Microsoft Foundry agent runtime security: are your controls keeping up?

TL;DR: Enterprises using Microsoft Foundry are moving AI agents into production, but the real risk appears at runtime when agents chain actions, invoke tools, and cross data boundaries, creating new exposure for prompts, secrets, and unauthorized actions, according to Zenity. Static application controls are not enough once agents gain agency, and inline runtime enforcement becomes the decisive governance model.

NHIMG editorial — based on content published by Zenity: Securing Homegrown Agents in Runtime: The Value of Zenity + Microsoft Foundry

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.

Questions worth separating out

Q: How should security teams govern AI agents that invoke tools in enterprise workflows?

A: Security teams should govern the runtime, not just the deployment.

Q: Why do AI agents create a new identity governance problem for IAM teams?

A: AI agents create a new identity governance problem because they combine identity, action selection, and execution in one runtime.

Q: What breaks when prompt injection is not controlled in AI agent systems?

A: When prompt injection is not controlled, an attacker can redirect the agent's context, change tool use, and trigger unintended actions while the agent still appears trusted.

Practitioner guidance

• Map agent runtime as an identity surface Document every place the agent can choose an action, invoke a tool, or move data across trust boundaries.
• Bind tool use to live context Restrict tool invocation when untrusted data enters the session, and require policy evaluation against the current context window before any destructive or cross-system action can execute.
• Separate secret access from general agent capability Keep credentials, tokens, and API keys outside broad agent memory wherever possible, and revoke them from the current workflow path when the task no longer requires them.

What's in the full article

Zenity's full blog post covers the operational detail this post intentionally leaves for the source:

• Expanded walkthrough of inline prevention for prompt injection and agent hijacking across runtime action chains
• Specific examples of how agent-aware policy enforcement is applied to tool invocation, data leakage, and secret exposure
• The Foundry integration details that show where runtime checks sit inside the control plane
• Customer workflow scenarios for SharePoint, OneDrive, internal APIs, and SaaS-connected agents

👉 Read Zenity's analysis of runtime security for Microsoft Foundry agents →

Microsoft Foundry agent runtime security: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →