Skills like security architecture review used to require years of experience across multiple industries and projects. Today, if one of my juniors asks:

“How do I review the security architecture of an agentic AI application?”

…the roadmap can be generated instantly, explained interactively, and practiced hands-on.

Take architecture review for agentic AI systems as an example.

Over the last few years, I have reviewed, pentested, and helped teams remediate critical issues in multiple AI applications. But after seeing what these agents can teach, I can clearly see two things:

  1. I probably missed issues in some reviews.
  2. I could have guided teams better in certain areas.

You can read the OWASP Top 10, OWASP guidance for Agentic AI, MCP secure development guidelines, and countless security frameworks.

But the real value appears when an AI agent turns those documents into practical training exercises and challenges you to identify:

  • the architectural flaw
  • how an attacker would exploit it step by step
  • the blast radius across identity, data, systems, and auditability
  • the missing security controls
  • how to redesign the system securely

That is a completely different kind of learning.

Sample artifacts

Sample SecOps Agent built around Agentic Workflows via MCP: Open the Excalidraw sample artifacts

This is exactly where AI agents become valuable as peer reviewers. They can force the review through concrete controls: signed MCP registries and model-safe catalogs, semantic filtering proxies, contextual replan gates, intent capsules, per-step approval, OPA policy, audience-bound tokens, and sandboxed tool calls.

The real fix is not a single control. A secure agentic workflow breaks the attack chain at multiple points: compromised manifests cannot become planner authority, tool output cannot silently become instructions, replans cannot bypass human intent, external MCPs do not receive internal data by default, broad workflow tokens become narrow audience-bound tokens, and audit logs record intent, approval, audience, and argument hashes.

Two things are becoming very clear to me:

  1. I need these agents as peer reviewers. I want them to challenge me.
  2. The learning and teaching industry is about to change in a very big way.