviewed it. Systems behaved deterministically. Security software then wrapped guardrails around that machinery. That assumption is breaking and cybersecurity is about to go through a radical change. Most companies that don’t adapt will fail.
The System Has Already Changed
Over the last year, we’ve seen something qualitatively different across AI-native startups (we’re one of them) and increasingly inside enterprises that are our customers.
Pull requests aren’t 50-line changes anymore. They’re 3,000–5,000 line diffs touching 20 or 30 files. They refactor entire flows. They introduce new abstractions. They wire together tools that didn’t exist a week earlier. And, they get approved. Not because engineers are careless but because no single human can realistically hold that much context in their head. The review becomes a surface scan. The system is moving faster than comprehension. As a principal engineer in a previous life, I used to ask engineers to keep their PRs below 500 lines of code. I have long stopped asking that.
At the same time, we’re seeing hybrid architectures emerge: traditional SaaS layers sitting on top of agentic orchestration systems. In our own backend, large parts of the system are now a coordination layer for agents working together, alongside conventional deterministic services. You have predictable SaaS code interacting with non-deterministic reasoning engines. APIs aren’t just being called by users or backend services anymore. They’re invoked by autonomous workflows chaining tools together, making intermediate decisions, exercising judgment about what to do next. The “business logic” is no longer just code we wrote; it’s increasingly embedded in how agents reason, plan, and orchestrate actions across the system.
This isn’t just “more automation.” It’s the introduction of semi-autonomous behavior inside production systems that can plan, decide, and act within defined boundaries, while still leaving ultimate responsibility and accountability with humans. The goal isn’t to remove people from the equation, but to give them higher-level control over increasingly complex, machine-driven workflows they are still responsible for.
Infrastructure Security Is No Longer Enough
For 25 years, cybersecurity has been about infrastructure control. Firewalls inspect packets. Endpoint agents monitor processes. Identity systems authenticate humans. Application security tools scan static code. The core questions were things like:
- “Is this packet allowed?”
- “Is this binary malicious?”
- “Is this user authenticated?”
- “Is this dependency vulnerable?”
Those are still valid questions. But they’re no longer sufficient. The new questions look different:
- Why did this agent access that dataset?
- Should it have called that internal tool?
- Is the agent staying within the intended design?
- Is it indirectly escalating privileges through a reasoning chain?
- What happens when two agents interact in a way no human explicitly designed?
- Is this system behaving within intent even if every individual API call is technically “allowed”?
That’s a shift from infrastructure control to autonomous system control
In many of the teams (security + dev) we speak to, there is real urgency not theoretical concern. AI-native startups know they are shipping fast, on top of systems they don’t fully understand end-to-end. Enterprises are plugging copilots into internal data stores and realizing their existing permission models were designed for humans, not agents.
Meanwhile, much of the industry response has been predictable: “AI-powered SOC”, “AI-enhanced detection”, “AI-driven insights.” And yes, AI absolutely helps with alert triage and pattern recognition. But, that’s sprinkling AI on the old system.
The structural change is, that the systems themselves are becoming semi-autonomous. Software is writing software. Agents are calling APIs. Internal tools are being exposed to reasoning engines. The attack surface is no longer just exposed ports, it’s prompt injection, tool misuse, unintended data access through legitimate credentials.
When behavior becomes dynamic and partially non-deterministic, signature-based and infrastructure-centric controls strain. This doesn’t mean incumbents disappear. Companies like Palo Alto, CrowdStrike, and even newish startups like Snyk, Semgrep, Aikido, and others have distribution, capital, and very strong engineering teams. Infrastructure is not going away. But the center of gravity is moving elsewhere.
What is needed from security now?
Security can’t just ask whether the network is protected. It has to ask whether autonomous actors, human or machine, are behaving within acceptable bounds at all times. That’s a different discipline. Closer to governance and control theory than traditional perimeter defense or code scanning.
Startups have an edge because they aren’t anchored to legacy abstractions. They can assume:
- Humans are not in every review loop.
- Agents are first-class actors.
- Code velocity exceeds human comprehension.
- Policy must be enforced continuously and automatically.
The uncomfortable conclusions are this: cybersecurity is no longer primarily about securing infrastructure. If your security model assumes humans are in the loop, you are already behind. The next decade of cybersecurity will be about constraining autonomy. Most vendors are still selling perimeter defense.
At Trent AI we are working actively in reimagining cybersecurity for this new era.
