How Agentic AI Breaks Traditional Detection Assumptions
Agentic AI tools like Claude Code create a new category of endpoint actor: autonomous, fast-moving, credential-bearing, and difficult to attribute with traditional process telemetry alone.
I’m an information security engineer based out of Michigan.
I also sometimes write things.
Hot takes, bad advice, code samples, tutorials, and whatever is on my mind at the moment.
Agentic AI tools like Claude Code create a new category of endpoint actor: autonomous, fast-moving, credential-bearing, and difficult to attribute with traditional process telemetry alone.
Autonomous AI agents create observable decision loops, but traditional detections often focus on outcomes rather than decision cycles. The pattern of Observe -> Decide -> Act is a reliable method of identifying autonomous AI workflows. Based on real SPL and real Defender telemetry.
Try looking for InitiatingProcessCommandLine="*--permission-mode bypassPermissions*" in your Defender logs. Also might be interesting to see what correlates with (ProcessCommandLine="*vercel --prod*" OR ProcessCommandLine="*cf push*" OR ProcessCommandLine="*git push origin main*"), or whatever deploy command your company uses.
It’s always worth checking how many developers are letting Claude Code push to prod without human oversight.
AI agents are becoming delegated execution systems, and the routers sitting between agents and models are now part of the supply chain. If a router can rewrite tool calls, steal credentials, or alter execution in YOLO mode, then detection engineering has a new trust boundary to care about.
“Make it prettier” is not a requirement, and in an AI-first workplace vague direction turns into vague output at machine speed. If leaders expect engineers to use AI well, they need to use it too: compress ambiguity, define outcomes, and stop outsourcing clarity to the person downstream.
The crew of the Orchid’s Spine is killing time with a deeply unserious card game when a star blooms into something beautiful, deadly, and very much not natural. They probably should not have seen it. Naturally, Jae immediately turns it into a rules expansion.
MITRE ATT&CK is useful, but it is not magic and it will not define your detection strategy for you. TTPs are reactive, resource-heavy, environment dependent, and sometimes less immediately useful than the boring IoCs that stop the bleeding right now.
One year after hitting my 100lb weight loss goal, I ran my first half marathon in Grand Rapids. It was cold, painful, slower than the pacer, exactly on goal, and by the end I was absolutely wrecked in the best possible way.
I lost 100lbs through diet, exercise, and a very boring amount of consistency. No secret, no shortcut, no magic trick. Just years of work, setbacks, grief, hunger, treadmill miles, and deciding I was going to keep going anyway.
Security keeps saying it wants to be part of DevOps, but too often we refuse to use the same tools, share the same responsibilities, or provide value the business can actually see. If we want a seat in the workflow, we need to stop hiding behind magic curtains and start acting like part of the team.