Key Takeaways
- Traditional success metrics focused on breach prevention are no longer realistic; resilience is the measurable, achievable goal.
- The threat landscape now includes attacks that are both technically difficult and structurally advantaged for adversaries (deepfakes, supply‑chain compromises, prompt‑injection, AI‑enabled acceleration).
- Agentic AI introduces architectural risks that outpace current identity and model‑level defenses; security must follow the data, not the agent.
- Identity management must evolve from a static, human‑centric infrastructure to a dynamic, strategic capability that governs fleets of autonomous agents.
- Enforcing controls at the data layer provides the most reliable, agent‑agnostic protection for AI‑driven workflows.
- Forward‑looking CISOs are framing security and resilience as competitive advantages that enable faster decision‑making and uninterrupted operations.
- The next 18‑month window is critical for making structural decisions on identity, AI governance, and resilience that will determine both security posture and business speed.
The Failure of Prevention‑Focused Metrics
The opening keynote by Leigh McMullen shattered the long‑held belief that measuring security success by the ability to prevent breaches is still viable. He argued that the attack surface has grown too large, adversary tooling too capable, and attack cadence too continuous for any organization to rely on pure prevention at scale. Instead, the profession must adopt resilience—defined as the capacity to limit impact, sustain critical operations, and recover quickly—as the true metric of security effectiveness. Unlike prevention, which is essentially a gamble that defenses outpace unknown attacker techniques, resilience is quantifiable, improvable, and directly tied to business continuity.
A Threat Landscape Structurally Favoring Attackers
John Watts’ ThreatScape analysis for 2026‑2027 highlighted a new class of threats that are not merely difficult but also confer structural advantages to attackers. Deepfake identity impersonation, software‑supply‑chain compromises, prompt injection against AI systems, and AI‑enabled attack acceleration share a common trait: the cost to execute these attacks has fallen faster than the defender’s cost to detect them. Commodity hardware can now produce convincing deepfakes in minutes; a single compromised supply‑chain node can reach dozens of targets; prompt injection turns trusted AI into an insider threat without any human malicious intent. Because these advantages stem from the economics of attack rather than defender incompetence, relying on “we’ll prevent this” is a flawed premise.
Agentic AI: The Architectural Problem Nobody Has Solved
Dennis Xu’s session on agentic AI security lingered because it exposed a stark reality: many organizations are securing systems they neither designed nor approved. AI agents are no longer passive chatbots; they autonomously initiate actions, access data repositories, call external APIs, and execute business logic without a human in the loop for most steps. The security challenge lies not in the agents being malicious but in the risk they inherit at every integration point—points most organizations lack visibility into. Prompt injection, identity spoofing, and other exploits succeed precisely because attackers can hijack an agent that already possesses legitimate credentials and access. Gartner’s guidance on Model Context Protocol security acknowledges that we are still in the early innings: attack patterns are clear, but defenses lag, creating a fertile ground for the next wave of incidents.
Identity Is No Longer Just Infrastructure—It Is Strategy
While McMullen listed modernizing identity as foundational infrastructure, the reality is more urgent: identity has already become a strategic linchpin, especially for AI‑driven environments. Traditional IAM models—provision, authenticate, authorize—were built for static human users accessing fixed applications. Agentic AI introduces machine actors that need real‑time, scoped access across organizational boundaries, with privileges that shift depending on the task context. Treating identity as a later‑stage problem will leave organizations exposed; those who start now will gain a structural advantage by aligning identity governance with the dynamic, fluid nature of agent workloads.
The Data Layer: The Only Enforcement Point That Doesn’t Move
Repeatedly, sessions on agentic AI converged on an uncomfortable truth: models can be manipulated, perimeters are crossed by design, and identity controls are still catching up. What remains constant, regardless of the underlying model or the APIs an agent calls, is the data itself. Enforcing access decisions, purpose limitations, and audit logging at the data layer—the point where an agent attempts to read or write information—provides control that does not depend on the agent’s behavior, model guardrails, or network segmentation. This principle is not new; securing the asset closest to it is a cornerstone of security. What is novel is the extent to which organizations have stacked defenses above the data (model‑level guardrails, network zones) while leaving the data layer relatively exposed. For AI security, moving governance as close to the data as possible is not merely a product choice; it is an architectural imperative.
Security as Competitive Infrastructure
Perhaps the most enduring insight from the summit was a shift in language: security leaders increasingly spoke of governance and resilience not as compliance burdens but as competitive inputs. Organizations with mature resilience can absorb disruption and keep operating while rivals scramble to respond. Those with clear AI‑governance visibility can scale agent deployments without the manual risk‑review bottlenecks that slow everyone else. McMullen explicitly noted the compressed decision cycle—the next 18 months are the window in which structural choices on identity, AI governance, and operational resilience will be made. Making those decisions now does not merely improve security; it translates into speed, agility, and market advantage. In this framing, resilience becomes the metric that tells you whether you’re winning, not just whether you’re surviving.
Conclusion
Walking out of three days of analyst sessions at the Gartner Security & Risk Management Summit left a clear impression: the profession is finally ready to abandon outdated success metrics and embrace a reality‑based framework. Prevention is no longer a viable objective; resilience is. The threat landscape has evolved to favor attackers through structural advantages that demand new defensive thinking. Agentic AI exposes gaps in identity and model‑level controls, pointing inevitably to the data layer as the reliable enforcement point. Identity must be reimagined as a strategic, dynamic capability rather than a static infrastructure. Ultimately, viewing security and resilience as competitive enablers aligns the function with business goals—turning protective measures into speed advantages. The next year‑and‑a‑half will determine which organizations seize this opportunity and which remain trapped in the old paradigm of breach prevention.