EDR'sSharedArchitectureNowFallstoAIinDays,NotMonths

◆ DEEP DIVES

1. 01

   Your EDR Is Now a Glass Box — The Security Architecture Reset Is This Quarter

   The Finding That Changes the Defensive Model

   TrustedSec pointed LLMs at five commercial EDR products and discovered they are built to the same blueprint: YARA-style rules, behavioral logic, allowlists, prefilters, scripted engines (some readable as Lua after a single decryption pass), and local ML classifiers. Work that used to occupy a skilled reverse engineer for weeks now takes days. The architectural diversity defenders quietly assumed existed — the thing that made each bypass a per-product investment — was never there.

   At the same time, the UK AI Security Institute confirmed that Anthropic's Mythos is the first model to clear both simulated attack ranges, achieving full network takeover rather than persistence alone. OpenAI's GPT-5.5-cyber completed one of two. Congress is taking closed-door demos and routing access through NSA rather than CISA, which tells you which use case the government considers primary.

   The security model of the defensive stack was built on the premise that the cost of understanding the agent exceeded the value of bypassing it. That premise is no longer true for a growing share of the threat population.

   The Timing Problem

   A PraisonAI vulnerability was exploited within four hours of disclosure. An 18-year NGINX RCE sat undetected in rewrite module parsing logic touching nearly every web application. Five KEV entries hit the AI infrastructure stack at once: LiteLLM, Ollama, and OpenClaw all carrying critical authentication bypass and RCE flaws. A single honeypot logged 113,000 attacks per month against AI endpoints, with tooling that evolved mid-experiment to dodge detection.

   These are not separate stories. They describe a world where patch SLAs written for 30-day windows are operating in a 4-hour reality, where the tooling layer adopted for speed was never security-reviewed, and where the endpoint control most organizations treat as load-bearing is transparent to an expanding adversary population.

   Where Detection Actually Lives Now

   A reasonable skeptic would point out that EDR has absorbed many supposed extinction events and remains the central control. The skeptic is correct on the history. The skeptic does not have to explain what happens when the cost of producing a clean bypass falls by an order of magnitude inside a single product cycle. The compensating controls that matter over the next 18 months sit above the endpoint: identity blast radius containment, network telemetry, and behavioral analytics above the endpoint. Microsoft's MDASH is running 100+ coordinated agents against its own vulnerability surface, finding 16 exploitable flaws in a single Patch Tuesday. The same capability, distributed to adversaries within 12-18 months, is the base case.

   The architectural decision this quarter is where detection lives when the endpoint agent becomes transparent. The board-deck answer is to keep EDR and add more of it. The complete answer is that teams investing in identity-layer detection, network-layer telemetry, and kernel-level isolation (Firecracker microVMs, gVisor) will absorb the next disclosure as a Tuesday. Teams that keep treating EDR as the load-bearing control will learn what load-bearing means the quarter after.

   Action items

   • Commission a red team exercise specifically targeting your EDR with AI-assisted reverse engineering to quantify your actual detection gap
   • Rewrite patch SLAs for critical internet-facing assets from 30-day to 72-hour windows, with automated deployment for the top 20 most exploitable services
   • Audit all AI infrastructure tooling (LiteLLM, Ollama, model registries, AI gateways) for production deployment without security review — inventory by end of month
   • Shift 30% of new security investment from endpoint to identity-layer detection and network behavioral analytics over the next two quarters

   Sources:Clint Gibler · The Information AM · CyberScoop · The Hacker News · SANS AtRisk · TLDR InfoSec

2. 02

   The Execution Layer War — Who Owns the Surface AI Agents Call

   Two Incompatible Architectural Bets

   SAP and ServiceNow both declared this quarter that they are the execution layer, the place where AI agents touch systems of record and commit writes. The bets are not the same bet. SAP is building a vertically integrated Knowledge Graph that makes its own agents contextually superior inside SAP's data universe. ServiceNow adopted MCP (Model Context Protocol) servers as the communication standard for Action Fabric, opening its platform to any agent that speaks the protocol.

   These are competing theories of how the agent economy organizes: open interoperability versus data-moat integration. The decision matters because agents acting across finance, HR, IT, and procurement need one authoritative place to reconcile state. Two authoritative places is zero authoritative places.

