AI Security | You Approved the AI Tool. Nobody Asked The Right Question.

Anthropic just published a security framework for AI. It describes your company on page one. Here is what it says.

Ever notice how the most dangerous decisions in a business never feel like decisions? They feel like approvals. Either way, that tool is now connected to your email, your files, your customer data — and your AI security posture just changed without anyone noticing.

Someone on your team signed up for an AI tool. Maybe you approved it. Maybe you just found out it was already in use. Either way, that tool is now connected to your email, your files, your customer data, or all three. And nobody asked what happens when it goes wrong.

This week, Anthropic, one of the companies building the AI your employees are already using, published a thirty-five-page security framework called Zero Trust for AI Agents. It is written for large enterprise security teams. But the problem it is trying to solve is yours.

Here is the sentence that should stop you cold. The framework identifies something it calls Shadow AI as one of the most immediate risks any organization faces right now. Shadow AI is when employees adopt AI tools on their own, without the IT or security team knowing, and in doing so they bypass every access control, every data policy, and every monitoring system in the building.

"Employees adopt AI tools without IT awareness, bypassing every control in the framework."

That is not a prediction. That is a description of what is happening in most small and midsize businesses today. Including, very likely, yours.

THE ACTUAL PROBLEM | The Framework's First Step Is the One You Haven't Taken

The framework lays out eight phases for deploying AI safely. Phase One, before anything technical happens, is this: get your security, legal, compliance, and business people aligned on what AI is allowed to do in your organization.

That means an acceptable use policy. More than ink on parchment. It must have "teeth".

Adults must enter the room and say "yes" and "no" to things. It must be communicated, with input from more than the people with country club memberships and it must be enforced with real consequences. Otherwise, simply wire transfer your IP, corporate banking and personal savings overseas. Because that's what comes next.

Article content

The document says which AI tools employees can use, what data they can feed into those tools, the process for identifying new tools, and what happens if something goes wrong. Most small businesses do not have one. Most midsize businesses have one that was written before AI existed and has not been touched since.

The framework also calls out specific compliance deadlines approaching for healthcare and financial services organizations. If your business operates under HIPAA, which is the federal law governing patient health information, or FINRA, which oversees financial industry conduct, the rules for how AI handles that data are not optional. They are not coming. They are here.

Nobody at your company is thinking about this as carefully as the people building the tools your employees are using. That asymmetry is the problem.

The framework also calls out specific compliance deadlines approaching for healthcare and financial services organizations. If your business operates under HIPAA, which is the federal law governing patient health information, or FINRA, which oversees financial industry conduct, the rules for how AI handles that data are not optional. They are not coming. They are here.

Nobody at your company is thinking about this as carefully as the people building the tools your employees are using. That asymmetry is the problem.

Anthropic Framework | Three Gaps. Your Small Business has ALL THREE

Article content

The framework calls the third problem blast radius, which is a term borrowed from physical explosions. It means the potential damage if something goes wrong. An AI tool with access to one database has a small blast radius. An AI tool connected to your email, your file storage, your customer records, and your billing system has a very large one.

Article content

The framework is not describing exotic threats.

It describes what happens when a normal employee uses a normal AI tool in a normal way and that tool gets manipulated into doing something the employee never intended. No hacker in a hoodie required. Just a tool with too much access and no one watching.

The DETECTION PROBLEM | You Cannot Stop What You Cannot See

The Anthropic framework spends more time on detection than almost any other topic. And for good reason. Governance tells you what the rules are. Detection tells you when somebody is breaking them.

The framework devotes an entire section to what it calls defensive operations at the speed of autonomous threats. The core argument is blunt: human analysts cannot keep pace with AI-accelerated attackers. The time between a vulnerability being discovered and an attacker exploiting it has compressed from months to hours. A single AI-assisted attacker can probe hundreds of systems in the time it takes one person to finish one ticket.

Without a detection capability, your organization is blind. Not slightly inconvenienced. Blind. And blind has a specific meaning in security: you do not know you have been compromised until the damage is already done.

Telemetry requires visibility and SOAR gives you eyes on glass.

The framework's answer is SOAR. SOAR stands for Security Orchestration, Automation, and Response. It is a system that collects signals from across your environment, correlates them into a coherent picture of what is happening, and takes action on that picture before a human has time to read the alert email.

