Follow the Trust
Security sells trust. That’s the thing people miss. Scanning was just how you manufactured it. When a CISO signs off on a vendor, they’re not buying software. They’re buying the ability to say “we reviewed it, we checked it, we can prove we checked it.”
That machinery depended on latency. Humans wrote code slowly. Security inserted itself into the gaps. With the rise of agent that latency got killed
Anthropic announced Claude for Security and the stocks got battered. CrowdStrike, Zscaler, SentinelOne all down. Pramod Gosavi wrote about why.
There are two layers to understand.
First, development-time security. Checking code before it ships. A developer writes code. They commit it. A pull request opens. Another human reviews it. CI/CD pipeline runs. Somewhere in that pipeline, security tools run.
SAST (Static Application Security Testing) reads your code and looks for patterns that smell dangerous. Hardcoded passwords. SQL injection vulnerabilities. Buffer overflows. Checkmarx is the enterprise standard. Banks, government, Fortune 500. Veracode if you care about compliance audits. Snyk if you want developers to actually use it. They scan your code before it ships and tell you what looks risky.
SCA (Software Composition Analysis) checks your dependencies. Modern software is mostly other people’s code stitched together. You write 10% of your application; the other 90% is open-source libraries. SCA tools look at every library you’re importing and check if any have known vulnerabilities. Snyk dominates here too. Black Duck if you’re enterprise and care about license compliance. Log4j hit in 2021, and suddenly every CISO in the world wanted to know: “Do we have this anywhere?” That’s the SCA use case.
Then there’s SBOM (Software Bill of Materials). Basically an ingredient list for your software. What’s in this thing we’re shipping? Compliance teams love it. Regulators are starting to require it.
Second, runtime security. Protecting what's already running. This is where the big names live. Palo Alto Networks does firewalls and network security. The perimeter. CrowdStrike does endpoint protection. Your laptops, servers, cloud workloads. If malware lands on a machine, CrowdStrike catches it. Zscaler does zero-trust network access. Routes all your traffic through their cloud, replaces VPNs. SentinelOne competes with CrowdStrike on endpoints.
All of this assumes humans write code slowly. Seat-based pricing. Charge per developer. More developers, more code, more risk, more seats.
Agents generate code, pull dependencies, deploy to production. All before the scanner wakes up. That’s why the stocks dropped.
CrowdStrike and Zscaler aren’t even in the code scanning business. So why did they get hit? Budget allocation. Security budgets are finite. When AI-native products emerge, dollars shift. If incumbents respond by wrapping LLMs, they become commodity providers with compressed margins. The market is repricing that future.
By the time the scanner flags the hallucinated package, it’s already in production. You’re not preventing. You’re performing an autopsy.
The old trust machinery is breaking. Pattern-based scanning is over. AI-based scanning is a wrapper on LLMs, commoditized before it shipped. Standalone vendors get margin-squeezed. Seat-based pricing breaks when AI shrinks headcount. Fewer developers, fewer seats, less revenue. But more code, more risk.
So where does the new trust get manufactured?
Four problems are forming.
“Will this agent harm us?”
The generation layer. Security constraints inside the prompt, before execution. Last moment of control. Once an agent executes, you’re reactive.
The protocol layer. Agent-to-agent communication is fragmented. MCP, direct API calls, custom protocols. MCP is where the gravity is pulling. Incumbents built for REST. They’re watching the front door. Agents are talking through a different door.
Cloudflare for MCP doesn’t exist yet. Neither does Snyk for skill registries.
“Will this agent do the job correctly?”
The control point is benchmarks.
SWE-bench defined “AI coding capability.” Every model reports against it. Not because it was the best test, but because it was the test everyone agreed to use.
Agent security benchmarks don’t exist yet. Define the scorecard. Vendors report scores. Buyers require them. Procurement references them. You’re selling the frame everyone else competes inside.
“Can we prove what happened when it breaks?”
Traditional compliance tools don’t understand agent decision chains. The audit trail for “agent decided to pull this dependency at 3am” doesn’t exist.
No evidence, no trust, no enterprise adoption.
“Is this agent who it claims to be?”
Auth0 and Okta don’t understand agents. They’re built for humans clicking SSO buttons.
Generation layer: evidence the agent was constrained. Benchmarks: evidence the agent is competent. Compliance: evidence of what the agent did. Identity: evidence the agent is verified.
The old trust machinery is commoditizing. The new trust machinery is forming.
What matters is the evidence layer. The layer that lets a CIO say “yes” without career risk.
Is there a window?
Incumbents have a structural problem. Their trust machinery and their business model are coupled.
To adapt, they’d have to rebuild pricing, architecture, and go-to-market simultaneously. CrowdStrike won’t do that. Zscaler won’t do that. Their architecture assumes code exists before they scan it. By the time they see the code, it’s running.
Window looks like 6-12 months. After that, platforms bundle trust machinery natively.
But I could be wrong. Incumbents have distribution, capital, and something startups don’t. They’re already trusted. They could acquire. Platforms could bundle faster than expected. Anthropic already controls MCP.
Window exists. Not guaranteed.
How would you win as an upstart?
Own the generation layer. Ship guardrails inside the tools developers already use. Developer installs. CISO never approves. You’re in production before procurement wakes up.
Own the new surface area. Protocol layer, skill registries. None existed 12 months ago. Incumbents aren’t watching.
Embed in workflow, not budget. Ship as extension, as plugin, as GitHub Action. Developer adopts. Security team discovers you in production.
Own the benchmark. Define what “secure agent” means. Open-source it. Incumbents can’t create neutral standards. They sell products.
But this is hard. Enterprise security has long sales cycles. The “embed in workflow” play works until the CISO finds out. Acqui-hire risk is real.
Value is leaving the old trust machinery. Moving to the new.
Four choke points. All early. All unowned.
Incumbents own the customer. Startups own the timing. One of those expires.
Agents make continuous monitoring practical for products and their infrastructure. So security works less as a gate and more as bubble wrap around runtime.
This shifts from scan before ship to runtime controls plus evidence.
That evidence gets built from observability primitives. Tool-call logs, policy decisions, provenance, and fast rollback or kill switches. If you cannot show what the agent did, you cannot sell trust. And if you cannot show you can constrain the agent at runtime, you will not earn trust.
This makes org structure change more pronounced.
Whoever owns uptime and agent cost will own these controls. That usually means platform and product security engineering, not a compliance-only security lane.
CISO work shifts toward governance, vendor risk, and audit posture unless they also own the operating model for runtime safety.