AGENTIC AI is already in production, with systems executing tasks and taking actions often without security teams being involved, according to The Hacker News. The piece argues that the real issue is whether security professionals understand what they are dealing with, framing the challenge as more than a policy question and emphasising practical fluency with AI engineering.
It identifies three agent categories: general‑purpose coding and productivity agents such as Claude Code and GitHub Copilot; vendor‑built agents using the Model Context Protocol (MCP) that connect to external services; and custom agents built by individual users, which now require security review less often because the barrier to tooling is lower.
The article warns that broad permissions across calendars, email, file systems, and code repositories create significant blast radii if agents are compromised, and notes a supply chain risk when teams bypass security reviews. It also promotes hands‑on engagement and the SANSFIRE 2026 SEC545 course as a way to build foundational AI security understanding.