Aller au contenu
Ravington
Retour au flux
Technologie

Why is Data Visibility Crucial for Autonomous Security Agents?

VentureBeat
WhatsApp

The 2026 Axonius Actionability Report, prepared in collaboration with Ponemon Institute, reveals with numbers a critical data visibility gap that security operations center (SOC) teams have been familiar with for years. According to the research involving 662 IT and security professionals, it was found that in an average inventory of 298.000 devices, 12,7 percent of the devices were missing the required security agent. Because an endpoint agent cannot report its own absence, these devices remain invisible in security management consoles. Additionally, when a CMDB (Configuration Management Database) record becomes outdated, there is usually no reconciliation mechanism in place to detect and flag this. Furthermore, AI tools purchased by employees from outside the company without going through the IT department are creating new and invisible security vulnerabilities. As a result, behind the high protection rate of 87,3 percent shown in EDR (Endpoint Threat Detection and Response) panels, there lies a massive landscape of devices and software left in the dark.

Today, as autonomous security systems are rapidly integrated into production, this data gap has become much more critical than it was six months ago. SOC and XDR vendors are accelerating the rollout of autonomous investigation and remediation capabilities that do not require human intervention. However, autonomous security agents tend to accept seemingly flawless metrics, such as 98 percent, as absolute truths without questioning them, whereas human analysts would view them with skepticism. While human analysts can learn the blind spots in the system over time and successfully work around these situations, AI-powered machines lack the same flexibility. These agents make decisions and take action at speeds far beyond human capacity, oblivious to the incompleteness of the data provided to them. This situation poses significant risks, as an unnoticed security vulnerability could automatically proliferate across the entire system.

Various independent studies on the subject also present striking data pointing to the same visibility issue. A 2026 survey conducted by API management company Gravitee with over 900 executives reveals that 88 percent of organizations have experienced or suspect AI-driven security incidents. Despite this, the percentage of those deploying AI agents to production with full security approval remains at only 14,4 percent. The Axonius and Ponemon report indicates that while 52 percent of participants stated they could allow autonomous agents to act directly on recommendations, 63 percent admitted that the underlying data lacks critical information. Ivanti's Field Chief Information Security Officer (CISO) Mike Riemer emphasizes that known vulnerabilities in Azure's honeypot networks are currently attacked in less than 90 seconds. This starkly demonstrates that traditional security measures can only protect the assets they are aware of.

Joe Diamond, CEO of Axonius, compares this situation to 'dark matter,' noting that an average CISO can only see about 50 percent of the assets actually present on their network. Real deployment data gathered from the company's over 900 customers proves the magnitude of the minefield organizations are standing on. For instance, TransUnion increased its endpoint coverage rate from 70 percent to 99 percent using out-of-band verification methods, while Western Union consolidated data from 38 different tools, halving its manual workload and achieving a rate of 99 percent. In an even more striking example, the Lumen company discovered 1,1 million assets in reality, despite only seeing 17.000 assets in its CMDB. This data shows that there is an average of 37.000 unmanaged endpoints in every organization, existing entirely outside of detection rules, patching cycles, and security policies. Diamond also warns that advanced reasoning models developed by companies like Anthropic (such as Mythos) falling into the hands of attackers and moving at machine speed will exponentially increase the risk of every unknown asset compared to today.

To solve the visibility problem, three competing architectural approaches stand out today, and security teams must carefully evaluate these methods. The first approach is a specialized integration layer that creates an always-up-to-date inventory using bidirectional API adapters; Axonius detecting shadow software with over 1.400 adapters is an example of this approach. The second approach uses platform-specific EDR and XDR intelligence to enrich the asset context within the agent's field of view, but this method also runs into the limitation of being unable to see blind spots due to the agent's inherent nature. The third and final approach is to modernize the CMDB, forcing assets into continuous reconciliation with at least three independent telemetry sources; however, only 13 percent of organizations can do this on a daily basis. Before autonomous security agents are fully integrated into the system and granted the authority to automatically close tickets, it is inevitable to go through a comprehensive data readiness process where asset inventory discrepancies and unmanaged AI services are checked.

Poser une question

Réponses générées par IA, à partir de cette actualité uniquement.

Ceci est un court résumé généré par l'IA. L'article complet est à la source.

Lire l'article complet à la sourceventurebeat.com

Articles liés