Recently I had the chance to speak at the 4th Annual DoW Zero Trust Learning Exchange, a collaboration between ATARC, DAU and the Cloud Security Alliance. My talk was simple in premise, but I think increasingly important: traditional networking still assumes you connect first and verify later. For Zero Trust, and especially for agentic AI, that is the wrong order. You can watch the entire presentation on-demand here.
Traditional networking creates a recurring connectivity tax. Connect-first networking drives cost across infrastructure, governance, transport, and security operations.
In the modern cybersecurity landscape, time is a luxury we no longer possess. Exploit windows have drastically collapsed, shrinking from years to days, and now moving toward mere hours. AI is a primary driver of this acceleration, reducing the cost and time needed to discover, weaponize, and verify attacks. This rapid compression of exploitation timelines outpaces traditional patch and approval cycles.
The core of the issue lies in how we design our networks. Most AI security focuses on the model or runtime, kicking in only after the service is already reachable. However, if a service is reachable, AI simply shortens the path from exposure to impact. Traditional networking relies on a fundamental, yet dangerous, assumption: establish L3/L4 reachability first, and handle authorization later at the application layer. This “connect first, verify later” mentality means that if a system is routable, it is discoverable, probeable, and attackable.
This problem is compounded by the rise of Agentic AI. Unlike traditional applications, agentic systems do not live inside one tidy application boundary. Agents, models, and tools routinely cross multiple trust domains, moving across enclaves, the cloud, the edge, and partner networks. This movement spans multiple trust zones and control domains, significantly multiplying both exposure and operational burden.
The solution is not to wrap every flow in complex firewall tickets and exceptions, which only slows mission tempo. Instead, the architectural goal must be to eliminate ambient discoverability. To survive, organizations must embrace an identity-first model where authentication and authorization happen before a connection is ever established. Zero Trust is fundamentally incomplete until reachability itself is governed by identity .
In my presentation, I explore why traditional networking fails Agentic AI and how identity-first connectivity provides the missing control plane . Download the presentation to explore the layers of autonomy governance and learn how your organization can ensure that every cross-domain connection is fundamentally governed by explicit service policies.
