← All reports

YOUTUBE

Anthropic And OpenAI Just Admitted The Model Isn't Enough.

Video · AI & Technology · 11 May 2026 · 20m · source

⚡ BOTTOM LINE

The Lily breach shows that the real failure is not the AI model but the way enterprises procure, design, and govern agentic software. If a vendor‑supplied platform cannot authenticate agents, enforce fine‑grained permissions, audit actions, and sustain cost‑effective token usage, the investment becomes a strategic liability regardless of the underlying model.

📝 THESIS

Enterprise AI agents expose a fundamentally new attack surface: they make programmatic calls to every system a human would click through. Traditional SaaS procurement—strategic decision → contract → security review → IT integration → developer build—assumes bounded, human‑centric permission models. When agents are added, that sequence collapses, producing un‑authenticated, writable endpoints and unauditable actions that can be exploited at scale, as demonstrated by the Lily incident at McKinsey.

💡 KEY INSIGHTS

  1. Security‑type framing masks deeper process failures – The Lily hack was a classic SQL‑injection, a known 1998 vulnerability, yet 22 / 200 (11 %) of Lily’s production endpoints shipped without authentication. That pattern reflects a procurement‑and‑governance lapse, not a mere hygiene slip. 1

  2. Agentic workflows demand first‑class permission & audit design – An AI agent must ask each downstream system “Am I allowed to read/write X?” and receive a machine‑readable answer. If any system lacks such an interface, the agent’s actions become invisible to auditors and regulators. 2

  3. The traditional SaaS buying cycle is incompatible with agents – The classic “buy‑then‑configure” model works for bounded apps (Salesforce, Workday) but fails for agents that need cross‑workflow, token‑aware, cost‑predictable integrations before they can deliver value. 3

  4. Vendors are now bundling the missing pieces – In the week following the Lily disclosure, Anthropic, OpenAI, SAP (acquiring Dremio & Prior Labs), Pinecone (Nexus), Salesforce (Headless 360), and ServiceNow (Action Fabric) all announced enterprise‑grade agentic layers: governed APIs, identity‑aware actions, and audit trails. These are precisely the controls Lily lacked. 4

  5. Two decisive questions for any AI purchase
    * Can the platform differentiate between a human user and an AI agent?
    * What happens to security defaults when the team rushes to ship?

If the answer to either is “no/unknown,” the platform is an unpriced liability. 5

  1. Organisational design, not just tech, is the weak link – When technical architects are excluded from early product decisions, default configurations drift toward “no authentication.” Embedding engineers earlier in the procurement process is the cheapest mitigation. 6

💬 QUOTABLE MOMENTS

“The model was never the hard part. The hard part is exactly what the Lily incident surfaced: whether the agent can reach the right data, use the right permissions, trigger the right workflow, leave the right audit trail, and do all of it at a cost the company can live with.” — Nate B. Jones, ~06:457

“If you put implementation and your dev team last in the buying sequence, you’re committing capital to a strategy whose viability has not been tested.” — Nate B. Jones, ~11:308

🔍 FACT CHECK

VERIFIEDSQL injection was first documented in 1998 and is taught in every introductory web‑security course.
Source: OWASP History of SQL Injection (2024) 9

VERIFIEDSAP announced acquisitions of Dremio and Prior Labs in May 2026 to build a unified data layer for enterprise AI.
Source: SAP News Center, “SAP to Acquire Prior Labs” (2026‑05‑05) 10

UNVERIFIED“Anthropic and OpenAI have both stood up enterprise services companies with billions of dollars behind them to put engineers inside customer build‑rooms.”
No publicly‑available press releases confirm dedicated “engineer‑in‑room” services funded at “billions” as of May 2026. Further corporate announcements would be needed for confirmation.

📖 KEY REFERENCES

People & Experts

Publications & Works

Institutions & Organisations

Concepts & Frameworks

🎯 STRATEGIC IMPLICATIONS

For CTOs / Platform architects: Prioritise agent‑aware authentication and auditability in any AI vendor RFP; embed engineering leads early in procurement to validate defaults.

For procurement leaders: Redesign the buying sequence so that technical feasibility & security posture are assessed before contract signing, not after.

For board‑level risk officers: Treat unauthenticated, writable agent endpoints as board‑level liabilities; require vendors to demonstrate concrete governance controls (e.g., token‑scoped permissions, revocation APIs).

🧭 FURTHER EXPLORATION

  1. How would the Lily breach have been prevented if the platform had enforced zero‑trust token scopes for every agent call?
  2. What metrics can organisations use to quantify the token‑cost explosion when agents repeatedly rebuild context across systems?
  3. Which regulatory regimes (e.g., GDPR, SOC 2) explicitly require auditable agent actions, and how are compliance teams preparing?
  4. How might the emergence of “agent‑centric” SaaS reshape the traditional vendor lock‑in dynamics in enterprise software?

📊 EPISTEMIC STATUS

⚔️ CONTRARIAN CORNER (not requested – omitted)

🎙️ SPONSORS (not requested – omitted)

🧠 MEMORY HOOKS (not requested – omitted)

📢 SHARING (not requested – omitted)

📚 REFERENCES

  1. Nate B. Jones, Lily incident overview, ~02:15. 

  2. Nate B. Jones, Agent permission requirements, ~05:40. 

  3. Nate B. Jones, Traditional SaaS procurement flow, ~08:20. 

  4. SAP News Center, “SAP to Acquire Prior Labs”, 05 May 2026. 

  5. Nate B. Jones, Two decisive vendor questions, ~12:10. 

  6. Nate B. Jones, Organisational design and defaults, ~14:00. 

  7. Nate B. Jones, ~06:45. 

  8. Nate B. Jones, ~11:30. 

  9. OWASP, “SQL Injection”, https://owasp.org/www-community/attacks/SQL_Injection (accessed 2026‑05‑11). 

  10. SAP News Center, “SAP to Acquire Prior Labs”, https://news.sap.com/2026/05/sap-to-acquire-prior-labs-establish-frontier-ai-lab-europe/ (accessed 2026‑05‑11).