AI Agents Require New Control Planes for Intent-Based Security

The accelerating adoption of autonomous AI agents, while promising unprecedented productivity gains, introduces a cascading risk of "bad actions" that existing security paradigms are ill-equipped to handle. This conversation with Maxim Bar Kogan, CEO of Onyx Security, reveals that the true challenge lies not in preventing basic data leaks, but in supervising the intent and legitimacy of increasingly powerful AI decision-makers. Enterprises must confront the inadequacy of traditional controls like identity and endpoint security, which lack the contextual understanding of AI cognition. This necessitates a fundamental shift towards specialized AI control planes, capable of monitoring and governing agent behavior, particularly as AI agents become the primary users and operators within organizations. Those who invest in these foundational controls now, understanding that immediate discomfort yields long-term advantage, will be best positioned to navigate the evolving AI landscape.

The Unseen Cost of Autonomous Action

The explosion of autonomous AI agents, from AutoGPT's early promise to today's sophisticated coding assistants like Claude Code and Co-Work, has unleashed a torrent of potential productivity. However, this rapid adoption, particularly within large enterprises, outpaces our ability to govern it. Maxim Bar Kogan articulates a core dilemma: as AI agents become more capable and are granted broader permissions to perform complex tasks, the risk of "bad actions"--unintended, illegitimate, or incorrect operations--grows exponentially. Traditional security measures, designed for human operators and predictable software, are fundamentally insufficient. Identity and access management, endpoint security, and even API security tools lack the crucial context to understand an AI agent's intent or reasoning. This creates a dangerous chasm where enterprises are either forced to severely limit AI capabilities, thereby forfeiting productivity gains, or remain exposed to significant risks.

"The problem is understanding if what I should do now. It turns out that in the case of AI systems, that is the hard problem. Like what is the engine that needs to underwrite these different actions and say if they're okay or not? And because we need to be able to understand what another AI system is thinking, what is it planning to do and then have our own opinion on that."

This inability of existing tools to comprehend AI cognition means that a seemingly benign instruction, like recreating a database for efficiency, could be disastrous if executed erroneously by an agent working on an unrelated task. The current landscape sees over 50% of enterprise AI adoption leaning towards autonomous coding agents, a category that typically arrives with minimal built-in controls. This trend is accelerating, leaving organizations vulnerable. The implication is clear: a new class of security, one built specifically for AI agents, is not a luxury but an urgent necessity.

The Proxy's Blind Spot: Why Context is King

The intuitive response to securing complex systems is often a proxy with a robust policy engine. However, as Bar Kogan explains, this approach falters when applied to AI agents. While proxies can intercept data, they cannot grasp the underlying intent or reasoning driving an AI's actions. The "hard problem" isn't just seeing what an agent is doing, but understanding why. This is particularly true for AI systems that operate across diverse cloud and endpoint environments, making simple proxy integration technically unfeasible in many cases. The core challenge lies in developing an "engine" that can interpret one AI's thought process and form a judgment on its legitimacy. This requires a level of AI-to-AI understanding that current security tools simply do not possess.

The failure of traditional proxies highlights a critical distinction: AI agents are not just executing predefined scripts; they are making decisions. Their "intent" is fluid and context-dependent, making static rule-based systems inadequate. The risk of an agent misinterpreting a prompt or developing an unintended objective is a direct consequence of their advanced reasoning capabilities. Without a mechanism to monitor this intent, enterprises are flying blind.

The Cost of "Smart" Oversight: Training for Efficiency

One might assume that the solution is to deploy another AI agent to watch over the first. While conceptually sound, this approach quickly runs into practical limitations, primarily cost and latency. If every autonomous agent requires its own dedicated, highly capable AI overseer, the operational expenses and response times become prohibitive. This is where Onyx Security's strategy of training specialized, smaller models becomes crucial.

"The challenge then becomes how do I know what are the times where I need to interject with these smart agents to look at what's happening? And that's when actually what you want to do is you want to try to train very smart models that are, actually let me correct myself, very not smart models, but models that are just good at one thing. They're very small. They're, almost can't do anything else other than be able to say, 'Should I have a smarter agent look at this?'"

These specialized models are designed not to perform complex tasks themselves, but to intelligently identify situations requiring deeper scrutiny by a more capable AI or human. This "intuition" for risk, honed through extensive training on historical data, allows for a cost-effective and low-latency oversight mechanism. It’s akin to a blitz chess player making rapid, intuitive moves most of the time, only pausing for deep calculation during critical junctures. This selective application of intelligence is essential for managing the sheer volume of actions generated by autonomous agents. The long-term payoff here is significant: building a system that can scale with AI adoption without incurring prohibitive costs or unacceptable delays.

Talent and Trust: Building a New Kind of Security Company

Onyx Security's DNA, a blend of deep AI expertise and Israeli military intelligence cyber experience, positions it uniquely to tackle this emerging threat landscape. The company recognizes that solving the AI control problem requires more than just cybersecurity acumen; it demands a profound understanding of AI itself. This dual focus is reflected in their research into mechanistic interpretability--understanding the internal workings of models--which they believe will be critical for overseeing advanced AI, especially as models become smarter than humans.

Building trust with large enterprises, especially for a relatively young company, hinges on the acute pain caused by AI-related risks. When the potential for business disruption is high, organizations become more willing to engage with innovative solutions, even from smaller vendors. This trust is further bolstered by the need for independent oversight. As Bar Kogan notes, customers are hesitant to rely on the same vendors who provide the AI for its security and governance. An independent third party, whose business depends on accurately assessing AI legitimacy, offers a more compelling proposition. This creates a structural advantage for companies like Onyx, enabling them to access critical historical data that AI vendors might not share, thereby gaining deeper insights into agent behavior and potential deviations. The future, with its multitude of AI vendors and open-source models, will only amplify the need for such vendor-agnostic oversight.

Key Action Items

• Immediate Action (0-3 Months):

  • Inventory all AI agents and autonomous systems currently in use across the organization.
  • Assess the current security controls applied to these AI agents. Identify gaps where traditional security tools fail to provide contextual understanding of AI intent.
  • Begin evaluating specialized AI security solutions, focusing on their ability to monitor agent actions and intent, not just data flow.
  • Initiate internal discussions on the long-term implications of AI adoption on operational risk and security posture.

• Short-Term Investment (3-9 Months):

  • Pilot an AI control plane solution to gain hands-on experience with monitoring and governing AI agent behavior.
  • Develop initial playbooks for responding to AI-driven "bad actions" or anomalies.
  • Investigate training or acquiring talent with deep AI and machine learning expertise to complement existing security teams.

• Long-Term Investment (9-18 Months+):

  • Integrate a robust AI governance framework that includes continuous monitoring, auditing, and policy enforcement for all AI agents.
  • Explore the potential of specialized, smaller AI models for cost-effective, real-time oversight of agent actions.
  • Foster a culture of "AI security curiosity" within security teams, encouraging them to understand the day-to-day operations and motivations of AI agents.
  • Embrace discomfort: Actively seek out and address the most challenging AI security problems, as these are often the areas where delayed payoff creates the most significant competitive advantage.