As artificial intelligence transforms how organizations operate, cybersecurity teams face a fundamental challenge: traditional security frameworks weren't designed for AI agents. While much attention focuses on model security and prompt injection attacks, a critical vulnerability is hiding in plain sight—the network layer where AI agents operate and communicate.
Chris McHenry, Chief Product Officer at Aviatrix, recently addressed this blind spot at a TEAM8 CISO summit, arguing that network security represents the forgotten foundation that must anchor any AI-ready security stack. His insights reveal why organizations need to rethink network security architecture before AI adoption outpaces their ability to secure it.
The Fourth Network Actor: AI Agents Change Everything
Traditional network security has long operated on a three-actor model:
Users with unpredictable behavior patterns
Application workloads with more structured interactions
IoT devices with limited but evolving profiles.
Each actor type requires different security approaches based on their behavioral characteristics and identity models.
AI agents represent a fourth network actor that doesn't fit neatly into existing categories. "AI agents sit somewhere in between," Chris explains. "They're not exactly a user, and they're not necessarily wide open like some applications. We need to think about where they fall on that spectrum so we can align what we know and what tools we have."
This positioning matters because AI agents exhibit hybrid characteristics:
Identity complexity: Sometimes acting on behalf of users (human identity), other times functioning as autonomous applications (machine identity)
Behavioral unpredictability: More dynamic than traditional applications but more constrained than human users
Tool calling capabilities: The ability to invoke external services and APIs creates new attack vectors that traditional network controls weren't designed to handle
The key insight is that AI agents' network behavior is fundamentally defined by their tool-calling capabilities—what they're allowed to do on the network through Model Control Protocols (MCPs) and external integrations.
When Traditional Perimeters Collapse
The challenge extends beyond just adding a fourth actor type. Modern cloud and AI architectures have systematically dismantled the security assumptions that traditional network security relies upon.
Consider the evolution: legacy three-tier applications (web, app, database) operated within clear data center boundaries with predictable north-south and east-west traffic patterns. Today's reality involves microservices architectures spanning multiple clouds, with PaaS and AI services owned by third parties, creating what Chris calls "blurred definitions of trust boundaries."
This architectural shift creates several critical gaps:
Multicloud complexity: Organizations now manage security policies across AWS, Azure, and Google Cloud, each with different shared responsibility models and native security controls. Instead of one perimeter, security teams must manage exponentially distributed perimeters across VPCs, VNETs, and security groups.
Shared responsibility confusion: Cloud providers' shared responsibility models create what Chris calls "limited liability statements" rather than clear security guidance, leaving organizations uncertain about their actual security responsibilities.
Application architecture evolution: The movement from monolithic to microservices architectures means thousands of load balancers instead of one, creating operational complexity that undermines effective security implementation.
The AI Attack Vector Reality
While early AI security concerns focused on data incorporation into large language models, the real risks emerge from agentic AI capabilities. Chris highlighted a recent zero-click attack against Microsoft Copilot where attackers exfiltrated data without users even opening emails, simply by exploiting the agent's automatic email scanning and summarization features.
The core vulnerability lies in popular MCPs like "Fetch," which comes with explicit warnings about allowing unrestricted HTTP calls. Despite the warnings, users inevitably deploy these capabilities because they dramatically increase AI utility—enabling web searches, content retrieval, and external API integration.
This creates a perfect storm: AI agents with broad network access, operating in complex multicloud environments, with security teams playing catch-up to rapid AI adoption driven by business urgency.
The Network Security Advantage: Foundational Visibility and Control
Network security offers unique advantages for AI risk management that other security layers cannot provide:
Pervasive visibility: Unlike entire infrastructure, providing holistic visibility into AI service usage regardless of deployment method.
Runtime enforcement: Network controls operate in real-time, enabling immediate response to suspicious AI agent behavior without waiting for batch analysis or manual intervention.
Behavioral baselining: By monitoring network patterns, security teams can fingerprint MCP usage and identify potential pivot points where AI agents could facilitate data exfiltration.
Aviatrix is developing algorithms that can fingerprint MCPs based on network telemetry, providing "a holistic view with relatively high probability of where we have those pivot points for an attacker." This approach identifies workloads accessing AI services and maps their connections to other services, revealing potential data exfiltration paths.
The Three-Layer Defense Strategy
Chris advocates for a defense-in-depth approach built on three foundational runtime controls:
Identity: While identity serves as a crucial control layer, relying solely on identity creates a single point of failure. "Identity is the new perimeter" is both true and problematic—it implies only one line of defense when identities are routinely compromised.
Network: Provides active runtime blocking of attacks in progress, offering a second layer of defense that operates independently of identity systems.
Agents/Workload Security: Completes the defense-in-depth strategy with endpoint and application-level controls.
The key insight is that these layers must work collaboratively while maintaining independent operation—integrated but not dependent on each other's success.
Practical Implementation: From Visibility to Control
Organizations should follow a four-phase implementation roadmap:
Phase 1: Establish Pervasive Visibility — Deploy foundational network monitoring specifically designed to identify AI traffic patterns and MCP usage across all workload types.
Phase 2: Baseline AI Behavior — Focus on understanding normal AI agent behavior patterns and identifying potential pivot points where agents could facilitate data exfiltration.
Phase 3: Deploy Dynamic Controls — Implement AI-centric isolation standards that can adapt to different AI agent roles and risk profiles in real-time.
Phase 4: Shift Policy Left — Empower development teams with policy-as-code capabilities that enable secure AI deployment without creating friction or delays.
Meeting Developers Where They Are
A critical success factor involves avoiding the traditional security team trap of simply saying "no" to AI initiatives. Chris emphasizes that "the wave right now with the transition to cloud and now the transition to AI is in favor of the app teams, it's in favor of speed."
Security teams must meet developers where they work—through Terraform, Kubernetes, and Crossplane integrations that make secure AI deployment the path of least resistance. This requires shifting from reactive security policies to proactive enablement that allows development teams to move fast while maintaining security guardrails.
Design Principles for AI-Ready Network Security
Effective AI-ready network security must be:
Embedded, not bolted on: Integrated into the foundational infrastructure rather than added as an afterthought
Dynamic and distributed: Capable of adapting to changing AI agent roles and deployment patterns
Agentless and inline: Operating without requiring additional software on endpoints
Real-time enforcement: Providing immediate response to threats
Developer-transparent: Working seamlessly with existing development workflows
Frictionlessly integrated: Requiring minimal additional operational overhead
The Bottom Line
As AI adoption accelerates, organizations face a choice: proactively build network security foundations that can handle AI agents' unique characteristics, or reactively address security gaps after AI deployment creates vulnerabilities.
The network layer provides the foundational visibility and control capabilities needed to secure AI agents without slowing innovation. But this requires moving beyond traditional perimeter-based thinking to embrace a defense-in-depth strategy that treats AI agents as a distinct network actor requiring specialized security approaches.
The organizations that get ahead of this challenge will be able to adopt AI aggressively while maintaining security. Those that don't risk finding themselves in the familiar position of playing security catch-up while business teams race ahead with uncontrolled AI deployments.
The foundation matters. In the AI era, network security isn't just another control layer—it's the forgotten foundation that makes everything else possible.
Learn more about how Aviatrix provides proactive network security through its Cloud Firewall solution.
Explore Aviatrix’s use of AI in UX design.
