Detection and enforcement are different controls. The agent timeline is closing the gap that let teams treat them as one.
Meta sent password reset links for 20,225 Instagram accounts to people who did not own them. The account recovery tool was AI-fronted. A user asked for help, gave an email, and received a reset link. One code path in that flow never checked that the email matched the account on file. The link went to whoever asked. Accounts without a second factor were taken over. The run started April 17 and continued until Meta pulled the tool down in early June.
Read the disclosure and the mechanism is narrow. The tool worked as designed. A separate code path skipped a verification step. That is not an exotic failure. It is the ordinary kind, the kind that ships in every large system. It is also the reason two different security postures exist.
Two postures
Name them by where they sit.
Detect above the path. A control watches behavior and flags what looks wrong. It sees the password resets, notices the pattern, raises an event. This is how the Instagram takeovers surfaced. By the time the event fired, the reset links were already in inboxes.
Enforce on the path. A control sits inline, in the request itself. The reset does not send until the requesting identity is verified against the account. The takeover does not start, because the request does not clear.
Same incident. Two places to stand. One tells you what happened. The other decides whether it happens.
Security teams already run both
None of this is new to a SOC. Endpoint detection and response watches a machine and tells you when something is wrong. It is the detect-above-the-path posture, applied to endpoints. Intrusion prevention sits inline and drops the packet before it lands. It is the enforce-on-the-path posture, applied to the network. Both have run side by side for twenty years. Nobody on a security team confuses them, because their jobs are different and their failure modes are different.
The AI version of the detect posture has a name now. CrowdStrike calls it AIDR, AI detection and response, and the category is correct. Detection of AI behavior is necessary work. Knowing what your agents did, and knowing it fast, is its own discipline. The point is not that detection is weak. The point is that detection was never enforcement, the same way EDR was never IPS.
What the agent era changes
The two postures coexisted because of a gap. Between a harmful action and its consequence there was usually time. A human attacker takes over an account, then poses as the owner, then moves money. Detection fires somewhere in that window. A responder acts. The window runs in minutes and hours, and detect-and-respond lives inside it.
Agents close the window. An agent does not pause between deciding and acting. It resets the credential, sends the wire, drops the table, and the consequence lands in the same step as the decision. The detection event still fires. It fires after. There is no responder fast enough to stand between a millisecond action and its result, because the result is already written.
Detect-and-respond as a standalone control assumes a runway that agents remove. That assumption is where the risk sits now.
Where the controls sit
For every agent deployment, the architecture question is which control sits where.
Detection above the path shortens the time to knowing. It belongs in every program, and the AIDR category is right to build it out. Enforcement on the path changes whether the action happens at all. It has to sit inline, in the call between the agent and the model and the tools, with identity bound to the request, so the verification the Instagram flow skipped becomes the thing that gates the action.
A regulated enterprise needs both, and needs to know which line of its architecture each one is on. Detection that lands after the wire clears is useful for the record and the investigation. It did not stop the wire. The inline layer that adjudicates the call before it completes is the part of the stack the agent era makes load-bearing.
That layer is what we build.
Ready to govern your AI infrastructure?
See how SmartFlow gives regulated industries complete AI sovereignty.
Request a Demo View Documentation