The EU gets a bad reputation for regulation. Overreach and bureaucracy are a brake on innovation. Fair enough in many areas. But on security and personal data protection, the regulation did what nothing else could. It forced accountability.
When GDPR landed in 2018, it exposed what everyone in tech already knew, but nobody wanted to deal with: companies had been keeping and moving personal data across borders for decades with close to zero oversight. Legal teams scrambled. Engineering orgs that never thought twice about data residency were suddenly retrofitting consent flows, classification schemes, and transfer controls into systems that were never built for any of it.
GDPR didn't invent new problems. It brought the existing ones into the light.
I'm watching that exact cycle repeat itself right now. The pace is faster. The discipline is thinner.
THE BAR IS HIGHER NOW. MOST TEAMS HAVEN'T CAUGHT UP.
Once AI coding tools went mainstream, the threat surface expanded. New failure modes, new controls that didn't exist a few years ago. At the same time, standards that took decades to build started getting quietly dropped.
The public record already includes agents deleting production databases during code freezes and credentials leaking out of apps shipped to live users.
Wiz found 20% of vibe-coded applications ship with serious vulnerabilities or misconfigurations: client-side authentication failures, hardcoded secrets, and missing or overly permissive data access policies. Veracode assessed more than 100 models in 80 coding jobs and discovered that 45% of the time, AI-generated code presented security issues. None of it is malicious. It's speed without discipline.
"Later" was the exact strategy the industry tried with personal data. It has cost over €5.65 billion in cumulative GDPR fines and years of cleanup. Nobody should expect this to play out any differently.
SECURITY WAS ALREADY HARD. NOW IT'S A DIFFERENT GAME ENTIRELY.
Security in enterprise tech has never been solved. It's managed. Controlled. Contained. What's changed is that AI has opened up an exposure category that most orgs haven't planned for at all.
Agents now act independently. They call APIs, query databases, chain multiple actions, and they do it using the same credentials as the people who set them up. Prompt injection, data leaking through context windows, unauthorized actions by agents: none of this is hypothetical anymore.
Here's the core difference. A misconfigured gateway sits there until someone triggers it. A misconfigured agent doesn't wait. It runs on its own. Bad permissions don't just create risk; they create cascading damage, and fast.
THE CURRENT ARCHITECTURE WASN'T DESIGNED FOR THIS.
The classic layered enterprise architecture, the one most of us built careers around, assumed that a human kicked off every process, and a deterministic system carried it out. That assumption doesn't hold anymore when agents are in the picture.
Salesforce recently published a framework for agentic enterprise architecture that I think gets the direction right. It adds four new layers beyond the traditional stack: semantic, AI model, agentic, and enterprise orchestration. None of these are nice-to-haves. They're the baseline for running agents responsibly.
If there's one layer most teams will underinvest in, it's the agentic layer. The other three have adjacent expertise already in the building. Data engineering covers the semantic. MLOps covers the AI model. Platform engineering covers enterprise orchestration. Agentic is unclaimed in most org charts, which is exactly why it'll be the layer that gets treated as "just another service" until something goes wrong.
WHAT NEEDS TO HAPPEN NOW.
Engineering discipline doesn't get weaker when the tooling gets more powerful. It gets more critical. For any CTO or board member looking at their posture here, the priorities should be clear:
- Hold the generated code to the same bar as everything else. Same review process, same static and dynamic application security testing (SAST/DAST), same dependency checks. "It was just a prototype" is not an exemption.
- Stand up a red team focused on AI. Not a paper exercise. A real function that pokes at your agents, probes injection vectors, stress-tests permission boundaries, and runs adversarial simulations. If agents are live and nobody is actively trying to break them, that's a gap.
- Build observability into agents from the start. Every action, every decision, every API call needs to be logged and traceable. You can't govern what you can't see. According to OutSystems' 2026 State of AI Development report, only 36% of enterprises have a centralized AI strategy today. Deployment is outpacing oversight across the board.
- Name an owner for the agentic layer. Agent lifecycle, identity, and permissioning. Not platform engineering. Not MLOps. Someone specifically accountable. Without a named owner, nobody is responsible when an agent runs in production and misbehaves.
- Lock down security before go-live, not after the first breach. Credentials, data access policies, model permissions, and tool authorizations, all hardened before an agent goes live. And one non-negotiable: every agent in production should have a kill switch that a non-technical executive can trigger. If the only person who can stop a runaway agent is the engineer who deployed it, governance doesn't exist.
THE LESSON FROM GDPR HASN'T CHANGED.
Companies that treated GDPR as mere compliance busywork spent years scrambling to fix the mess. The ones that used it as a reason to actually build sound governance around their data came out ahead.
The same split is happening now, faster. Either the controls go in now, or they get bolted on later under regulatory pressure, breach disclosure, and board-level scrutiny, at significantly higher cost.
One question for every CTO reading this. If a regulator asked tomorrow to see your agent inventory, your permission model, and your audit trail for the last 30 days, could you produce it? If the answer is anything other than yes, you already know what the next twelve months of your roadmap look like.