Why the Next Endpoint and SASE Disruption will not Come from a Security Vendor

Chandrodaya Prasad, Chief Product Officer at SonicWall

Chandrodaya Prasad serves as Chief Product Officer at SonicWall. He has over 20 years of cybersecurity product management and marketing experience, having held key leadership roles at Cisco and Viptela. Most recently, he was Vice President of Product Management at Cisco, overseeing teams delivering SASE, Cloud and Network Security and other security and networking solutions. Chandrodaya joins the SonicWall leadership team to help position our existing portfolio for success and continue our move to the cloud and expand our array of solutions.

By Chandrodaya Prasad, Chief Product Officer at SonicWall

The next cybersecurity disruption may not wear a security badge. As AI agents quietly embed themselves across enterprise workflows, the author argues that they could challenge the very observation points on which endpoint and SASE security were built

Anthropic just announced Claude’s expansion into security. Most of the debate is focused on the wrong question. The real issue is not what AI does in security today. It is what happens when the AI layer becomes the primary observation point and the moats that incumbents have spent years building start to erode from a direction nobody is watching.

This conversation needs to happen now across vendors, across CISOs, and across the channel. The Anthropic announcement is a useful forcing function. Not because it is a direct competitive threat today, but because it surfaces a strategic question the industry has been slow to confront.

The current positioning is centered on code analysis and developer-centric workflows. Logical starting point. But the more interesting question is not what it does today. It is where this model naturally wants to live over time.

Two areas for consideration are: Endpoint Security / EDR and SASE / SSE.

The Moat Question

For years, the hardest problem for any new security vendor was not building better detection. It was distribution. Convincing enterprises to deploy another agent. Navigating kernel-level hooks, performance tradeoffs, lengthy security review cycles, and organizational change management. The incumbents who won got there first, built deep telemetry pipelines, and made themselves operationally difficult to remove.

The moat for major cybersecurity and networking companies today is built on:

• Proprietary threat data and behavioral baselines built over years of deployment
• Distribution and Footprint Kernel-level agents and network sensors embedded through long enterprise sales cycles
• Compliance certifications including FedRAMP, SOC 2, ITAR, and HIPAA
• Deep SIEM, SOAR, and identity integrations woven into SOC workflows
• Threat intelligence networks, ISAC relationships, and government partnerships
• Elite research teams like CrowdStrike Intelligence, Microsoft MSTIC, and Mandiant
• Channel ecosystems of MSSPs and system integrators with practices built around specific platforms
• Brand trust that drives default procurement decisions when a buyer needs to defend a purchase internally

These are genuine, hard-won advantages. But every single one depends on a shared assumption: that the incumbent remains the primary observation point.

The Door AI Native Agents Are Walking Through

AI native agents are not entering organizations the way security vendors do. They are not going through security procurement. They are arriving through productivity adoption. Developers adopt them for code generation. Teams embed them into collaboration tools, browsers, and identity flows. One can see it on their own devices already, multiple agents running across multiple workflows simultaneously.

By the time a security team begins debating enforcement authority, the contextual footprint is already established. The agent already touches identity, sessions, developer pipelines, documents, and behavioral patterns across applications.

The Endpoint and EDR Dimension

The nature of that visibility is fundamentally different from what traditional EDR provides. A kernel-level agent sees processes, memory allocations, and system calls. An AI layer embedded in workflow sees intent. Intent expressed in prompts. Intent reflected in code generation patterns. Intent visible in how data is accessed across applications over time. That is a qualitatively richer behavioral signal than raw execution telemetry, built passively, without a single security-specific deployment motion.

The SASE and SSE Dimension

The network edge – Firewall or an SSE stack was never the point. It was always a proxy. Security vendors anchored enforcement at the edge because that was where they could observe user behavior consistently. Inline inspection, DNS filtering, browser isolation, and zero trust network access are all fundamentally about visibility into what users are doing and enforcing policy based on that visibility.

If the primary interaction surface increasingly becomes an AI layer, the edge proxy becomes redundant. Or does it just become the transport? The AI layer already has richer visibility into user intent than any inline network inspection point can provide. Enforcement follows observation. If the better observation point is upstream, that is where policy enforcement will eventually migrate as well.

The pertinent question If AI agents are operating today as a wrapper on top of enterprise security infrastructure, and continuously learning from the data those incumbent systems generate, what guardrails prevent them from absorbing that institutional knowledge into their own models over time? What stops an AI layer from learning the detection logic, the behavioral baselines, the correlation patterns, and eventually replicating that capability more efficiently within its own architecture?

