How AI Adoption Is Driving Investment Into Cybersecurity Basics: Blackwood Execs

The solution provider is seeing that the need for securing AI ‘oftentimes lead back to [investing in] good cyber hygiene,’ Blackwood President Ryan Morris tells CRN.

Amid the race to enable secure adoption of AI and agentic technologies, many organizations are discovering that the first step is not necessarily using more AI, according to top executives at solution provider Blackwood.

Instead, the urgency around securely adopting AI is frequently resulting in a re-focusing on longstanding cybersecurity fundamentals such as endpoint visibility, identity security and data protection, the executives told CRN.

“It leads back to some core domains of security that have existed for a long time—endpoint security for visibility and enforcement, identity for privilege and permissions,” said Ryan Morris, president at Annapolis, Md.-based Blackwood, No. 93 on CRN’s Solution Provider 500 for 2025. “And so we’re seeing that securing AI oftentimes leads back to [investing in] good cyber hygiene.”

This need to focus on the security basics is only becoming more acute as AI agents and applications increasingly connect deeper into an organization’s IT systems and repositories for sensitive data, Blackwood executives said.

The issue is exacerbated by the growing difficulties around gaining visibility in AI and agentic behavior, however, according to Blackwood CTO Chris Ebley.

AI usage has quickly spread to the point that organizations are now using a variety of means to try to control the tools—such as monitoring browser-based AI usage or using an MCP (model context protocol) proxy to understand how agents are connecting to tools, Ebley said.

And yet, developers and users are often rapidly adopting new approaches, including connecting directly into a command-line interface (CLI), he said.

“If your only point of presence is an MCP proxy, and everyone decides to hook their agents directly into CLI, you have zero visibility,” Ebley said. “So it’s like a game of whack-a-mole [where] you are constantly having to evolve your security architecture to maintain visibility.”

Thus, the challenge for security teams is to understand not only what an AI app or agent is connecting with, but also to understand what data the AI tool can access and which identities or permissions it is using, he said.

This is a main reason why the discussions around AI security are so often turning into an identity security conversation—with a focus on the need for protecting non-human identities that are leveraged by agents, according to Ebley.

“The reason identity is so relevant is because AI is just a massive exacerbation of service account security that we’ve had for a long time,” he said. “You’re literally allowing an account, an application, to run on your behalf—and sometimes [it’s] masquerading as you, and then other times it basically has its own access.”

Major implications stem from the fact that while traditional identity security often focuses on the user or account, AI tools use those permissions in a different way, Ebley noted.

With traditional identity security, “the context is just the idea of a user or an account—not the application where things are being leveraged, not other applications that might sit alongside that,” he said.

Ebley said this can create something akin to an “octopus scenario”—where an AI application is connected to multiple different tools with varying levels of access.

Ultimately, that’s why having strong visibility is so essential for being able to effectively secure the usage of AI and agentic tools, he said.

If an organization is able to understand everything that an AI tool is connected to, “I can view the prompts that are coming into this. I can understand the data that it’s accessing and the level of permissions that are there, and how those identities are actually handled,” Ebley said. “You need to be able to understand all those things. Trying to solve an AI security problem, while having just one piece of that, is an impossibility. It’s Sisyphean, to say the least.”