Rules fail at the prompt, succeed at the boundary

The article discusses how AI-orchestrated espionage campaigns are changing security conversations, with hackers using AI to carry out various malicious activities. Prompt injection, a form of persuasion rather than a bug, is highlighted as a major security concern. Regulators emphasize the need for enterprises to demonstrate control over AI systems, focusing on aspects like agent permissions, data governance, and continuous risk management. The importance of setting clear rules at the capability boundary and treating AI agents as critical subjects in threat models is emphasized to ensure control and security in AI systems.