The CodeWall research that broke through McKinsey's AI platform this month was remarkable on its own terms. But a second piece of research published the same week pushed the frontier further.

As documented in CodeWall's published findings, researchers pointed the same autonomous hacking agent at Jack & Jill, an AI recruitment platform backed by a $20 million seed round, with 49,000 candidates and hundreds of enterprise clients including Anthropic, Stripe, and Monzo. Within an hour, the agent had chained four seemingly harmless bugs into a complete takeover of any company on the platform.

The technical chain was instructive: a URL fetcher that proxied internal requests, a test mode left on in production, a missing role check on an onboarding endpoint, and a company creation pattern that did not verify domain ownership. None of the four bugs were critical in isolation. Together they produced a CVSS 9.8 critical vulnerability, meaning complete cross-organization account takeover.

The detail that changes the nature of the conversation came next. The agent did not stop at data access. It discovered that the platform's voice infrastructure issued connection credentials without authentication. So the agent gave itself a voice, generated synthetic audio, connected to live voice sessions, and ran 28 prompt-response rounds against the platform's AI agent, probing capabilities, testing guardrails, and attempting jailbreaks. No human in the loop on either side.

AI agents attacking AI agents, at machine speed, in real time. The defensive posture most enterprises currently maintain, built around periodic penetration testing, manual code review, and model-level guardrails, was designed for a different threat model entirely.

The answer is not simply better security tooling. It is verification infrastructure at the agent layer: knowing which agents are authorized to operate in your environment, what they are permitted to do, who is accountable for their behavior, and whether their track record in other deployments gives reason for confidence or concern. That infrastructure does not yet exist at scale. Building it is the work Insygna was founded to do.