MSSP, MSP, Endpoint/Device Security, Security Management, Audits (External, Internal), Compliance Management, Government Regulations, AI benefits/risks, Generative AI, Cloud Security, API security, Network Security

More Confident, More Tooled, More Breached: The Security Gap Isn’t Closing

Hacking the security. The threat of information leakage and the security of the system. Red open padlock among closed black ones. Close the gap, fix the problem.

A recent survey of CISOs put a spotlight on what executives with Vorlon call a “troubling contradiction” in enterprise security: “Organizations are more confident, more tooled, and more breached than ever. Simultaneously.”

The report released last week by the startup, which provides a SaaS and AI security platform, found that 99.4% of the 500 CISOs surveyed said they experienced at least one SaaS or AI ecosystem security incident last year.

However, 89.2% in the report, The Agentic Ecosystem Security Gap: 2026 CISO Report, said they have strong OAuth token governance, and 77% claimed to have comprehensive behavioral monitoring. In all, organizations deploy an average of 13 security tools across their SaaS and AI environments.

Such results show that enterprises are well-armed and confident in their security, but are still getting hit with incidents. The problem isn’t awareness, but the security architecture most are running, according to Vorlon co-founder and CEO Amir Khayat.

“Most organizations are running an ecosystem without the ability to see what's happening, investigate when something goes wrong, or contain it before the damage spreads,” Khayat said in a statement.

Resolving the Problem

The Mountain View, California-based company released the report just as the RSAC 2026 show – where AI and agents were a focus – got underway in San Francisco, and also released two products, AI Agent Flight Recorder and AI Agent Action Center, which Netta Drimer, Vorlon’s head of product, wrote give “security teams a complete forensic record of every AI agent action and a coordinated path to fix what's wrong.”

“The agentic ecosystem is the converged layer of SaaS applications, AI agents, API integrations, and non-human identities,” Drimer wrote. “It's now the fastest-growing attack surface in the enterprise. The tools most security teams have weren't built for this. They were built to monitor the front door: application configurations, permission settings, and login events. Human-speed, application-by-application.”

The problem, she added, is that “AI agents don't use the front door. They operate in the engine room, through APIs, across multiple SaaS systems simultaneously, with OAuth tokens that persist long after the original authorization event. A single agent can touch five systems, move PII [personally identifiable information] and financial records, and trigger downstream workflows in under 30 seconds. Most of that activity was, until now, invisible.”

Security Lags Threats

It’s an issue throughout the industry, Rob Enderle, principal analyst with The Enderle Group, told MSSP Alert. Security always runs behind technology-leading threats like those appearing with AI. Organizations typically fund security to respond to threats, not to anticipate or proactively prepare for them.

“AI came in really fast, and the industry is struggling to figure out what to do about it because the broad spectrum of AI capabilities makes it into a genuine boogey man,” Enderle said. “The tech firms are just now spinning up defenses, but it takes an unfortunate amount of time for those defenses to mature, and then it takes a large, related public breach before funds are generally released to counter the threat.” 

Understanding the Risks

A key challenge is that too few companies truly understand the seriousness of the threat posed by AI, much less have spent the money for protections against it, he said. MSSPs and MSPs have a role in this, but they need to get up to speed as well.

Their charge now is “understanding the threat and convincing their customers it is real so they can work with those customers effectively to mitigate an attack before it results in a meaningful breach,” the analyst said. “There is both an opportunity and an extreme risk here, and without proper focus, a lot of firms are badly exposed, and many MSSPs and MSPs are ill-prepared to help.”

Most CISOs are likely aware of the risk and need to convey it to executive management so they have the funding and programs in place to mitigate the threat when executives finally understand the situation and the best path forward.

Recording Agent Actions

The two new tools from Vorlon would be a good starting point, Drimer wrote. The first is the AI Agent Flight Recorder, with the name evoking the systems on airplanes that record flight information that investigators can review in the case of an emergency.

“That's what we built,” she wrote. “An immutable, query-able, forensically complete audit trail of every AI agent action across your entire agentic ecosystem. Not within one application. Across every SaaS app, every API endpoint, every integration the agent touches.”

Built atop the vendor's DataMatrix intelligent simulation technology, the product builds a baseline of a system’s normal behavior so that when an agent’s behavior veers – using different data types, running activities off-hours, or journeying to new destinations – it’s detected.

In addition, the AI Agent Flight Recorder maps every agent action to the data it touches and calculates in near real time the extent of the damage – the blast radius – when something goes wrong. It also creates an immutable audit trail of every action, identity, endpoint, and timestamp, and can meet the evidentiary requirements of regulations like the EU AI Act, HIPAA, GDPR, and PCI-DSS.

Addressing What's Next

The AI Action Center addresses what happens once a finding – from the Flight Recorder, Vorlon’s detection engine, or some other source – is raised. The product prioritizes it and then routes it to the right person or system, provides step-by-step remediation guidance, and tracks every ticket through resolution.

It deals with three categories of findings – universal (things that should never happen), behavioral (anomalies tied to agent use and traffic patterns), and dynamic (customer rules developed by security teams to close gaps AI vendors don’t address) – and ensures the findings are sent to the right people.

“The Flight Recorder and the Action Center are not two separate products,” Drimer wrote. “They are two halves of the same motion. Detection without response is frustration. Response without forensics is guesswork. You need the complete record of what happened and a coordinated path to fix it.”

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.
Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds