Part 1 of 3: The access problem nobody is talking about
Earlier this year, one of the world’s largest retailers quietly pulled its ChatGPT-powered checkout feature after it converted at one-third the rate of standard self-checkout. The coverage focused on UX. Wrong interface, wrong interaction model, move on.
That seems like the wrong diagnosis.
The checkout wasn't the problem. The AI was operating without real-time inventory, live pricing logic, or fulfillment constraints. So it did what AI does best: filled in the gaps. Confidently. Incorrectly.
The interface failed because the foundation was broken.
The takeaway most people landed on was "AI needs a semantic layer." A richer context model. Better grounding. That's only half the answer. The other half is less discussed, but it’s typically where things start to break down in real-world deployments.
Perfect context doesn't fix stale data
Even perfectly designed AI, trained on the right data and grounded in the right context, still fails if it can't access reality at the moment it needs it
For e-commerce, that's annoying. For security and observability, that's the difference between catching an incident and writing the post-mortem.
The problem isn't intelligence. It's access. And the industry is busy solving a part of the problem.
Right now, the default answer to agentic AI security goes something like this: Lock down the endpoint. Sandbox the agent. Control what it can execute. All valid and necessary but it is not sufficient.
Those controls govern what agents do. They say nothing about what agents “see” before they act, and that's where things break.
A perfectly sandboxed agent can still pull incomplete data, miss cross-system context, misinterpret signals, and take the wrong action. No red flags, correct execution, wrong outcome. This isn't a containment problem. It's an access and context problem, and sandboxing doesn't touch it.
The multi-agent issue nobody is talking about yet
Most organizations aren't architected for what's already starting to happen: multi-agent systems where one agent's output becomes another agent's input.
If Agent A is reasoning on partial data and produces a flawed output, Agent B doesn't know that. It treats A's output with the same confidence it would give a clean, verified data source. It acts on it. Produces its own output. Agent C acts on that.
Cascading failures in multi-agent pipelines propagate faster than human response times can contain. By the time someone notices something's wrong, the chain of confidently incorrect decisions is three steps deep.
More sandboxing doesn't fix this. Better prompts don't fix this. A faster model definitely doesn't fix this.
The fix is making sure every agent in the chain is working from the same version of reality: a consistent, normalized retrieval layer that doesn't let poisoned or stale data get laundered through the system as if it were clean.
The shift that tends to get overlooked
We've been thinking about AI failure as a model problem. It's not. It's an access problem wearing a model problem's clothes.
The companies that win in AI-driven operations, in security, observability, and incident response, won’t win because they have the best models, the biggest context windows or the most sophisticated agents.
They'll win because their agents can see clearly, consistently, and fast. Solve for access first, governance second, and model capabilities third, because the third doesn't matter if the first two are broken.
The Global Retailer’s AI wasn't dumb. It was blind. It operated on a delayed and incomplete shadow of the business and filled the gaps with confidence.
In security and observability, your AI is doing the same thing right now. The data is more fragmented, the stakes are higher, and the confidence doesn't waver.
The question isn't whether you have the right model. It's whether your model can see what it actually needs to see.
Fix access. Everything else starts working.
