At first glance, Pokémon and cybersecurity have nothing in common. One is a nostalgic game about catching digital creatures, the other a high stakes battle over autonomous AI systems. But the story of Pokémon GO shows something more important for agentic AI security: the most powerful systems are often built on data whose value only becomes clear years later, while the risk builds quietly in the background.
When millions of players captured Pokémon, they unknowingly generated one of the most detailed spatial datasets ever created, including billions of geotagged images, movement signals, and environmental data. That foundation now powers Niantic Spatial, enabling real-world robotics and navigation in environments where GPS alone fails. A game became infrastructure.
Agentic AI is now repeating that pattern inside the enterprise, only faster, more distributed, and harder to control.
How Pokémon Helps Pizza Delivery Drivers Navigate
The game Pokémon GO provides delivery robots with a centimetre-accurate view of the world thanks to AI and augmented reality (AR). This unusual example demonstrates that AI’s paths are difficult to predict and the value of a dataset may only become apparent decades later. Understanding and carefully controlling the data is crucial, throughout its lifetime.
It’s rare to get detailed insights into an AI-driven project with reliable figures. But the two companies Niantic Spatial and Coco Robotics offer a glimpse behind the scenes. The startup Coco Robotics is working on delivery robots that will deliver pizza, amongst other things, in several cities in the US and Europe.
And Niantic Spatial, the AI spin-off of Niantic, creator of the Pokémon GO app, provides precise visual data that Coco’s robots use for orientation in urban jungles from Helsinki to Los Angeles, because GPS alone isn’t sufficient. This virtual orientation system is AI-driven and has analysed data from Pokémon GO’s massive dataset.
For those less familiar with the app’s functionality and popularity, consider this: within 60 days of its release in July 2016, 500 million people installed it and roamed the world’s major cities in search of digital Pokémon. In the process, they shared billions of images of urban landmarks and their surroundings from every imaginable angle, including precise location data. In 2024, eight years after its launch, the game still boasted over 100 million players.
Niantic Spatial utilises this vast repository of crowdsourced data from hundreds of millions of players to calculate a digital world model. A staggering thirty billion images were analysed using AI for this purpose, all of which followed typical smartphone image formats, and every image was linked to precise location coordinates, camera orientation, and device movement data. The data is therefore highly standardised and, in a sense, structured. It was all fed into Google’s BigQuery and BigTable for analysis and long-term storage which, over time, was used to create the centimetre-accurate 3D map that Niantic Spatial and Coco Robotics are benefitting from today.
Hidden Infrastructure from Scale
What this use of Pokémon GO demonstrates is a pattern that is becoming foundational to agentic AI security: large volumes of low-value interaction data can evolve into long-lived, strategic infrastructure over time.
No individual player thought they were contributing to robotics-grade spatial intelligence. Yet collectively, they built something far more durable than a game economy: a continuously updated digital twin of the physical world.
That is the key lesson for enterprise AI. Agentic systems do not just consume data, they generate it at scale, across every workflow, decision, and API call. Over time, this creates hidden infrastructure such as logs, embeddings, prompts, tool outputs, and behavioural traces that may later become mission-critical assets or become liabilities in the form of emerging risk.
The problem is that organisations rarely treat this early stage “low value” data as strategic. By the time its importance is understood, it is already deeply embedded across systems, and those liabilities have already become systemic risk.
AI is Collapsing Cyber Timelines
Another shift is accelerating this risk. Developments in frontier AI capabilities are shrinking the gap between vulnerability discovery and exploitation, turning cyber risk into a continuous pressure rather than a periodic event.
In earlier software eras, defenders had time to patch, isolate, and respond. In agentic environments, models can interpret systems and chain tools to automate exploitation workflows. That compression of time changes the security model: detection, response, and recovery must now happen almost simultaneously.
When combined with highly distributed AI agents operating across cloud services, SaaS platforms, and internal APIs, the attack surface expands rapidly in both speed and complexity.
What used to be a “breach window” is becoming a permanent exposure state.
Agentic AI Expands the Attack Surface
Today’s agentic AI systems are not passive tools. They act as privileged digital actors across enterprise platforms, reading emails, executing workflows, calling APIs, and interacting with other agents. That creates identity sprawl at scale.
Every agent effectively becomes a new identity with permissions, context, and autonomy. Unlike human users, these identities operate continuously, at machine speed, and often across multiple systems simultaneously.
This introduces new failure modes:
- Over-permissioned agents accessing sensitive data
- Orchestration chains that escalate privileges unintentionally
- Cross-system automation loops that propagate errors
Taken together, these failure modes show that resilience is shifting from reacting to incidents to continuous readiness and clean recovery, with the requirement to be owned at the executive board level.
This requires three connected capabilities:
- Resilience for identity systems. Agent identities must be centrally governed, continuously monitored, and kept within least privilege constraints. Without this, autonomous systems accumulate unchecked authority across the enterprise.
- Protection and anomaly detection. As agentic systems operate at scale with data sources across on-premises, hybrid, and cloud environments, the data must be continuously validated and protected against corruption or manipulation.
- Cyber recovery must extend to AI systems themselves. Organisations need the ability to restore clean versions of both data and autonomous agents, including a known-good operational state, often referred to as a Minimum Viable Company (MVC), to ensure continuity after compromise.
Without this, autonomous systems amplify risk faster than traditional recovery models can respond.
The Real Lesson from Pokémon
Pokémon GO is not just a consumer tech success story. It shows how modern AI infrastructure is quietly built from mass participation and long-term data accumulation, with unexpected reuse over time.
What begins as entertainment becomes infrastructure. What looks like noise becomes training data. And what feels optional becomes foundational.
Agentic AI is following the same trajectory, but in enterprise systems – where the stakes are far higher and exposure is growing beyond organisations’ ability to keep pace.
Join our LinkedIn group Information Security Community!
