: Why the Threat Model Changes Most AI security work focuses on the model: what it says, what it refuses, and how it handles malicious prompts. This framing made sense when AI was a text interface. The user sends a message, and it responds. The attack surface was narrow and well-defined.  Agents change the shape of the problem entirely. An AI agent does much more than generate text. It plans, uses tools, stores memory across sessions, and often coordinates with other agents to complete multi-step tasks. Think of the difference between a navigation app suggesting a route and an autopilot system wired directly into the vehicle’s steering and throttle. One provides information. The other executes control. The risk model is no longer comparable.  The numbers confirm this is no longer a theoretical concern.…