Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.

The challenge is understanding that different agentic solutions being pitched by vendors are solving fundamentally different problems.