CU API and Libraries Attacks Systems in Architecture Discussion

Question Description

I’m working on a writing discussion question and need an explanation to help me understand better.

Question:
If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface?