AI agent security testing: what it means for IAM teams

TL;DR: Straiker combines autonomous red teaming and runtime monitoring for AI agents, targeting prompt injection, data leakage, and abuse in production deployments while the company says it has raised $21 million and serves enterprise customers, according to WorkOS. The deeper lesson is that testing can validate behaviour, but it cannot replace identity, authorization, and audit foundations.

NHIMG editorial — based on content published by WorkOS: Straiker for AI Agent Security: Features, Pricing, and Alternatives

By the numbers:

• Straiker emerged in 2025 and raised $21 million from Lightspeed Venture Partners and Bain Capital Ventures.

Questions worth separating out

Q: How should security teams govern AI agents that can call tools and access data?

A: Treat the agent as a governed identity, not just an application feature.

Q: Why do AI security testing tools not replace IAM controls for agents?

A: Because testing answers whether the agent behaves safely, while IAM answers who may access it and under what conditions.

Q: What do teams get wrong when they rely only on runtime detection for AI agents?

A: They confuse visibility with governance.

Practitioner guidance

• Separate validation from authorisation Map AI security testing to the controls it can influence, then assign identity, access, and audit ownership to IAM or NHI governance teams.
• Inventory every agent-facing account and token List the service accounts, API keys, OAuth grants, and privileged API scopes attached to each deployed agent.
• Bind agent activity to attributable identity evidence Ensure logs capture the human approver, the agent instance, the connected workload identity, and the downstream tools invoked.

What's in the full article

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• Product-specific feature breakdown of Ascend AI and Defend AI across testing and runtime monitoring
• WorkOS's comparison of Straiker against alternative AI security approaches and buying considerations
• Enterprise positioning details, including pricing posture, certifications, and customer examples
• The vendor's own explanation of where AI security testing fits in a broader authentication architecture

👉 Read WorkOS's analysis of Straiker for AI agent security →

AI agent security testing: what it means for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →