LLM vendors are increasingly building security features and guardrails into their models. However, the controls inside the model are designed for a contained, request-response world. A user sends a prompt, and the model returns a response. LLM security focuses on making that response safe. Agentic AI shows us how insufficient those model-based controls are. Today, agents call tools, chain with other agents, read from external data sources, and take actions that can have real-world consequences.