Taher Behbehani

$1.4M total comp at Google. He walked away from it. Mahesh spent 13 years at Microsoft, Amazon, Meta, Google. Doubled his comp every two years through the AI wave. His friends from Meta moved to Nvidia and are at $2.5M now. The recruiters keep calling. The next 70% bump is sitting there. He left anyway. The reason matters more than the money. Every meaningful AI product of the last three years was built by a small team or one person. ChatGPT came out of a small company. Lovable started tiny. Claude Code was a small team inside Anthropic. OpenClaw is one developer in Australia. Inside the $2T company, the two-page document needs a one-page approval that takes six weeks. In those same six weeks, somebody with no team and no permission became a builder PM who can ship anything. The safe job stopped being safe the moment the tools collapsed the cost of building a product from a six-person engineering team to one person at a laptop. The $1.4M is the price of staying static while the people around you compound.

In practice, the impact of having threats at the model's decision layer means having visibility into how those decisions are formed. And it raises the bar for deploying these systems. If you don't understand how this layer behaves, or don't have a way to monitor it, you're operating with incredible risk. 🧵6/6

During most of my career in technology, one thing was consistent: security meant keeping the attacker out. And that still matters. We can monitor systems, spot unusual behavior, and trace actions back to a user. But with AI agents, there's a new way things go wrong, and it doesn't always start with someone breaking in. 🧵1/6

2️⃣ What securing the reasoning chain looks like → Confidential inference runs the model inside a hardware-enforced boundary, so data can be used without being exposed to the cloud host, the model provider, or anything outside that environment. It also makes the inference process itself verifiable. → Runtime monitoring then operates inside the reasoning chain, where decisions are actually formed, so misalignment can be detected before anything surfaces in the output. → Every input is verified, and every output is attested, creating an audit trail by default rather than something reconstructed later. 🧵5/6

At the same time, AI-related risk is becoming increasingly difficult to insure, with carriers beginning to carve out exclusions for AI-driven incidents as exposure grows. A contract is not a substitute for technical protection. Neither is a retention policy. What, exactly, are your legal and security teams reviewing in your provider agreements? 6/6

The first wave of AI security products reached market quickly. Most of them started life as perimeter tools, endpoint solutions, or DLP platforms with an AI feature layer added on top - which means none of them were built for the problem that agentic AI actually presents. None started from the problem that actually needed solving: how do you protect data during inference, and how do you detect when an agent's goals have been corrupted at the semantic layer? These are not edge cases, they are the primary attack vectors for agentic AI in 2026. Twenty years across Intel and Cisco teaches you something that no threat landscape report will - the companies that got security right never started from a product. They started from the threat model, and built backwards. And while those that tried to retrofit an existing solution onto an emerging threat didn't fail dramatically, they fell behind and couldn't catch up. Confidential Core AI was built from a clean slate - ground-up for agentic security. Four pillars in one platform: 1. Adversarial attack protection 2. Real-time goal alignment 3. Model and data confidentiality during inference 4. Sovereign deployment This is not just our view. When independent security researchers evaluate the available approaches, confidential compute consistently comes out as the most comprehensive. Confidential compute is the only approach that can run any model, any vector database, and any AI framework inside a hardware-enforced boundary without architectural compromise. The challenge researchers consistently flag is not technical viability but the complexity of monitoring agentic AI. It is hard to set up, hard to verify, and easy to misconfigure. That is the problem we are solving. Enterprises that recognize the nature of the problem will build from the threat model. They will secure the inference layer before the first agent is deployed at scale. The ones that don't will make that discovery later, under less favorable circumstances.

Confidential compute is also the hardest to implement correctly. That is why most vendors have not gone near it. Ask your vendor which approach underpins their product. Then ask which approaches they decided to leave out. The answer will tell you more than the sales deck. 🧵8/8