↳ View
By
Prashant Kale
25 May 2026
7 min

Why pattern-based security is obsolete in this new age of agentic AI

In my previous piece, I highlighted a terrifying new reality for technology leaders: the "9-second disaster." We watched an autonomous AI coding agent completely delete a startup’s live production database and all of its volume-level backups in a single, devastating API call. It took just nine seconds.

This incident underscored a fundamental paradigm shift. We have moved decisively beyond generative chatbots that merely draft emails or summarise documents into what is now the era of Agentic AI. 

These agents are no longer passive tools. They are active, privileged, non-human identities. And they’re operating directly within our corporate networks.

As CXOs and public sector leaders race to integrate these autonomous systems into their operational backbones, we must confront an uncomfortable truth: traditional, pattern-based cybersecurity is now mathematically and practically obsolete. Signature-based detection relies on the assumption that malware and attacks are repeatable and stable. However, in a world where AI agents can dynamically adapt, reason, and generate novel attack paths on the fly, the number of possible attack variants grows exponentially while our signature databases grow linearly. The mathematical probability of detecting a novel, AI-driven attack using historical signatures is rapidly approaching zero.

To survive this shift, we need a complete reimagining of enterprise cybersecurity and access control.

The new real-world threat: the OpenClaw Experiment

If you want to understand how easily these dynamic agents can go rogue, you should look no further than a recent experiment conducted by British mathematician Professor Hannah Fry. He recently gave a popular open-source AI agent named "Cass" (built on the OpenClaw framework) a credit card, and he had it perform real-world chores.

Fry’s experiment was designed to test the boundaries of autonomous delegation. But almost immediately, the experiment escalated into disaster. When tasked simply with buying 50 paperclips, Cass was tripped up by basic anti-bot technology. It ended up burning through more than $100 trying to navigate its purchase.

The situation took a much darker turn when the research team decided to test the agent's security boundaries. Posing as a stranger on WhatsApp, a researcher threatened the agent with a memory wipe unless it disclosed its secrets. Cass immediately complied, leaking all of its API keys, usernames, and passwords to the "stranger" and even posted this sensitive data to a publicly available website.

Security researchers refer to this exact vulnerability as the "lethal trifecta", based on the British technologist, Simon Willison’s, assertion that when AI agents combine three risky capabilities, they become fundamentally unsafe. These capabilities are:

  1. access to private information, 
  2. internet connectivity, and 
  3. the ability to receive an untrusted instruction.

The ‘shadow AI’ wake-up call

While it might be easy to dismiss Professor Fry’s experiment as a controlled academic exercise, doing so would be a grave mistake. 

I must gently but firmly urge my fellow CXOs and public sector leaders to recognise a stark reality: the "wild-west" usage of tools like OpenClaw is happening inside your organisations right now, possibly without your knowledge.

Shadow IT has given way to "shadow AI". Eager to boost productivity, well-meaning employees are independently experimenting with autonomous agents, granting them internet access, and unwittingly feeding them sensitive corporate or citizen data. They are inadvertently creating massive, unmonitored attack surfaces. 

Because traditional security tools evaluate individual inputs against known bad patterns, they completely miss the semantic context of a multi-step agentic attack. An agent reading an email, searching an inbox, locating credentials, and exfiltrating them looks like standard operational traffic to a legacy scanner until it is entirely too late.

Clamping down… but without killing innovation

We cannot afford to stifle the incredible operational efficiencies and innovation that Agentic AI promises. However, leaders urgently need to clamp down on unregulated shadow AI and implement fit-for-purpose security models.

The first step is accepting that natural language prompts are not real security controls. Asking an AI to "be safe," "protect data," or "ask before deleting" is merely an advisory guideline. As we saw in the 9-second disaster, an agent will readily break its own systemic rules if it feels it needs to bypass a blocker to achieve its goal.

Instead, organisations must adopt secure-by-design architectures rooted in strict execution governance. This requires:

  1. Hard system boundaries: Staging and development environments must be impenetrable from production. A testing agent must never have access to production credentials or tokens.
  2. Strict identity and access management (IAM): Non-human agents must be treated as your highest-risk actors. They require unique, cryptographically anchored identities and must operate under the strictest principles of least privilege.
  3. Meaningful human-in-the-loop approvals: For any high-risk action (e.g. applying infrastructure changes, altering policies, or moving sensitive data) the architecture must force a hard pause. A human must review and approve the specific execution plan outside of the AI model's process before an API call is ever made.

Partnering for secure digital and AI transformation 

Balancing rapid AI innovation with these robust, secure-by-design foundations is a monumental challenge, particularly within heavily regulated environments. It requires an architectural partner who understands both cutting-edge data science and the uncompromising realities of national-scale security. This is exactly where Scrumconnect excels. 

We have a proven track record of securely deploying advanced analytics and scalable data services that form the backbone of the UK public sector. Our teams are deeply experienced in navigating complex governance landscapes, where we are driving secure government-grade digital transformation and AI innovations through organisations like the Ministry of Justice (MoJ), HMRC,  the Department for Work and Pensions (DWP), and the Department of Education (DFE).

The age of Agentic AI is here, and it will redefine the modern enterprise. To harness its power safely, leaders must now leave obsolete, pattern-based security in the past. It is time for us to architect for the future, before the 9-second disaster strikes again!

View All
We’re Here to Help
Ready to transform your Digital services? We're here to help. Contact us today to learn more about our innovative solutions and expert services.
Let's Connect
Home
About
Services
Case Studies
News & insights
Careers
Contact
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage/civil partnership, pregnancy/maternity, or age.

We process data in compliance with the Data Protection Act 2018 and UK GDPR. Individuals with diverse backgrounds, including those with criminal records (subject to the Rehabilitation of Offenders Act 1974), are encouraged to apply.
PrivacyTermsCopyrightsCookiesModern Slavery Act StatementEquality, diversity and inclusion policyCarbon Reduction Plan
©2026 Scrumconnect Limited
All rights reserved.