For most of his career, Jason Rebholz has been called in after things have already gone wrong. Before founding Evoke Security, Rebholz spent more than a decade investigating cyber intrusions, many of them involving sophisticated attackers and nation state threats. The job gave him a unique vantage point into how breaches actually unfold inside organizations. And over time, he began to notice a pattern.
Attackers rarely invent entirely new techniques. Instead, they exploit whatever tools and access already exist inside a system.
“Across decades of incidents, you see the same pattern,” Rebholz explains. “Attackers steal credentials, gain access, and then use the tools that are already inside the environment.”
Early attackers spread through malware. Later they relied on remote access tools like RDP. Eventually they began using administrative utilities such as PowerShell to move laterally through networks. Security professionals started referring to this tactic as “living off the land” — using legitimate tools already present inside the environment to conduct attacks.
When Rebholz began watching how companies were deploying AI agents inside their organizations, the pattern immediately stood out. “As companies started giving AI agents access to tools and data,” he says, “it became clear that this would be the next step attackers exploit.”
That realization ultimately led him to co-found Evoke Security, a startup focused on securing what Rebholz believes will soon become a new kind of workforce: one composed not just of humans, but of autonomous AI agents operating on their behalf.
The Rise of the Agentic Workforce
While the conversation around artificial intelligence has largely centered on large language models and chat interfaces, Rebholz believes the real transformation is happening one layer deeper.
AI agents are increasingly being deployed to perform real tasks across enterprise systems. They write code, analyze documents, retrieve information, schedule work, and interact with internal tools and APIs.
Many organizations are already using them, often without realizing the implications.
“I think we’re already there,” Rebholz says. “Anyone using coding agents already has a team of agents operating on their behalf. You just don’t necessarily realize it yet.”
For enterprises, the appeal is obvious. Agents can automate repetitive work, accelerate workflows, and dramatically increase productivity. But they also introduce a fundamental tension.
Agents only become useful when they are given access. And access means risk.
“In order for these agents to be useful, you have to give them access to tools and data,” Rebholz says. “But that’s also what creates anxiety for companies, because they don’t necessarily know what the agent is doing.”
That tension has created what Rebholz calls the agentic dichotomy. Companies want the productivity gains that AI agents promise, but they remain uneasy about the security implications.
The Moment Security Teams Noticed
When Evoke Security first started speaking with enterprises about agent security, many security teams struggled to understand the problem.
At the time, most AI agents were primarily being used by developers building experimental workflows in cloud environments. From a security perspective, they seemed distant from the rest of the organization.
“The risk just wasn’t registering,” Rebholz says. “Security teams were too far away from the problem.”
Ironically, it was engineers who first began raising concerns. As developers experimented with agent frameworks and automation tools, they realized just how much access those systems required to operate effectively.
“We were seeing engineers say, ‘We’re giving these agents a lot of access and it’s starting to make me uncomfortable,’” Rebholz recalls. The real wake-up call came when agent tools became accessible to non-technical employees.
Suddenly the technology was no longer confined to developer sandboxes. Business users began connecting agents directly to email systems, meeting transcripts, internal knowledge bases, and document repositories.
“That’s when the light bulbs started going off for security teams,” Rebholz says. A finance executive might connect an agent to email, meeting recordings, and internal documents.
A marketing employee might give an agent access to shared drives and collaboration tools. Each connection increases the potential value of the agent. But it also expands the potential attack surface.
“All of that becomes in scope for what could be compromised in seconds,” Rebholz says.
Why Traditional Security Tools Fall Short
One of the biggest misconceptions Rebholz sees in the market is the belief that existing security tools will naturally extend to protect AI agents. In practice, that assumption often breaks down.
Traditional enterprise security tools are designed to monitor human users, applications, and infrastructure. They track logins, analyze network traffic, and detect anomalies in user behavior. But AI agents operate differently.
They interact with multiple systems simultaneously, execute tasks programmatically, and may trigger actions across dozens of tools in rapid succession.
“The biggest misconception right now is that your existing security stack will cover you,” Rebholz says. “It won’t.” When an agent interacts with enterprise systems, many organizations lose visibility into exactly what actions it performs.
“You suddenly have a blind spot around everything the agent is doing,” Rebholz explains. That blind spot is precisely what Evoke Security aims to address.
Building the EDR for Agents
Evoke Security’s core thesis is that AI agents represent a new category of computing entity, and therefore require a new category of security tooling. The company’s goal is to provide visibility into how agents operate inside enterprise environments and to detect potentially malicious behavior before it escalates into a breach.
Rebholz often describes the company’s ambition in simple terms.
“Our goal is to create the EDR for agents.”
Endpoint Detection and Response, or EDR, became a cornerstone of modern cybersecurity as organizations needed more advanced monitoring for laptops, servers, and endpoints. Rebholz believes a similar evolution will occur as agents become embedded in enterprise workflows. To explain the shift, he draws a historical analogy.
“Agents are going to become the next operating system for businesses,” he says.
In the early days of personal computing, antivirus software emerged as a necessary layer of protection once laptops and desktops became widespread. Today, security for endpoints is considered a baseline requirement. Rebholz expects the same trajectory to unfold with AI agents.
“As agents become more powerful and more integrated into businesses,” he says, “security around them is going to become essential.”
Moving Faster, Not Slower
Despite the security challenges, Rebholz does not believe companies should slow down their adoption of AI agents. In fact, he argues the opposite.
Organizations that hesitate may find themselves falling behind competitors that are already integrating AI-driven workflows. “There’s a small minority of companies that are already far ahead,” he says. “The majority are just starting to experiment. And then there are laggards that are still saying it’s too risky.”
The key, he believes, is not to avoid agents, but to adopt them responsibly.
Companies need visibility into how these systems operate and safeguards to ensure they behave within defined boundaries. Without that layer of oversight, organizations risk deploying powerful automation systems without understanding how they interact with sensitive data and internal infrastructure.
The Next Security Frontier
For Rebholz, the emergence of AI agents represents a familiar moment in the evolution of technology. Every major computing shift creates new security challenges.
Personal computers required antivirus software. Cloud infrastructure required new security architectures. Mobile devices introduced entirely new threat models. Now AI agents are introducing another.
“Right now, most companies don’t really know what their agents are doing,” Rebholz says. As enterprises continue integrating AI deeper into their operations, that visibility gap may become one of the most important cybersecurity challenges of the next decade. And if Rebholz’s prediction proves correct, securing the agentic workforce may soon become as fundamental to enterprise security as protecting laptops, servers, and cloud infrastructure.
The difference is that this time, the new workforce won’t just be human.
