Companies racing to deploy agentic AI may be reintroducing a security problem they spent decades trying to solve.
As organisations give AI systems privileged access to networks, data and business processes, they are reversing years of effort to limit access to critical systems. In an M&A transaction, those exposures transfer with ownership.
That is what concerns Ian McCaw (pictured), head of transaction advisory services for EMEA at Aon. After more than two decades advising buyers on cyber risk, he believes AI is amplifying vulnerabilities that companies already struggle to identify and contain.
"In a nutshell, what's happening is companies are deploying agentic AI with elevated access to their networks in a way that we've just spent the last 20 years trying to fix from a human access level," he said. "And the risk is concerning because an agentic AI can operate at a pace and scale and create exposures in a way that humans couldn't."
McCaw said the root cause of most breaches remains surprisingly familiar. Poor cyber hygiene, rather than sophisticated attacks, is what catches companies out. The difference is that AI can exploit those weaknesses at machine speed, potentially magnifying the impact across an organisation.
After more than two decades advising on transactions, McCaw has become wary of taking a target's cyber posture at face value. In his experience, the picture buyers see during diligence is often the strongest version of the business they will ever encounter, with weaknesses becoming more apparent after a deal closes.
The warning signs are often visible before access is granted to internal systems. Aon's teams assess exposed infrastructure, email security controls and intelligence from the deep and dark web to build an early picture of a target's cyber posture.
"What we tend to find is that it's a bit like an apple," McCaw said. "If it looks bad on the outside, it's typically bad on the inside as well."
Sometimes the findings are more serious. McCaw said Aon has identified active cyber breaches during live transactions where management teams were unaware an intrusion was already underway.
"You're not acquiring the security posture of the company as such," he said. "You're actually acquiring their unknown risks, the things that management aren't aware of."
Those unknowns increasingly carry financial consequences. Cyber findings now shape negotiations, warranty and indemnity insurance discussions and, in some cases, valuation itself. Verizon reduced its acquisition price for Yahoo by $350 million after major data breaches emerged during the deal process, while Marriott later faced regulatory penalties and reputational damage after acquiring Starwood Hotels, where attackers had already compromised customer records before completion.
McCaw sees agentic AI as an amplifier rather than a standalone risk. The vulnerabilities remain familiar. What has changed is the scale and speed at which they can be exploited.
"When a human gets compromised, there are generally limits to what they can do," he said. "An agentic AI with access can pretty much reveal the crown jewels because it intrinsically doesn't have the human insight to [ask], is this right or wrong?"
The exposure extends beyond individual organisations. Much of the corporate world's AI activity is concentrated among a relatively small group of foundation model providers, while companies continue to inherit third-party security risks through acquisitions.
"What happens if you wake up one day and your AI platform isn't there?" McCaw said. "We've seen systemic risks with software taking out IT systems before. We need to be prepared for those types of situations."
Yet McCaw believes governance has not always kept pace. Too often, he said, cyber reporting is designed to reassure boards rather than help them understand the consequences of failure.
"For the most part, cyber reporting is written to reassure boards," he said. "Boards are basically asking: is it safe? Are we safe? Do we want that reassurance? But actually, I think that's flawed thinking."
The more useful question is not whether a business appears secure but what happens when a critical asset is compromised.
"If you're on the board of a software business, you should be asking: what happens if our source code is exploited?" McCaw said. "What happens if our clients wake up the following morning and our product has meant every single one of their networks has become compromised?"
McCaw is sceptical of easy indicators of cyber maturity. An over-confident chief information security officer is a red flag. So is a company that presents a security certificate as proof that everything is under control.
"That's a bit like presenting your 50-metre swimming badge," he said. "It's kind of nice. But what happens when you're drowning?"
The organisations that stand out tend to carry what McCaw describes as institutional scarring. Having experienced a major breach, they approach cyber risk differently.
"Once you've had that institutional scarring, you are just tuned to make sure that never happens again," he said. "And you can tell in diligence which businesses have been through it."
The same mindset is visible in the strongest security leaders. Rather than projecting certainty, they remain focused on what they may have missed. The CISOs who leave the strongest impression are not the ones claiming to have all the answers. They are the ones still looking for the questions nobody has asked yet.
