If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attackers agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface?