Every model, API, agent, MCP server, vector store, and prompt an enterprise puts into production is a new attack surface, and most of it sits outside the tools ...