Notifications
Clear all
Topic starter
06/06/2026 11:07 am
TL;DR: RSA 2026 showed agentic AI security is crowded, but most offerings still cover only one slice of the problem, with endpoint-only visibility, adjacent-category rebrands, and missing runtime enforcement leaving major blind spots according to Zenity. The category is moving toward unified platform coverage that spans discovery, posture, detection, response, and governance across all agent deployment patterns.
NHIMG editorial — based on content published by Zenity: After RSA, Here Is What Comprehensive Agentic AI Security Actually Looks Like
By the numbers:
- The UK AISI research showed that agent tooling grew from roughly 5,000 to 177,000 tools in just over a year.
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
Questions worth separating out
Q: How should security teams govern AI agents across endpoint, SaaS, and cloud environments?
A: Security teams should govern AI agents as a multi-environment identity problem, not a single product category.
Q: Why is identity not enough for AI agent security?
A: Identity is necessary because it shows which agent holds access, but it is insufficient because it does not explain intent, action chaining, or runtime misuse.
Q: What do security teams get wrong about agentic AI security tools?
A: The most common mistake is treating agentic AI security as an extension of an existing category such as NHI, endpoint, or DSPM.
Practitioner guidance
- Map agent deployment patterns separately Inventory endpoint, SaaS, and custom agents as distinct control surfaces.
- Require runtime action-chain visibility Evaluate whether your controls can reconstruct sequences of tool calls, data reads, and outbound actions in real time.
- Define hard boundaries for non-negotiable actions Identify actions an agent should never perform, such as destructive production changes or external data exfiltration, and enforce those boundaries deterministically rather than relying on prompts or policy text.
What's in the full article
Zenity's full blog post covers the operational detail this post intentionally leaves for the source:
- Side-by-side examples of endpoint, SaaS, and custom agent deployment patterns that practitioners can use for internal scoping.
- Detailed vendor evaluation questions for posture management, runtime detection, and hard boundary enforcement.
- A fuller walkthrough of the four-pillar operating model, including discovery, AISPM, AIDR, and governance.
- The article's broader RSA 2026 market readout and additional links to related Zenity posts on agentic AI security.
👉 Read Zenity’s analysis of what comprehensive agentic AI security requires →
Agentic AI security at RSA 2026: are point tools enough?
Explore further
06/06/2026 11:44 am
Point products are the wrong mental model for agentic AI security. The market is repeating the same fragmentation cycle that security teams saw in cloud security, where separate tools covered posture, workload, entitlements, and runtime with no single operational picture. Agentic AI raises the same problem faster because the agent surface spans endpoint, SaaS, and custom environments at once. Practitioners should treat unified coverage as the category requirement, not a feature wish list.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether their agent controls are actually working?
A: Look for evidence that you can discover agents, trace their tool usage, detect anomalous action chains, and stop high-risk actions before execution. If your programme only reports after the fact, or only sees one deployment pattern, it is producing partial assurance rather than operational control.
👉 Read our full editorial: Agentic AI security needs platform coverage, not point products