   The twelve-to-eighteen-month window is the window. Miss it, and the agent orchestrators route around the platform rather than through it. Being bypassed is not the same as being disrupted; disruption leaves a seat at the table, bypass does not.

   Production Data Confirms the Shift

   Vercel's AI Gateway index, the closest thing to ground truth available, shows agentic workloads at 59% of all token volume across 200K+ teams. More than half of production AI usage is agents taking actions, not humans having conversations. Amazon killed Rufus to embed AI into Alexa's shopping surface. Notion launched a developer platform for agents to sync data and trigger workflows. Apple is wrestling with how to let agents into the App Store without destroying its fee structure.

   The model layer is commoditizing. Anthropic captures 61% of spend on expensive reasoning while Google captures 38% of volume on cheap throughput. That bifurcation is structural, not temporary. The competitive axis has moved from which model is best to "which execution environment do workflows depend on."

   Consumption Pricing Arrives

   SAP is not charging per-seat for autonomous finance agents. ServiceNow's headless architecture implies consumption-based pricing on agent API calls. Jason Lemkin's data point: 80% fewer human seats, 83% higher total spend, 20+ agents running. The per-seat model does not survive contact with agents that replace seat-holders. A reasonable skeptic would point out that pricing regimes take years to shift in enterprise software. The skeptic is correct about the average case. The case in front of us is not the average case, and firms that delay modeling consumption pricing will be explaining to their largest customers why they are paying for seats their agents made redundant.

   The Governance Gap

   The same organizations racing to adopt agents have not staffed the governance function. 81% of AI agents bypass legacy bot detection. Nobody owns the inventory of which agents can call which systems on whose behalf. That question becomes load-bearing the moment anything goes wrong, which is to say before Q3 budgeting closes.

   Action items

   • Conduct an 'agent readiness' audit of your platform architecture — determine if third-party AI agents can discover, invoke, and orchestrate your workflows without a human UI
   • Evaluate MCP as a strategic integration standard and build or integrate MCP server capabilities by Q4
   • Model per-action/per-outcome pricing scenarios against your current seat-based revenue and pilot with 3-5 customers this quarter
   • Stand up AI governance function with authority over agent inventory, tool rationalization, and access control before Q3 budget cycle

   Sources:TLDR IT · TLDR · ben's bites · a16z · Simplifying AI · Lenny's Newsletter

3. 03

   AI Liability Regime Crystallizing — Your Open-Source Strategy Has an Unpriced Dependency

   Three Frameworks Competing in Real Time

   a16z has published the most comprehensive AI liability lobbying blueprint the industry has produced. The headline proposals are user-liability defaults and damages caps. Underneath the proposals is a more revealing fact: the venture class has decided the legal architecture of the next decade is worth $115.5M in political capital right now, which makes them the largest disclosed political donor of the 2026 midterm cycle.

   The strategic question is narrower than the public debate suggests. Does AI inherit Section 230 treatment, the platform regime with limited liability for downstream use, or product-manufacturer treatment, strict liability for harm from outputs. A reasonable observer would call these adjacent regimes. They are not. They produce different cost structures, different competitive dynamics, and different survival rates for everyone downstream.

   If developer liability for downstream use becomes the standard, the economic logic of releasing an open-source model stops working. No rational actor open-sources a model that generates unbounded liability for every downstream application.

   Courts Are Moving Faster Than Congress

   Active litigation against general-purpose AI tools could impose substantial penalties on developers for user misuse before any legislative framework exists. The likely sequence is that precedent-setting rulings arrive before comprehensive federal law, producing a patchwork of judicial standards that legislation has to work around rather than replace. Inside the White House, the fight between ODNI (pre-release model evaluation, effectively a licensing regime) and Commerce (voluntary frameworks through CAISI) will resolve in quarters, not years.

   CAISI published voluntary testing agreements with Google, Microsoft, and xAI, then retracted them in the same week. The instability is the planning variable. An IC-led regime means release gating and classified compliance that reshapes who ships what and when. A Commerce-led regime means disclosure requirements that are expensive but navigable. Those are not the same world.

