By: Gary W. Phipps, Head of Customer Success

You cannot outsource AI security to your vendor. Platforms can secure their models and core infrastructure, but they cannot secure how your enterprise deploys, configures, and operationalizes agentic AI. They protect the model. You protect the mission.

It is reasonable to expect vendors to ship responsibly, address vulnerabilities quickly, and continuously improve their systems. That release, discovery, and patch cycle is how modern software evolves. Where organizations get into trouble is assuming that vendor fixes or indemnification language replace internal controls. They do not.

Agentic AI makes the boundary clear. Once models are connected to tools, data stores, and execution paths, the risk shifts to the surrounding environment. If you deploy cloned MCP servers with default configurations, expose them broadly, or grant overly permissive access, the outcome should not be surprising. You still change the default admin password on every system you deploy. AI infrastructure deserves the same discipline.

Vendors can harden defaults, reduce unsafe behavior in core components, and patch platform-level vulnerabilities. Enterprises own everything that determines real-world impact, including configuration hygiene, identity and access, network exposure, integration scope, and runtime governance. Those controls define whether an agent can reach sensitive data, invoke high-impact tools, or take actions beyond its intended role.

Indemnification does not close these gaps. It does not correct misconfiguration, narrow permissions, or provide visibility into what agents are doing in production. Treating it as a safety net is wishful thinking with extra paperwork.

For CISOs, the priority areas are straightforward. I will break it down into three key concentration pillars:

Enforce infrastructure discipline. MCP servers, agent runtimes, and connectors should be treated as production services, hardened at deployment, and owned explicitly. Control what agents can access and trigger. Least privilege still applies, and workflow boundaries should be clear and enforced. Establish runtime visibility. You must be able to see execution paths, tool calls, and downstream impact in production, not just in design documents.

AI security is shared, but accountability is not ambiguous. Vendors secure the foundation. Enterprises secure the deployment, the permissions, and the behavior. Organizations that respect that boundary will move faster with confidence and far fewer surprises.