COMMENTARY: Most security incidents have a log somewhere. An EDR event, a firewall alert, an IdP audit trail — something that tells you what happened and when. Defenders have spent years building that instrumentation layer, and it mostly works for the surfaces it covers.
Edge infrastructure isn't one of those surfaces.
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Serverless functions, API gateways, Workers running at the perimeter — these process real requests, touch real data, and run with real credentials. But when something goes wrong at the edge, there's often nothing to reconstruct from. A function executes, makes three outbound calls, returns a response, and terminates. The logs, if they exist at all, are shallow. The configuration that was in place six months ago looks identical on paper to what's running now, even if it's drifted significantly. Nobody's on-call for it because nothing's been broken loudly enough to matter.
AWS VP Gee Rittenhouse said it plainly at re:Invent 2025: "
It's hard to do agentic security if you're not observing it.” At the edge, most organizations aren't observing it at all.
The surface grew faster than the tooling
Cloudflare alone now runs code for over
41 million websites, posting $639.8 million in Q1 2026 revenue as organizations pushed compute to the edge at a pace that security tooling hasn't matched. AWS Lambda, Azure Functions, Google Cloud Run — serverless compute expanded across every major provider under the same dynamic.
The reason is structural. When endpoints proliferated, the industry built EDR. When identity became the attack surface, it built IdP audit trails and UEBA. Edge and serverless compute proliferated without an equivalent security tooling moment. The shared responsibility model creates a gap that's easy to misread: cloud providers secure the underlying infrastructure, but
the configuration, credentials, access policy, and behavior of what runs on top
stays with the customer. Most customers haven't fully internalized that boundary.
The result is a large, production-critical surface that security teams can't see into the way they can see into everything else. Not because they're not trying. Because the instrumentation was never built.
Configuration drift is the standing condition
There's a specific failure mode that shows up consistently in edge environments. It doesn't require an attacker to trigger it. It just requires time.
A developer deploys a Worker to handle an integration. It ships with credentials scoped for that use case, a CORS policy that made sense at the time, maybe a debug route left open for troubleshooting. The integration ships. The developer moves on. Nobody decommissions the Worker because nothing is broken. Six months later it's still running — same credentials, same permissive settings, same debug route — but nobody is watching it and nobody remembers it exists.
Nick Gray, an entrepreneur who built and sold two companies and writes about Cloudflare as a self-described superfan and investor, attended Austin's first
Cloudflare Workers Tech Talks and documented what he called the "Shadow IT Fix" problem: routes and Workers that developers spun up and forgot about, that are "rarely updated or monitored" and "often the entry points for attacks". What makes that observation worth citing is who made it — someone deeply familiar with the Cloudflare ecosystem but with no security practitioner bias. The drift pattern is visible enough that an independent tech observer flagged it as one of three things worth remembering from the event.
This is misconfiguration as a standing condition, not an anomaly. The gap isn't that teams made mistakes. It's that the tooling to continuously validate what's actually running — versus what should be running — doesn't exist for most edge environments the way it does for endpoints or cloud compute.
Why this matters now
Configuration drift at the edge has always carried risk. What's changed is who finds it.
Traditional attackers need a reason to look at a specific surface. They need a foothold, a path in, prior intelligence about where to probe. The attacker-work required to discover a forgotten Worker with live credentials is non-trivial.
Autonomous AI agents don't work that way. Enumeration is their baseline behavior — not a deliberate attack step but a default function of how they explore what's reachable. An agent operating in an enterprise environment will, as part of normal operation, map available surfaces and probe accessible endpoints. It doesn't distinguish between intended exposure and accidental exposure. It reaches what it can reach.
The harder problem is what happens after. As SC Media's Perspectives
noted earlier this month, security teams "can often see that an action occurred, but they struggle to understand what information influenced the action, which systems contributed context, and whether the resulting decision aligned with business rules" — and "a gateway can see traffic, but it may not understand the business rule that makes an action safe or unsafe". At the edge, it's worse than that. The gateway doesn't just struggle to understand the rule. It often can't see the traffic at all.
The ISACA 2026 AI Pulse Poll found that
56% of organizations don't know how long it would take to halt an AI system in a security incident. At the edge, that number is worse — because most organizations don't even know what's running there.
A zombie Worker with permissive CORS and live credentials looks like a valid target to an agent the same way it looks valid to a human attacker — except the agent gets there without needing a reason to look.
The posture-first framework
The instinct when facing a detection gap is to add detection. At the edge, that instinct is backwards.
Detection requires a baseline to deviate from. If you don't know what your edge infrastructure is supposed to look like — which Workers are supposed to exist, what credentials they're supposed to hold, what routes are supposed to be active — then behavioral anomalies are invisible by definition. You can't detect drift you've never measured.
The framework that closes this gap has three layers, and the order matters:
Inventory before detection. You cannot monitor what you don't know exists. The first step is a complete map of running Workers, functions, and gateway configurations — including the ones nobody remembers deploying. Zombie workers are the norm in most environments, not the exception.
Wiz's April 2026 expansion specifically extended security coverage into internet edge infrastructure, adding integrations with Cloudflare, Akamai, Vercel, and Apigee precisely because that visibility gap had become a first-order problem. If a vendor is building a product to close it, the gap is real.
Baseline before alerting. Once the inventory exists, define what secure looks like for each function and continuously diff every running deployment against that standard. Exposed credentials, permissive CORS, active debug routes, over-scoped permissions — these are findable mechanically once you have something to compare against. Without the baseline, they're invisible.
Behavioral telemetry as the third layer. Only after inventory and baseline are in place does behavioral detection become meaningful. The question you then get to ask — given what this Worker is supposed to do, is what it's actually doing consistent with that? — is the question that surfaces anomalous behavior. But it requires the first two layers to be answerable at all.
Organizations that skip to behavioral detection without the posture foundation end up with alerts they can't contextualize and drift they can't measure. The sequencing isn't a preference. It's a prerequisite.
The witness problem
The edge was never designed to be observed the way the rest of the stack was. Serverless execution is ephemeral by design. Functions terminate and take their runtime state with them. That's a feature for performance and cost. It's a liability for forensics.
The shift defenders need to make is from asking what a request did to knowing what a surface is exposing before any request arrives. That reframe — from reactive detection to continuous posture awareness — is what the instrumentation gap at the edge actually requires.
It doesn't need a new tool category. It needs the same posture discipline the rest of the security stack already applies to endpoints, identities, and cloud compute — applied to the edge layer that currently sits outside the coverage model.
The edge has no witness because nobody built one. The detection capability follows from posture discipline, not the other way around. Most organizations are trying to run that sequence in reverse. That's the gap — and unlike most security gaps, it closes with process and baseline discipline before it requires new tooling.
Build the witness first. The detection follows.