   The Liability Cartel Dynamic

   Excessive AI liability functions as a moat for incumbents with thousand-lawyer teams. Deep pockets prefer strict liability for the same reason they prefer any rule that prices out the challenger. Product strategies quietly assuming continued access to open-source weights are carrying an unpriced dependency on regulatory outcomes that the P&L does not show. If the regime turns strict-liability, the supply of open-source models contracts and the competitive position relative to well-capitalized providers deteriorates in the same quarter.

   Action items

   • Commission a legal exposure audit of your AI products against three competing liability frameworks (absolute liability, safe harbor, user-liability presumption) — quantify financial exposure under each by end of Q3
   • Begin building audit-ready AI governance infrastructure — model cards, safety testing documentation, incident reporting — that would satisfy proposed safe harbor requirements
   • Map all open-source AI dependencies and develop contingency plans for a world where open-source model availability contracts due to developer liability outcomes
   • Engage in federal legislative process through industry coalitions — the window to influence is 12-18 months before the regime hardens

   Sources:a16z AI Policy Brief · Risky.Biz · The Download from MIT Technology Review · Morning Brew

4. 04

   The Management Layer Is Being Priced Out — Org Design Becomes a Competitive Surface

   The Lovable Experiment

   In December 2025, the AI-native startup Lovable dissolved its growth management layer and replaced it with autonomous parallel contributors it calls High-Impact ICs, or HI-Cs. Five months in, the model is expanding rather than retreating. Former VP Elena Verna reports spending 90% of her time on high-value building instead of coordination. A single operator ships in hours what a cross-functional squad used to ship in weeks. The number that matters is not the speed. It is the headcount that used to sit between the VP and the output.

   The pattern is not unique to Lovable. It shows up across AI-native firms with different products and different founders, which is what makes it worth taking seriously. The economic argument for middle management is coordination across teams. That argument weakens considerably when AI compresses coordination costs to near-zero. One operator with the right tools and full organizational context now does the work the squad was assembled to do. The squad was, in part, a workaround for missing tooling.

   The market now penalizes companies that haven't restructured. Cisco's stock rose 15% on AI orders the same day it announced 4,000 cuts. LinkedIn stated explicitly that its cuts are 'tied to reshaping operations around AI.' The board conversation is no longer whether, but why not yet.

   The Talent Problem This Creates

   VPs are taking recruiter calls from fifty-person AI-native companies and saying yes. A VP who watched a peer ship 3x the output with six engineers and a pager asks, reasonably, which career compounds. Title inflation and retention grants do not address the question. The vulnerability is the org model. The old promise was to demonstrate craft, ascend into management, and scale comp with headcount. That promise breaks when AI eliminates the headcount that justified the management layer in the first place.

   Tech layoffs are running at 103,000+ by mid-May, already approaching 2025's full-year total of 124,000. The companies cutting are profitable. This is not a recession response. It is a response to the structural fact that fewer people with AI tools produce more output than more people without them.

   The Design Decision

   The right response is not to fire every manager next quarter. It is to treat org design as a competitive weapon. The companies that win will flatten selectively, where coordination costs exceed coordination value, and preserve management where genuine specialization, mentorship, or regulatory complexity actually requires it. The HI-C model only works when individuals hold full organizational context, which means investing in the knowledge infrastructure that makes ungated information access real rather than aspirational.

   A reasonable skeptic would say the window for experimentation will stay open for years. The skeptic is half right. The window closes when senior operators start making permanent career decisions about which kind of company they want to spend the next decade inside. Some of them are making those decisions now.

   Action items

   • Audit your org for 'coordination-only' management layers — identify every role whose primary value is alignment rather than output, and model which can be replaced by better tooling and information access
   • Pilot an HI-C track for your top 5% of senior ICs and managers who've expressed interest in returning to craft — design compensation that rewards output, not span of control
   • Invest in enterprise knowledge infrastructure that enables ungated information access with governance — the binding constraint on the HI-C model is context, not tools
   • Model your 2027 engineering capacity plan against two scenarios: current ratio of managers to makers, and 50% reduction in coordination roles offset by AI tooling investment

   Sources:Lenny's Newsletter · Techpresso · The Pragmatic Engineer · Laura Bratton