TL;DR: Agentic purple teaming compresses red teaming and blue teaming into a continuous loop for generative AI, with autonomous agents simulating attacks and triggering remediation in the same platform, according to Lasso Security. The real shift is that AI security is becoming runtime governance, not periodic review, because static guardrails cannot keep pace with prompt injection, data leakage, and agentic workflows.
NHIMG editorial — based on content published by Lasso Security: Agentic Purple Teaming: A New Strategic Agentic AI Security Solution
Questions worth separating out
Q: How should security teams govern AI agents that can act on data and tools in real time?
A: Security teams should govern AI agents as runtime identities, not as static applications.
Q: Why do static guardrails fail against generative AI risk?
A: Static guardrails fail because generative AI behavior is not fixed.
Q: What breaks when AI security testing is done only in scheduled red team exercises?
A: Scheduled exercises miss the period when the system is actually changing, which is where most AI risk appears.
Practitioner guidance
- Map AI attack paths across model, app, and identity layers Inventory where LLMs, copilots, and agents can reach APIs, plugins, and service accounts, then test those paths separately so a model pass does not hide a workflow failure.
- Replace snapshot testing with continuous red-blue validation Run repeated simulations against prompt injection, jailbreaks, and data leakage, and feed the results into the same control plane that enforces guardrails and access policy.
- Define automated response boundaries before production use Set clear approval rules for actions such as blocking inputs, masking outputs, or tightening access so autonomous remediation remains auditable and bounded.
What's in the full article
Lasso Security's full blog post covers the operational detail this post intentionally leaves for the source:
- Step-by-step setup for AI red and blue teaming workflows across models, applications, and agents
- Configuration detail for attack categories such as prompt injection, jailbreaks, data leakage, and adversarial manipulation
- Example reporting views with severity scoring and simulated remediation outputs
- Platform workflow examples showing how continuous monitoring and automated protection are chained together
👉 Read Lasso Security's analysis of agentic purple teaming for AI security →
Agentic purple teaming: are your AI controls keeping up?
Explore further
Closed-loop AI security is becoming the new baseline for identity governance. Periodic testing is too slow when copilots and agents can touch data, tools, and APIs in real time. The practical shift is from review-driven assurance to continuous control validation, which is why AI security is now an identity problem as much as a model problem. Practitioners should treat runtime enforcement as the minimum viable control surface.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should be accountable when autonomous remediation changes AI controls automatically?
A: Accountability should sit with the team that owns the policy, the trigger conditions, and the audit trail for the automated action. If remediation can run without manual review, the organisation still needs a named owner for what the agent is allowed to change, when it can change it, and how evidence is preserved.
👉 Read our full editorial: Agentic purple teaming raises the bar for AI security testing
Closed-loop AI security is becoming the new baseline for identity governance. Periodic testing is too slow when copilots and agents can touch data, tools, and APIs in real time. The practical shift is from review-driven assurance to continuous control validation, which is why AI security is now an identity problem as much as a model problem. Practitioners should treat runtime enforcement as the minimum viable control surface.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should be accountable when autonomous remediation changes AI controls automatically?
A: Accountability should sit with the team that owns the policy, the trigger conditions, and the audit trail for the automated action. If remediation can run without manual review, the organisation still needs a named owner for what the agent is allowed to change, when it can change it, and how evidence is preserved.
👉 Read our full editorial: Agentic purple teaming raises the bar for AI security testing