TL;DR: As AI agents become active participants in the digital workspace, the attack surface expands across email, collaboration, SaaS, and data flows, with Proofpoint positioning its platform around prompt injection, data governance, and Model Context Protocol controls. The governance challenge is no longer just protecting users, but controlling how people and agents consume, generate, and move sensitive data across shared workspaces.
NHIMG editorial — based on content published by Proofpoint: agentic workspace security and AI agent data governance
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.
Questions worth separating out
Q: How should security teams govern AI agents in shared workspaces?
A: Security teams should treat the workspace audience as part of the authorization decision.
Q: Why do AI agents complicate traditional IAM controls?
A: AI agents complicate traditional IAM controls because they do not behave like human users with short, predictable sessions.
Q: What breaks when prompt injection reaches a tool-using AI agent?
A: What breaks is the assumption that the model's output is low impact.
Practitioner guidance
- Inventory agent participation in collaboration workflows Map where AI assistants or agents can read email, chat, documents, and SaaS records, then identify which of those paths can also trigger actions or data movement.
- Wrap every MCP integration in policy and logging Require explicit approval boundaries, least privilege, and action logging for each MCP connection before exposing tools to agents.
- Classify prompt-bearing content as untrusted input Apply inspection and filtering to emails, messages, and documents that may carry instructions for agents, especially in Microsoft Teams, Slack, and similar collaboration channels.
What's in the full article
Proofpoint's full article covers the operational detail this post intentionally leaves for the source:
- Specific product workflow examples showing how Threat Interaction Map, Data Risk Map, and Secure Agent Gateway are intended to connect across channels
- Details on how Proofpoint Satori agents automate DLP alert handling, phishing simulations, and user-reported threat workflows
- The partner integration context for Microsoft Sentinel, Defender for Endpoint, and Purview, including the telemetry paths involved
- How Proofpoint describes MCP access for customer-deployed AI agents and partner ecosystems
👉 Read Proofpoint's analysis of the agentic workspace and AI agent security →
Agentic workspace security: what it means for data and AI control?
Explore further
Agentic workspace governance is now a data access problem, not just a productivity problem. When agents participate in work, the security question shifts from whether they can help to what they are allowed to see, infer, and execute. Collaboration platforms become control planes for sensitive information, which means IAM, data security, and NHI governance must align around task-scoped access and traceable action. Practitioners should treat agent participation as a governed access relationship, not a convenience feature.
A question worth separating out:
Q: Which frameworks should guide agentic workspace governance?
A: NIST AI Risk Management Framework, OWASP Agentic AI Top 10, and NIST Cybersecurity Framework all apply where AI agents interact with enterprise data and tools. Organisations should pair those with identity and access controls that define who or what may act, what can be accessed, and how actions are audited.
👉 Read our full editorial: Agentic workspace security exposes new data and MCP governance gaps