TechCrunch just published the piece that says out loud what every CISO already suspects.
This week, Connie Loizos, editor in chief of TechCrunch, sat down backstage with Francis de Souza, COO of Google Cloud, for a piece on the state of enterprise AI security. The interview is worth reading in full. Three points in it should reshape how every CISO is thinking about the next twelve months.
The attack surface is no longer what your tools were built to defend
De Souza said it plainly. The estate to protect now includes models, prompts, agents, training pipelines, and the MCP servers that wire them into everything else. The perimeter is gone. The time from initial breach to next-stage attack has collapsed from eight hours to twenty-two seconds. That is not a forecast. That is the current measurement.
If your stack was built for HTTP traffic and human-paced response, you are not defending the place where attackers are actually working.
Your own agents are already exposing data that your security team forgot about
The most underreported point in the interview was that agents in production discover data that nobody has touched in years. De Souza used the example of old SharePoint servers with weak access controls. Nobody worried about those servers before because nobody knew where they were. Agents do not need to know in advance. They find data assets and surface them on demand. Whatever your agents can reach is now in your blast radius. The question is whether you can see those paths.
You need a security posture that holds across clouds, across SaaS, and across models
This is the line that should land hardest with anyone evaluating AI security right now. The Google Cloud COO told companies they cannot rely on a single-cloud answer. SaaS applications, partner systems, multiple models. Your agents will reach across all of it. Your security has to as well.
That is the definition of platform-independent agentic security. And it is exactly what every cloud-native AI security tool is structurally incapable of giving you, because each one sees only its own platform. Half a graph is not a graph. It is a guess.
The gap between the advice and the execution is real
Loizos's framing in the TechCrunch piece is direct. The platform providers giving this advice are still working through it themselves. The implication for CISOs is uncomfortable but necessary. Your AI security strategy cannot wait for the providers giving the keynote advice to catch up to their own advice.
You need a layer you control. Platform-independent. Vendor-independent. Built specifically for the agentic environment your business is already operating in.
This is what the Agentic Security Graph is
Salt built the Agentic Security Graph for exactly this moment. One consolidated view of every agent, every MCP server, every API, every third-party vendor, and every piece of sensitive data that those paths can reach. Risk and policy posture are mapped on top. In real time. Across clouds, across SaaS, across models.
It is the only view that shows you the path from the agent in production to the forgotten SharePoint server to the credit card data sitting on it. It is the only view that runs at machine speed because the attackers do. And it is the only view that is yours, not a single platform vendor's.
The board-level question
De Souza closed with the right framing. This is a board-level issue, not a security team issue. The board's question is simple. Can you draw the graph of your own agentic infrastructure today?
If the answer is no, you do not have an AI security strategy. You have hope.
We can show you the graph. salt.security/agentic-assessment