This is not a theoretical concern. It is a natural consequence of how these models learn. The incumbent provides the signal. The AI layer ingests it, contextualizes it, and improves on it. At some point the question becomes whether the original signal source remains necessary. I do not think the incumbents have a good answer to this yet.

Are These Moats Equally Durable?

Not all of these moats will hold equally well through platform transition.

• Compliance certifications, channel relationships, and deep telemetry pipelines are the stickiest.
• Regulated industries will not move quickly, and that buys meaningful time.
• Brand trust and integration ecosystems are real today but erode faster than people expect when a superior observation point emerges upstream.
• Distribution footprint is the most interesting case. Historically the hardest moat to construct and the primary reason endpoint security has been so difficult to disrupt. But AI native agents circumvent the distribution problem entirely. They do not need a procurement decision. They arrive through a different motion and build visibility organically. The moat that was hardest to attack is getting easier to walk around.

We have seen this before in networking, storage, and productivity software. The friction points are real. Regulated industries will resist granting enforcement authority to AI. The liability question when an AI agent makes a wrong access decision is genuinely unresolved. These constraints change the timeline, not the destination.

The Real Disruption Scenario

A straightforward situation would involve an AI company choosing to enter the security market as a competitor. Such an approach would be gradual, transparent, and easily addressed by existing participants.

The scenario that should be of concern is more subtle. Control reorganizes around the AI interaction surface gradually, driven by productivity adoption rather than security strategy. By the time the shift is visible in win-loss data and renewal conversations, the switching cost calculus has already changed. The AI layer has become load-bearing infrastructure.

Decision Makers Shift Too

It is not just the technology that shifts. Security buying decisions that today sit with CISOs, and security operations teams may increasingly involve the same business leaders driving AI and productivity adoption. That changes the sales motion, the competitive dynamic, and the vendor relationships that matter most. Whoever owns the AI conversation with the business owns the next security conversation as well.

The Platform Rethink Nobody Wants to Have

These traditional platforms are being built with a view of the world where security means a perimeter, an agent, a sensor, an enforcement point sitting between the user and the resource. If the AI layer becomes the primary interaction surface, then architecture needs to be reconceived from the ground up. Not as enforcement points sitting around the edge of user behavior, but as an intelligence fabric operating within the workflow, at the data layer, and inside the AI interaction itself.

This would require different engineering, different go-to-market, and a willingness to cannibalize products that are still generating revenue today. The hardest part is always that last one.

The companies that have navigated platform transitions well did not defend the old architecture while slowly building the new one. They made a deliberate choice about which future they were building for. The ones that hedged too long found themselves competitive in neither.

So, What Do Vendors Actually Do About It?

Every major security vendor is now developing their own approach. Strategic options are clearer, with three top choices emerging:

• First, move up the stack into AI security itself. AI agents are a rapidly expanding attack surface. Prompt injection, model poisoning, agentic workflow abuse, and data exfiltration through AI pipelines are real and emerging threat vectors. Security vendors who pivot to securing the AI layer find a new growth market that plays directly to their existing strengths.
• Second, become the enforcement layer inside AI workflows rather than sitting outside them. AI platforms will need trusted security enforcement embedded within them and will prefer to partner rather than build. Vendors who position early as the policy and enforcement layer inside AI workflows retain relevance at the new control point.
• Third, accelerate platform convergence. Point products are the most vulnerable to AI disruption because they are easy to replicate as a feature of a broader AI layer. Vendors who converge capabilities across endpoint, network, identity, and cloud create switching costs that are structurally harder to circumvent.

Embedding into the AI stack through APIs is inevitable for everyone but carries margin risk and erodes the direct customer relationship. It is a hedge, not a strategy on its own. The vendors who combine all three simultaneously are the ones most likely to be relevant in five years.

Ongoing Developments: Current Perspective

At present, let’s acknowledge that definitive conclusions remain elusive, as we continue to assess the outcomes and implications of ongoing changes, our perspectives are likely to evolve further, given the rapid progression of the AI landscape.

The vendors asking these questions now will be better positioned than those who are not. The ones who wait for the disruption to become obvious will find the switching cost calculus has already moved against them.

AI native agents are not entering organizations the way security vendors do. They are not going through security procurement. They are arriving through productivity adoption. Developers adopt them for code generation. Teams embed them into collaboration tools, browsers, and identity flows. One can see it on their own devices already, multiple agents running across multiple workflows simultaneously.