How AI Agents Are Turning Security Inside-Out
Help Net Security, Friday, January 9th, 2026
AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built no-code assets.
What started out as a few business user created no-code apps is evolving into thousands of automations and AI agents operating across enterprise systems. They pull external data, call internal APIs, reason over documents, collaborate with other agents, and take action in real time. Once deployed, their behavior changes dynamically based on prompts, context, and access.
From an AppSec perspective, these agents are no longer 'tools.' They are applications, always on, highly privileged, and increasingly opaque. And they are already producing incident patterns that look indistinguishable from external compromise.