Securing the AI-First Enterprise: Why Agentic AI demands Agentic Cybersecurity
Recap of my keynote at EPN CyberSEC Netherlands 2026
On June 10th, I took the stage at EPN Live CyberSEC Netherlands 2026, a networking conference for CIOs, CISOs, and enterprise technology leaders. I had the pleasure of providing the opening keynote, titled Securing the AI-First Enterprise: why Agentic AI demands Agentic Cybersecurity.
What I talked about
AI is no longer just a tool that waits for a prompt. In enterprise workflows, it’s becoming a delegated actor; reasoning over context, triggering actions, moving across systems. That changes the security model in ways most organizations haven’t fully reckoned with yet. In this talk, I covered:
How a modern AI-amplified breach can unfold in minutes, from token harvest to data exfiltration
That this reality collapses the defender’s decision window, and what that means for security operating models
Why Zero Trust is still a relevant and necessary foundation, and what the next floor of the security stack looks like
The shift from human-paced to AI-led, human-owned defense
The core message: if AI becomes more agentic, cybersecurity must become more agentic as well. Not uncontrolled. Not unmanaged. But able to observe, decide, and act at machine speed, under human-owned governance.
Looking back
What I valued most were the conversations on how to position cybersecurity in this new reality. Not as a control function trying to slow things down, but as an enabler that understands how work is actually changing. AI doesn’t just introduce new threats. It changes the shape of responsibility. The boundary between user and system blurs. Actions get delegated. Decisions get accelerated. And with that, some of our implicit assumptions on identity, intent, and control start to break.
Microsoft Scout is a good example of that shift. It doesn’t “hack” anything. It follows instructions, operates within the permissions you give it, and still manages to bypass safeguards that were designed for a different model of interaction. In my own case, it can simply retrieve the one‑time password from my mailbox and use it to progress Substack’s email-based sign‑in flow, without ever needing access to my password manager. That’s the uncomfortable truth: many of our current controls were built for humans clicking buttons, not for agents executing goals.
There are still services that rely on text- and email-based MFA challenges. So the question is no longer whether MFA is enabled, or whether data is protected at rest and in transit. The question becomes: who or what is acting on behalf of whom, under what constraints, and how do we make that observable and enforceable at runtime?
That is a different problem space. One that requires us to rethink identity, session integrity, and policy enforcement in an agent-driven world.
If anything, working with Scout reinforced a simple point for me: security doesn’t get weaker with AI. It gets more exposed. The gaps were always there. AI just finds them faster, and at scale. That’s where the opportunity is as well. Not to block this evolution, but to redesign our controls so they are native to it.
It was great taking the stage. I learned a lot from this experience, and look forward to the next opportunity.