The Blind Spot

An open benchmark tested six commercial AI agent security tools on 537 scenarios. They caught ninety-five percent of prompt injections. They caught nine percent of unauthorized tool calls. The gap between those numbers is the gap between the security model we inherited and the threat model we actually face. A benchmark published in March 2026 tested six commercial AI agent security tools across five hundred and thirty-seven scenarios. The results split cleanly. The top providers caught more than ninety-five percent of prompt injections — the attack where a malicious input tries to hijack an agent's instructions. The same providers caught between nine and eighteen percent of unauthorized tool calls — the attack where an agent uses a legitimate capability for an illegitimate purpose. The gap between those two numbers is not a technical shortcoming. It is an architectural inheritance. The security industry built its agent protection stack on the same foundation it used for web application