Article content

Here is why this matters specifically for a small or midsize business. The most dangerous moment in any cyberattack is not the initial entry. It is what happens after. The attacker is inside. Now they move.

Lateral movement is the term security teams use for this phase. It means the attacker is pivoting from the system they compromised to other systems in your environment, collecting credentials, escalating access, mapping your data, and positioning to do maximum damage before anyone notices. This process can take days or weeks. The entire time, everything looks normal to someone not watching for it.

The same problem applies to data. An AI agent with too much access does not announce when it starts pulling records it should not touch. It looks like normal usage until the exfiltration is complete. Without visibility into how data is moving across your environment, you cannot distinguish legitimate activity from a slow-burn theft.

Article content

The Anthropic framework names three specific metrics that determine whether your detection capability is working. Dwell time is how long between an anomaly occurring and a human becoming aware of it. Coverage is the fraction of alerts that actually get investigated. And detection speed is how quickly your team becomes aware when an agent or tool behaves unexpectedly.

The framework says the target for critical systems is detection within one hour. Most small businesses, if they are honest about it, are measuring dwell time in weeks.

WHERE YOUR VISIBILITY NEEDS TO LIVE

Article content

These three environments are where your users actually work. M365, which includes Outlook, Teams, SharePoint, and OneDrive, is where the majority of your business communication and file activity happens. It is also where the majority of business email compromise, credential phishing, and insider data movement happens.

Your PCs and servers are where lateral movement plays out. An attacker who lands in email needs to get to your servers to reach anything valuable. Every step of that journey leaves a signal. Without endpoint telemetry, which means data collected from individual machines about what processes are running, what connections are being made, and what files are being accessed, those signals are invisible.

And your broader technology stack, every SaaS tool, every cloud service, every AI application connected to company data, generates its own signals. A SOAR platform pulls all of that together into a single place where patterns become visible that would never emerge from looking at any one system in isolation.

This is what the Anthropic framework means when it talks about telemetry. Telemetry is the data collected from across your environment that tells a detection system what is normal and what is not. Without it, you are flying without instruments. SOAR is what gives you the instrument panel.

This is why Telemetry requires visibility and SOAR gives you eyes on glass.

The framework is also direct about what happens when organizations skip this layer. Attackers who compromise AI agents, or who use AI to assist their own attacks, are operating at machine speed. They do not take breaks. They do not get tired. They will grind through every system your compromised agent can reach until someone or something stops them. That something needs to be automated, and it needs to be watching the right places.

For a small business, this is not an argument for building a security operations center. It is an argument for a managed SOAR service, where a team with the platform, the expertise, and the 24-hour coverage is watching your environment so you do not have to. The Anthropic framework calls this the minimum baseline for organizations deploying AI tools. Not optional. Not aspirational. The floor.

WHY THIS IS MOVING FAST | The Attacker Is Also Using AI Now

Here is the part the framework spends considerable time on.

The threat is accelerating because attackers have access to the same AI tools defenders do. The document puts it plainly: frontier AI models are compressing the time between a vulnerability being discovered and an attacker exploiting it from months to hours.

What used to take a skilled attacker weeks of manual work, scanning systems, testing entry points, crafting the right input to trick a tool, now takes minutes. At nearly zero cost. And the attacker can run that process against hundreds of businesses simultaneously.

Exploits that once took months now take hours. The businesses that survive this are the ones whose fundamentals were already solid.

The framework's conclusion is not that you need to become a technology company. It is that the businesses best positioned for this shift are the ones whose fundamentals are strong enough that an AI-assisted scan finds fewer vulnerabilities in the first place. Basic governance. Basic detection. Basic limits on what your tools can reach.

Not enterprise-grade security infrastructure. Fundamentals.

How To Take Action | What To Ask in Your Next Leadership Meeting

If you cannot answer all three, you have found your starting point. Not a technology project. A governance conversation. The kind that happens in a conference room, not a server room.

Article content

The framework, all thirty-five pages of it, is built on the idea that the best security posture is not the most sophisticated one. It is the one where the basics are done well enough that there is nothing obvious left to exploit.

Most businesses are not behind on AI. They are behind on the three questions nobody asked when they approved it.

Chaos Brief | Cybercrime Junkies Podcast |  David Dean Mauro, VP of Growth, NetGain Technologies |  Cybersecurity + AI for SMB Leaders