From Passive Failures to Active Predators
Three stories dominated this week. Each escalated the stakes from where we left off.
On Tuesday, Natural Selection W12 documented a shift in the failure pattern. Last week was passive — vulnerabilities, exposed tokens, missing configurations. This week, attackers started hunting. Check Point Research cataloged 22 prompt injection techniques against live AI agents. A new attack category — slopsquatting — creates fake packages designed to be recommended by AI coding assistants. Shadow AI adds $670,000 to average breach costs. And Credo AI found only 4% of enterprises govern AI at scale despite 60% deploying across departments.
On Wednesday, we revisited Grep 'n Guess with new empirical backing. ETH Zurich tested whether AGENTS.md and CLAUDE.md context files improve agent performance. They don't — LLM-generated files degraded performance by 3% while increasing costs 20%. The agent read the rule. It did not provably satisfy it.
On Thursday, we mapped the advisory-to-enforcement shift with two weeks of accumulated signals. $541M in enforcement-focused funding. ServiceNow, Holistic AI, Fiddler, Kong, Singulr AI, Okta, and Databricks all shipping runtime enforcement. When a vendor names a product "Enforce" and another treats AI agents as first-class identities, the market has spoken.
The Thread
Tuesday showed attackers actively exploiting the governance gap. Wednesday showed why the most popular fix — prose context files — doesn't close it. Thursday showed the market responding with capital and product aimed at runtime enforcement.
The escalation from W11 to W12 is significant. W11 was about AI doing dumb things passively. W12 is about adversaries exploiting AI doing dumb things deliberately. The governed path is still slower than the ungoverned path — and now the ungoverned path has active predators on it.
Two numbers frame the week: 4% of enterprises govern AI at scale. $670,000 is the premium when ungoverned AI contributes to a breach. The gap between those numbers is where the market correction is happening.
What We're Watching Next Week
Microsoft's dual control planes. Agent 365 for agents and Copilot controls for Microsoft 365 Copilot. If Microsoft needs two separate governance architectures for its own AI deployment, the complexity everyone else faces is real.
Singulr + HALOCK bridge. Connecting structured risk assessments directly to runtime enforcement policies. Worth watching whether risk assessment firms partnering with runtime enforcement vendors becomes a trend.
Okta's agent identity model. Treating AI agents as first-class identities with shadow-agent discovery and least-privilege enforcement. Identity governance becoming agent governance could reshape how enterprises think about the control surface.
EU AI Act at T-minus 4 months. Full application deadline August 2, 2026. U.S. State Department announced $4M in funding for international AI governance. The compliance clock ticks from multiple directions.
This Week's Posts
- Tuesday: Natural Selection W12 — The Week Attackers Started Hunting AI Agents
- Wednesday: Grep 'n Guess: The Research Caught Up
- Thursday: The Advisory-to-Enforcement Shift
The Market Map is published every Friday on the NPM Tech blog. Subscribe for the weekly wrapup delivered to your inbox.