AI-Native Security Is a Must to Counter AI-Based Attacks

CYBERSECURITY OPERATIONS News, news analysis, and commentary on the latest trends in cybersecurity technology. AI-Native Security Is a Must to Counter AI-Based Attacks Attacks by artificial intelligence agents are a reality. Experts at Nvidia's GTC conference say defenders need to use the same tools to fight them off. Agam Shah,Contributing Writer March 25, 2026 3 Min Read SOURCE: SLEEPYELLOW VIA ALAMY STOCK PHOTO Slow human-controlled defenses won't be enough for autonomous agents spun off by technologies like OpenClaw, experts say. Artificial intelligence-native security will be needed to fend off threats. "You're going to see an AI-led attack, full agentic attacks that we're starting to see already today. The only way to deal with those is a full agentic defense," said Francis deSouza, Google Cloud's chief operating officer and president of security products, during a panel discussion at Nvidia's GTC conference in San Jose, Calif., earlier this month. During the discussion, panelists noted that AI-native security models prevent rogue agent break-ins. Such models include agents that spot security weaknesses and scan subagents before deployment, control dynamic system access for agents, and generate audit trails to track agent identity and activity. At GTC, Nvidia CEO Jensen Huang highlighted OpenClaw's ability to create agents that can scan file systems, access personal information, and communicate with large language models. Those autonomous functions have been a source of security concerns. Related:AI Dominates RSAC Innovation Sandbox Panelists said that OpenClaw could create a new attack surface in which AI agents can run for weeks and months and activate after a long slumber. For example, agents could scout for weaknesses in SharePoint systems, stay idle, and activate attacks at specific times. Tackling agentic threats on abandoned or insecure assets isn't humanly possible, and only AI-driven security models — operating at what panelists called "machine speed" — can battle rogue agents, Google's deSouza said. Loading... Nvidia introduced a fork of OpenClaw called NemoClaw, which is designed to address such concerns. It enforces privacy and security guardrails over how agents handle data.  Agentic Security Cuts Both Ways Free-roaming agents can be a boon and a liability. They can find and close security gaps, but they also exploit vulnerabilities. "It was fine because you had security by obscurity. Nobody could find them, and it didn't really matter," deSouza said. “But now, as you have agents roaming your environment, they will find them, and they will expose them.”  DeSouza recommended creating an AI-native dynamic access control system to check access for autonomous agents. Agents must not inherit the identities of human users, as permissions may change in real time as an agent traverses the workflow, he says. "We really need to think about what it means natively to create this infrastructure for agents itself," deSouza said. Related:ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower' The technology stack needs to evolve to include data typically not included in agents, such as a knowledge graph or a context graph with information about why a decision was made, said Amit Zavery, chief product and operating officer at ServiceNow. ServiceNow has built an AI security system called AI Control Tower, which uses an access graph to analyze tasks and identities to determine system access for agents. It works alongside Knowledge Graph — a layer that maps agents to data inside and outside ServiceNow — to build full context around a task, the data involved, and the identity requesting access. AI Control Tower also provides real-time agent visibility and maintains audit logs of autonomous agents. A trust layer determines when human intervention is required before an agent can access data. OpenClaw is a good reason to rethink security, but most considerations — such as depth of defense, standing privileges, monitoring of execution, and activity — should remain the same, said Elia Zaitsev, chief technology officer at CrowdStrike. "The basic hygiene of security shouldn't change just because you have a different sort of intelligence driving the joystick," Zaitsev said.  The considerations for AI agents should also include identity — on whose behalf the agent is acting — and the scope of what agents are allowed to do, said Anirvan Mukherjee, head of AI and machine learning at Palantir.   Related:Enterprises Gear Up Ahead of 2026's IT Transformation Shift But OpenClaw is unique in that it can spin out subagents writing their own code. The development layer will ultimately be the first line of defense, panelists said. "That code will have to go through a software development life cycle to make sure that it's secure before it's ever deployed," Google's deSouza said. About the Author Agam Shah Contributing Writer Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERSECURITY OPERATIONS Secure Communications Evolve Beyond End-to-End Encryption by Robert Lemos, Contributing Writer APR 04, 2025 CYBERSECURITY OPERATIONS Bridging the Gap Between the CISO & the Board of Directors by Michael Fanning MAR 31, 2025 Latest Articles in DR Technology CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 THREAT INTELLIGENCE How a Large Bank Uses AI Digital Twins for Threat Hunting MAR 24, 2026 IDENTITY & ACCESS MANAGEMENT SECURITY Microsoft Proposes Better Identity, Guardrails for AI Agents MAR 24, 2026 СLOUD SECURITY Native Launches With Security Control Plane for Multicloud MAR 19, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results?