The article suggests that “agentic malware” shifts the problem from exploiting software bugs to exploiting agent goals, memory, and tool access. Given that many of these systems are designed to be helpful and autonomous, is it even meaningful to think in terms of “patching vulnerabilities” anymore—or do we need a completely different security model (e.g., treating all agent actions as untrusted, like a zero-trust runtime)?